Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help Removing Trojan Patched_c.LYT


  • This topic is locked This topic is locked
25 replies to this topic

#1 Glennifer

Glennifer

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 30 September 2012 - 08:59 PM

I downloaded AVG and it found trojan patched_c.LYT but it can't remove it. I have not been able to remove it manually either. Please help!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Glen Friesen at 13:25:39 on 2012-09-29
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2815.1213 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\vVX1000.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\vVX1000.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Erin Friesen\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\consent.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Glen Friesen\Downloads\Defogger.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sn114w.snt114.mail.live.com/default.aspx?wa=wsignin1.0
mStart Page = hxxp://en.ca.acer.yahoo.com
mDefault_Page_URL = hxxp://en.ca.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.5.34\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: TheBflix Class: {e0e6806d-5b29-4fdd-9aa1-17288a3ddd1c} - c:\programdata\thebflix\bhoclass.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.5.34\AVG Secure Search_toolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Chejepuxek] rundll32.exe "c:\users\glen friesen\appdata\local\uxepafebocovofa.dll",Startup
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [TELUS_McciTrayApp] c:\program files\telus\telus support centre\bin\McciTrayApp.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [LifeCamSetup] "E:\setupstb.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube Download - c:\users\glen friesen\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\glen friesen\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254 75.153.176.1
TCP: Interfaces\{4B89E525-B2FE-4E02-B769-D671257BBDE6} : DhcpNameServer = 192.168.1.254 75.153.176.1
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} -
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} -
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - c:\program files\turbotax 2010\ic2010pp.dll
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\turbotax 2011\ic2011pp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\windows\system32\hcrstco32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\glen friesen\appdata\roaming\mozilla\firefox\profiles\x5ghauhl.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://hotmail.com/
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.2.6\npsitesafety.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npEModelPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-9-17 51936]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 178656]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-8-10 35168]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-9-7 65848]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-8-13 176096]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-8-10 19808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-9-12 151648]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-9-14 89440]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-12 164704]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-21 27496]
R1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_42020.sys [2012-8-12 228376]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-9-7 71480]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-9-7 166840]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-8-20 5751928]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-8-20 184304]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-9-7 976728]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-9-21 722528]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-5-28 21520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-23 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-15 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-9-20 250288]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-23 135664]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2010-1-20 33792]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-21 129976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2008-3-16 269448]
.
=============== Created Last 30 ================
.
2012-09-29 01:58:49 -------- dc----w- c:\users\glen friesen\appdata\local\{7B3638EB-1392-4DBF-9158-C1706F1A9FB4}
2012-09-27 03:24:19 -------- dc----w- c:\users\glen friesen\appdata\local\{176BAC4A-EF81-423B-958F-9D8400132A4C}
2012-09-26 03:49:40 -------- dc----w- c:\programdata\XoftSpySE
2012-09-26 02:03:52 -------- dc----w- c:\users\glen friesen\appdata\local\{DD901649-85CB-4D82-98E1-EF4E3A812D78}
2012-09-23 20:14:11 -------- dc----w- c:\users\glen friesen\appdata\local\{09587E89-AB27-4391-87BA-21BB9D32FC16}
2012-09-22 17:32:38 -------- dc----w- c:\users\glen friesen\appdata\local\{78F462AE-532B-4967-A5FB-2C665ACE7012}
2012-09-22 02:39:12 -------- dc----w- c:\users\glen friesen\appdata\roaming\AVG2013
2012-09-22 02:37:48 -------- dc----w- c:\users\glen friesen\appdata\local\AVG Secure Search
2012-09-22 02:37:47 -------- dc----w- c:\users\glen friesen\appdata\roaming\TuneUp Software
2012-09-22 02:37:45 -------- dc----w- c:\programdata\AVG Secure Search
2012-09-22 02:37:39 27496 -c--a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-09-22 02:37:36 -------- dc----w- c:\program files\common files\AVG Secure Search
2012-09-22 02:37:35 -------- dc----w- c:\program files\AVG Secure Search
2012-09-22 02:35:09 -------- dc----w- c:\programdata\AVG2013
2012-09-22 02:31:06 -------- dc-h--w- c:\programdata\Common Files
2012-09-22 02:31:06 -------- dc----w- c:\users\glen friesen\appdata\local\MFAData
2012-09-22 02:31:06 -------- dc----w- c:\users\glen friesen\appdata\local\Avg2013
2012-09-22 02:15:18 -------- dc----w- c:\users\glen friesen\appdata\local\{4E4CDD3D-D54D-4D4E-91B8-12F021984FF7}
2012-09-21 03:50:01 696240 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 03:42:00 73136 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 03:28:34 11776 -c--a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2012-09-21 03:28:20 -------- dc----w- c:\program files\common files\xing shared
2012-09-21 03:28:12 150736 -c--a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2012-09-21 03:28:10 129176 -c--a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll
2012-09-21 02:48:18 -------- dc----w- c:\users\glen friesen\appdata\local\IIIU
2012-09-21 02:42:29 -------- dc----w- c:\users\glen friesen\appdata\local\{C6184DAE-7C2C-42BA-AB72-AD7A9E510054}
2012-09-20 03:46:58 26840 -c--a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-20 03:46:03 -------- dc----w- c:\program files\iPod
2012-09-20 03:46:01 -------- dc----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-20 03:46:01 -------- dc----w- c:\program files\iTunes
2012-09-20 03:36:33 -------- dc----w- c:\users\glen friesen\appdata\local\{C14AC68E-D277-45BE-834E-75420DB9040F}
2012-09-18 03:28:44 -------- dc----w- c:\users\glen friesen\appdata\local\{7416B60B-73B0-4C5E-AEDD-6E52E003EA99}
2012-09-18 00:58:56 51936 -c--a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-16 20:02:29 -------- dc----w- c:\users\glen friesen\appdata\local\{BF615F6D-D4EE-4502-A7D6-5AEB88739E19}
2012-09-14 02:06:11 -------- dc----w- c:\users\glen friesen\appdata\local\{6B307AFF-396D-4630-AD98-0E5C4EE8A3A7}
2012-09-13 03:10:32 -------- dc----w- c:\users\glen friesen\appdata\local\{1D1F5841-7B09-4114-BAC9-D6B1ADBE544A}
2012-09-12 17:47:22 164704 -c--a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-12 17:47:04 151648 -c--a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-07 17:07:30 65848 -c--a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-09-03 20:32:44 -------- dc----w- c:\users\glen friesen\appdata\local\{82AF551C-2F46-49F7-8996-BDFE03AA7C5A}
2012-09-02 00:47:44 -------- dc----w- c:\users\glen friesen\appdata\local\ElevatedDiagnostics
2012-09-02 00:33:34 -------- dc----w- c:\users\glen friesen\appdata\local\{BA03CF21-DACF-42D0-9E74-C6F8290BD92E}
2012-08-31 22:43:22 -------- dc----w- c:\users\glen friesen\appdata\local\{2255BDA8-D38F-438F-93F5-25DEA2BB7CE6}
.
==================== Find3M ====================
.
2012-09-21 03:28:03 499712 -c--a-w- c:\windows\system32\msvcp71.dll
2012-09-21 03:28:03 348160 -c--a-w- c:\windows\system32\msvcr71.dll
2012-08-21 19:01:22 106928 -c--a-w- c:\windows\system32\GEARAspi.dll
2012-08-13 22:40:54 176096 -c--a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 10:52:28 19808 -c--a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 10:52:18 35168 -c--a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 19:56:44 178656 -c--a-w- c:\windows\system32\drivers\avglogx.sys
2012-07-09 19:42:56 4547984 -c--a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 19:42:56 44032 -c--a-w- c:\windows\system32\drivers\usbaapl.sys
2012-07-04 14:02:46 2047488 -c--a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 13:26:57.97 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 PM

Posted 01 October 2012 - 12:25 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Glennifer

Glennifer
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 02 October 2012 - 10:21 PM

# AdwCleaner v2.003 - Logfile created 10/02/2012 at 20:58:43
# Updated 23/09/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Glen Friesen - GLENFRIESEN-PC
# Boot Mode : Normal
# Running from : C:\Users\Glen Friesen\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Glen Friesen\AppData\Roaming\Mozilla\Firefox\Profiles\x5ghauhl.default\searchplugins\Askcom.xml
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheBflix
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\TheBflix
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\Erin Friesen\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Erin Friesen\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Erin Friesen\AppData\LocalLow\TheBflix
Folder Deleted : C:\Users\Glen Friesen\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Glen Friesen\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Glen Friesen\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Glen Friesen\AppData\LocalLow\TheBflix
Folder Deleted : C:\Users\Glen Friesen\AppData\LocalLow\Viewpoint
Folder Deleted : C:\Users\GLENFR~1\AppData\Local\Temp\avg@toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{37476589-E48E-439E-A706-56189E2ED4C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Glen Friesen\AppData\Roaming\Mozilla\Firefox\Profiles\x5ghauhl.default\prefs.js

C:\Users\Glen Friesen\AppData\Roaming\Mozilla\Firefox\Profiles\x5ghauhl.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("extensions.4f97c4251be5d.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]

Profile name : default
File : C:\Users\Erin Friesen\AppData\Roaming\Mozilla\Firefox\Profiles\4biv6za3.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("extensions.4f97c4251be5d.scode", "(function(){try{if('aol.com,mystart.incredibar.com,prem[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Glen Friesen\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.36] : icon_url = "hxxps://isearch.avg.com/favicon.ico",
Deleted [l.39] : keyword = "isearch.avg.com",
Deleted [l.42] : search_url = "hxxps://isearch.avg.com/search?cid={FC39D737-A2E1-4729-B973-D705772CE21B}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}",

File : C:\Users\Erin Friesen\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [8100 octets] - [02/10/2012 20:58:43]

########## EOF - C:\AdwCleaner[S1].txt - [8160 octets] ##########

# AdwCleaner v2.003 - Logfile created 10/02/2012 at 20:58:43
# Updated 23/09/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Glen Friesen - GLENFRIESEN-PC
# Boot Mode : Normal
# Running from : C:\Users\Glen Friesen\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Glen Friesen\AppData\Roaming\Mozilla\Firefox\Profiles\x5ghauhl.default\searchplugins\Askcom.xml
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheBflix
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\TheBflix
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\Erin Friesen\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Erin Friesen\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Erin Friesen\AppData\LocalLow\TheBflix
Folder Deleted : C:\Users\Glen Friesen\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Glen Friesen\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Glen Friesen\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Glen Friesen\AppData\LocalLow\TheBflix
Folder Deleted : C:\Users\Glen Friesen\AppData\LocalLow\Viewpoint
Folder Deleted : C:\Users\GLENFR~1\AppData\Local\Temp\avg@toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{37476589-E48E-439E-A706-56189E2ED4C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Glen Friesen\AppData\Roaming\Mozilla\Firefox\Profiles\x5ghauhl.default\prefs.js

C:\Users\Glen Friesen\AppData\Roaming\Mozilla\Firefox\Profiles\x5ghauhl.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("extensions.4f97c4251be5d.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]

Profile name : default
File : C:\Users\Erin Friesen\AppData\Roaming\Mozilla\Firefox\Profiles\4biv6za3.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("extensions.4f97c4251be5d.scode", "(function(){try{if('aol.com,mystart.incredibar.com,prem[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Glen Friesen\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.36] : icon_url = "hxxps://isearch.avg.com/favicon.ico",
Deleted [l.39] : keyword = "isearch.avg.com",
Deleted [l.42] : search_url = "hxxps://isearch.avg.com/search?cid={FC39D737-A2E1-4729-B973-D705772CE21B}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}",

File : C:\Users\Erin Friesen\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [8100 octets] - [02/10/2012 20:58:43]

########## EOF - C:\AdwCleaner[S1].txt - [8160 octets] ##########

RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Glen Friesen [Admin rights]
Mode : Remove -- Date : 10/02/2012 21:08:39

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Chejepuxek (rundll32.exe "C:\Users\Glen Friesen\AppData\Local\uxepafebocovofa.dll",Startup) -> DELETED
[TASK][SUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\GLENFR~1\AppData\Local\Temp\IHUA9E5.tmp.exe -> DELETED
[TASK][SUSP PATH] {537EC359-652C-4CA2-8B72-9DB71B3C80EC} : C:\Windows\System32\pcalua.exe -a "C:\Users\Glen Friesen\Desktop\Torchmate\restoration.exe" -d "C:\Users\Glen Friesen\Desktop\Torchmate" -> DELETED
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Windows\ACER(W~1.SCR) -> REPLACED (C:\Windows\system32\logon.scr)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Glen Friesen\AppData\Local\{4d70d1e7-1c47-49c6-6ac7-d0ff34c51024}\n.) -> REPLACED (C:\Windows\system32\shell32.dll)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{4d70d1e7-1c47-49c6-6ac7-d0ff34c51024}\@ --> REMOVED AT REBOOT
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{4d70d1e7-1c47-49c6-6ac7-d0ff34c51024}\U\00000004.@ --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\Windows\Installer\{4d70d1e7-1c47-49c6-6ac7-d0ff34c51024}\U\00000008.@ --> REMOVED
[Del.Parent][FILE] 000000cb.@ : C:\Windows\Installer\{4d70d1e7-1c47-49c6-6ac7-d0ff34c51024}\U\000000cb.@ --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\Windows\Installer\{4d70d1e7-1c47-49c6-6ac7-d0ff34c51024}\U\80000000.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{4d70d1e7-1c47-49c6-6ac7-d0ff34c51024}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{4d70d1e7-1c47-49c6-6ac7-d0ff34c51024}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{4d70d1e7-1c47-49c6-6ac7-d0ff34c51024}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{4d70d1e7-1c47-49c6-6ac7-d0ff34c51024}\L --> REMOVED
[ZeroAccess][FILE] @ : C:\Users\Glen Friesen\AppData\Local\{4d70d1e7-1c47-49c6-6ac7-d0ff34c51024}\@ --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Users\Glen Friesen\AppData\Local\{4d70d1e7-1c47-49c6-6ac7-d0ff34c51024}\U\00000004.@ --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\Users\Glen Friesen\AppData\Local\{4d70d1e7-1c47-49c6-6ac7-d0ff34c51024}\U\00000008.@ --> REMOVED
[Del.Parent][FILE] 000000cb.@ : C:\Users\Glen Friesen\AppData\Local\{4d70d1e7-1c47-49c6-6ac7-d0ff34c51024}\U\000000cb.@ --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\Users\Glen Friesen\AppData\Local\{4d70d1e7-1c47-49c6-6ac7-d0ff34c51024}\U\80000000.@ --> REMOVED
[Del.Parent][FILE] 80000032.@ : C:\Users\Glen Friesen\AppData\Local\{4d70d1e7-1c47-49c6-6ac7-d0ff34c51024}\U\80000032.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\Glen Friesen\AppData\Local\{4d70d1e7-1c47-49c6-6ac7-d0ff34c51024}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Users\Glen Friesen\AppData\Local\{4d70d1e7-1c47-49c6-6ac7-d0ff34c51024}\L\00000004.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\Glen Friesen\AppData\Local\{4d70d1e7-1c47-49c6-6ac7-d0ff34c51024}\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC\Desktop.ini --> REMOVED AT REBOOT
[Susp.ASLR|Sig - ZeroAccess][FILE] services.exe : C:\Windows\system32\services.exe --> REPLACED AT REBOOT (C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe)

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD64 00AAKS-22A7B SCSI Disk Device +++++
--- User ---
[MBR] 02cf2d178c8b95b559265faa597f7f7a
[BSP] 119654dcb8dab7beaf2e2ce21471de44 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 20467712 | Size: 300374 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 635633664 | Size: 300110 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



I had 2 RKreports on my desktop. I copied and pasted them both.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 PM

Posted 03 October 2012 - 01:43 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Glennifer

Glennifer
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 03 October 2012 - 10:47 PM

Internet explorer and firefox crash when uploaded pictures or video and the computer runs a little slow sometimes. I reinstalled a earlier version of flash and the problem went away for a while but came back again,


ComboFix 12-10-03.03 - Glen Friesen 03/10/2012 21:29:44.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2815.1385 [GMT -6:00]
Running from: c:\users\Glen Friesen\Downloads\ComboFix.exe
AV: AVG Anti-Virus 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Erin Friesen\Documents\~WRD0000.tmp
c:\users\Erin Friesen\Documents\~WRD0001.tmp
c:\users\Glen Friesen\AppData\Local\{1103AF4A-1229-4F39-BCC5-CE902BC45B81}\chrome.manifest
c:\users\Glen Friesen\AppData\Local\{1103AF4A-1229-4F39-BCC5-CE902BC45B81}\chrome\content\overlay.xul
c:\users\Glen Friesen\AppData\Local\{1103AF4A-1229-4F39-BCC5-CE902BC45B81}\install.rdf
c:\users\Glen Friesen\AppData\Roaming\020000002b5c6767623C.manifest
c:\users\Glen Friesen\AppData\Roaming\020000002b5c6767623O.manifest
c:\users\Glen Friesen\AppData\Roaming\020000002b5c6767623P.manifest
c:\users\Glen Friesen\AppData\Roaming\020000002b5c6767623S.manifest
c:\users\Glen Friesen\Documents\~WRD0000.tmp
c:\users\Glen Friesen\Documents\~WRD0001.tmp
c:\users\Glen Friesen\Documents\~WRD0002.tmp
c:\users\Glen Friesen\Documents\~WRD0003.tmp
c:\users\Glen Friesen\Documents\~WRD0004.tmp
c:\users\Glen Friesen\Documents\~WRD2638.tmp
c:\users\Glen Friesen\Documents\~WRD3363.tmp
c:\users\Glen Friesen\Documents\~WRD3693.tmp
c:\windows\system32\4cV1TpDCSatdV.vbs
c:\windows\system32\8gXJfTbjVunsC.vbs
c:\windows\system32\C0nRr.vbs
c:\windows\system32\CohZCKz8lN6wV9U.vbs
c:\windows\system32\FuH17.vbs
c:\windows\system32\n760oUJclboDK.vbs
c:\windows\system32\NSLuyjWEPE2H6.vbs
c:\windows\system32\o5vnK.vbs
c:\windows\system32\pPVKo7OOu6Rbk.vbs
c:\windows\system32\TJgQy.vbs
.
-- Previous Run --
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
.
--------
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-04 to 2012-10-04 )))))))))))))))))))))))))))))))
.
.
2012-10-04 03:39 . 2012-10-04 03:39 -------- dc----w- c:\users\Glen Friesen\AppData\Local\temp
2012-10-04 03:39 . 2012-10-04 03:39 -------- dc----w- c:\users\Guest\AppData\Local\temp
2012-10-04 03:39 . 2012-10-04 03:39 -------- dc----w- c:\users\Erin Friesen\AppData\Local\temp
2012-10-04 03:39 . 2012-10-04 03:39 -------- dc----w- c:\users\Default\AppData\Local\temp
2012-10-03 03:05 . 2012-10-03 03:05 14080 -c--a-w- c:\windows\system32\drivers\TrueSight.sys
2012-10-01 00:43 . 2012-10-01 00:43 73696 -c--a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-10-01 00:43 . 2012-10-01 00:43 770384 -c--a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-10-01 00:43 . 2012-10-01 00:43 421200 -c--a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-09-23 17:09 . 2012-09-23 17:09 -------- dc----w- c:\users\Erin Friesen\AppData\Roaming\AVG2013
2012-09-23 17:09 . 2012-09-23 17:21 -------- dc----w- c:\users\Erin Friesen\AppData\Local\Avg2013
2012-09-22 02:39 . 2012-09-22 02:39 -------- dc----w- c:\users\Glen Friesen\AppData\Roaming\AVG2013
2012-09-22 02:37 . 2012-09-22 02:37 -------- dc----w- c:\users\Glen Friesen\AppData\Roaming\TuneUp Software
2012-09-22 02:37 . 2012-09-22 02:37 27496 -c--a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-09-22 02:37 . 2012-10-03 02:58 -------- dc----w- c:\program files\Common Files\AVG Secure Search
2012-09-22 02:31 . 2012-09-22 02:42 -------- dc----w- c:\users\Glen Friesen\AppData\Local\Avg2013
2012-09-22 02:31 . 2012-09-22 02:31 -------- dc----w- c:\users\Glen Friesen\AppData\Local\MFAData
2012-09-21 03:50 . 2012-09-21 04:13 696240 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 03:42 . 2012-09-21 04:13 73136 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 03:28 . 2012-09-21 03:28 11776 -c--a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2012-09-21 03:28 . 2012-09-21 03:28 -------- dc----w- c:\program files\Common Files\xing shared
2012-09-21 03:28 . 2012-09-21 03:28 150736 -c--a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2012-09-21 03:28 . 2012-09-21 03:28 129176 -c--a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2012-09-21 03:27 . 2012-09-21 03:28 -------- dc----w- c:\program files\Real
2012-09-21 02:48 . 2012-09-21 02:48 -------- dc----w- c:\users\Glen Friesen\AppData\Local\IIIU
2012-09-20 03:46 . 2012-08-21 19:01 26840 -c--a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-20 03:46 . 2012-09-20 03:46 -------- dc----w- c:\program files\iPod
2012-09-20 03:46 . 2012-09-20 03:46 -------- dc----w- c:\program files\iTunes
2012-09-18 00:58 . 2012-09-18 00:58 51936 -c--a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-14 11:34 . 2012-09-14 11:34 89440 -c--a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-09-12 17:47 . 2012-09-12 17:47 164704 -c--a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-12 17:47 . 2012-09-12 17:47 151648 -c--a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-07 17:07 . 2012-09-07 17:07 65848 -c--a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 03:28 . 2003-03-19 02:14 499712 -c--a-w- c:\windows\system32\msvcp71.dll
2012-09-21 03:28 . 2003-02-21 11:42 348160 -c--a-w- c:\windows\system32\msvcr71.dll
2012-08-21 19:01 . 2009-09-16 03:47 106928 -c--a-w- c:\windows\system32\GEARAspi.dll
2012-08-13 22:40 . 2012-08-13 22:40 176096 -c--a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 10:52 . 2012-08-10 10:52 19808 -c--a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 10:52 . 2012-08-10 10:52 35168 -c--a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 19:56 . 2012-08-09 19:56 178656 -c--a-w- c:\windows\system32\drivers\avglogx.sys
2012-07-09 19:42 . 2012-07-09 19:42 4547984 -c--a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 19:42 . 2012-07-09 19:42 44032 -c--a-w- c:\windows\system32\drivers\usbaapl.sys
2012-10-01 00:43 . 2012-08-22 04:29 266720 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2006-11-02 . 7F15B4953378C8B5161D65C26D5FED4D . 11776 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
.
c:\windows\System32\cngaudit.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 4702208]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-10 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-26 204908]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-12-07 196128]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"VX1000"="c:\windows\vVX1000.exe" [2009-06-27 757248]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-09-21 296096]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-09-14 3039352]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-16 535336]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R4 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - RapportIaso
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 04:13]
.
2012-10-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2489832424-1445258919-586943893-1001Core.job
- c:\users\Erin Friesen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-08 02:46]
.
2012-10-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2489832424-1445258919-586943893-1001UA.job
- c:\users\Erin Friesen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-08 02:46]
.
2012-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-23 14:12]
.
2012-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-23 14:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sn114w.snt114.mail.live.com/default.aspx?wa=wsignin1.0
mStart Page = hxxp://en.ca.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Glen Friesen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Glen Friesen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.254 75.153.176.1
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\TurboTax 2011\ic2011pp.dll
FF - ProfilePath - c:\users\Glen Friesen\AppData\Roaming\Mozilla\Firefox\Profiles\x5ghauhl.default\
FF - prefs.js: browser.startup.homepage - hxxp://hotmail.com/
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{E0E6806D-5B29-4FDD-9AA1-17288A3DDD1C} - c:\programdata\TheBflix\bhoclass.dll
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
HKLM-Run-TELUS_McciTrayApp - c:\program files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
HKLM-Run-LifeCamSetup - E:\setupstb.exe
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-03 21:39
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1788)
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Completion time: 2012-10-03 21:41:53
ComboFix-quarantined-files.txt 2012-10-04 03:41
.
Pre-Run: 76,212,051,968 bytes free
Post-Run: 75,394,592,768 bytes free
.
- - End Of File - - D66739910F0F53BFE3961448472E9E2B

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 PM

Posted 04 October 2012 - 12:19 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Glennifer

Glennifer
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 04 October 2012 - 10:50 PM

Here's the tdsskiller report: 21:14:17.0551 6728 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:14:18.0034 6728 ============================================================
21:14:18.0034 6728 Current date / time: 2012/10/04 21:14:18.0034
21:14:18.0034 6728 SystemInfo:
21:14:18.0034 6728
21:14:18.0034 6728 OS Version: 6.0.6002 ServicePack: 2.0
21:14:18.0034 6728 Product type: Workstation
21:14:18.0034 6728 ComputerName: GLENFRIESEN-PC
21:14:18.0034 6728 UserName: Glen Friesen
21:14:18.0034 6728 Windows directory: C:\Windows
21:14:18.0050 6728 System windows directory: C:\Windows
21:14:18.0050 6728 Processor architecture: Intel x86
21:14:18.0050 6728 Number of processors: 4
21:14:18.0050 6728 Page size: 0x1000
21:14:18.0050 6728 Boot type: Normal boot
21:14:18.0050 6728 ============================================================
21:14:18.0877 6728 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:14:18.0892 6728 Drive \Device\Harddisk6\DR6 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:14:18.0892 6728 ============================================================
21:14:18.0892 6728 \Device\Harddisk0\DR0:
21:14:18.0892 6728 MBR partitions:
21:14:18.0892 6728 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0x1385000, BlocksNum 0x24AAB000
21:14:18.0892 6728 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x25E30000, BlocksNum 0x24A277F8
21:14:18.0892 6728 \Device\Harddisk6\DR6:
21:14:18.0892 6728 MBR partitions:
21:14:18.0892 6728 \Device\Harddisk6\DR6\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
21:14:18.0892 6728 ============================================================
21:14:18.0908 6728 C: <-> \Device\Harddisk0\DR0\Partition1
21:14:18.0986 6728 D: <-> \Device\Harddisk0\DR0\Partition2
21:14:19.0017 6728 N: <-> \Device\Harddisk6\DR6\Partition1
21:14:19.0017 6728 ============================================================
21:14:19.0017 6728 Initialize success
21:14:19.0017 6728 ============================================================
21:14:22.0028 4284 ============================================================
21:14:22.0028 4284 Scan started
21:14:22.0028 4284 Mode: Manual;
21:14:22.0028 4284 ============================================================
21:14:23.0635 4284 ================ Scan system memory ========================
21:14:23.0635 4284 System memory - ok
21:14:23.0635 4284 ================ Scan services =============================
21:14:23.0837 4284 [ 517D30057C726C797764BFD70A55D82A ] Acer HomeMedia Connect Service C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
21:14:23.0837 4284 Acer HomeMedia Connect Service - ok
21:14:23.0915 4284 [ E91F2444DF54E725DDBBDDB7FBCE71F5 ] AcerMemUsageCheckService C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
21:14:23.0915 4284 AcerMemUsageCheckService - ok
21:14:24.0087 4284 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
21:14:24.0087 4284 ACPI - ok
21:14:24.0196 4284 [ 765FE0463E711E5A68AC7B69538ED922 ] AdobeActiveFileMonitor8.0 C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
21:14:24.0196 4284 AdobeActiveFileMonitor8.0 - ok
21:14:24.0321 4284 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:14:24.0321 4284 AdobeFlashPlayerUpdateSvc - ok
21:14:24.0368 4284 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:14:24.0383 4284 adp94xx - ok
21:14:24.0415 4284 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:14:24.0430 4284 adpahci - ok
21:14:24.0461 4284 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:14:24.0477 4284 adpu160m - ok
21:14:24.0493 4284 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:14:24.0508 4284 adpu320 - ok
21:14:24.0539 4284 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:14:24.0539 4284 AeLookupSvc - ok
21:14:24.0617 4284 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
21:14:24.0617 4284 AFD - ok
21:14:24.0649 4284 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:14:24.0649 4284 agp440 - ok
21:14:24.0664 4284 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:14:24.0664 4284 aic78xx - ok
21:14:24.0680 4284 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
21:14:24.0695 4284 ALG - ok
21:14:24.0711 4284 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
21:14:24.0711 4284 aliide - ok
21:14:24.0758 4284 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:14:24.0758 4284 amdagp - ok
21:14:24.0773 4284 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
21:14:24.0773 4284 amdide - ok
21:14:24.0789 4284 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
21:14:24.0789 4284 AmdK7 - ok
21:14:24.0805 4284 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:14:24.0805 4284 AmdK8 - ok
21:14:24.0836 4284 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
21:14:24.0836 4284 Appinfo - ok
21:14:24.0945 4284 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:14:24.0945 4284 Apple Mobile Device - ok
21:14:24.0992 4284 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
21:14:24.0992 4284 arc - ok
21:14:25.0023 4284 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:14:25.0023 4284 arcsas - ok
21:14:25.0054 4284 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:14:25.0054 4284 AsyncMac - ok
21:14:25.0085 4284 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
21:14:25.0085 4284 atapi - ok
21:14:25.0132 4284 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:14:25.0148 4284 AudioEndpointBuilder - ok
21:14:25.0163 4284 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:14:25.0163 4284 Audiosrv - ok
21:14:25.0569 4284 [ 1D7D0D5D33D8B1507EC5FBFE332E5657 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
21:14:25.0725 4284 AVGIDSAgent - ok
21:14:25.0787 4284 [ 9E42E8B6BB7FD68F840003A9FC8F24C8 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
21:14:25.0787 4284 AVGIDSDriver - ok
21:14:25.0803 4284 [ CB77A9743A033E33F8409D235C683D99 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
21:14:25.0803 4284 AVGIDSHX - ok
21:14:25.0819 4284 [ 240F106B07CD9B522E2CD9E621618367 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
21:14:25.0819 4284 AVGIDSShim - ok
21:14:25.0865 4284 [ 7023142C545896D3538C9D36DDC57406 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
21:14:25.0865 4284 Avgldx86 - ok
21:14:25.0897 4284 [ 87E88A36279C8E5869270CC87F5BB7CD ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
21:14:25.0897 4284 Avglogx - ok
21:14:25.0943 4284 [ DACC0743F5313045D5CCA23F8A7CDF68 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
21:14:25.0943 4284 Avgmfx86 - ok
21:14:25.0975 4284 [ B8392B63D795A3DE866793220D3559EF ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
21:14:25.0975 4284 Avgrkx86 - ok
21:14:25.0990 4284 [ 69A4DF4CD2A15AACC0E8D2005D6A04BA ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
21:14:25.0990 4284 Avgtdix - ok
21:14:26.0037 4284 [ 3001E24F340D400BFF85935E5777FC5B ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
21:14:26.0037 4284 avgtp - ok
21:14:26.0068 4284 [ 42F11F37CC06D9AB6528AF2E215B8799 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
21:14:26.0068 4284 avgwd - ok
21:14:26.0115 4284 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
21:14:26.0115 4284 Beep - ok
21:14:26.0193 4284 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
21:14:26.0209 4284 BFE - ok
21:14:26.0333 4284 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
21:14:26.0349 4284 BITS - ok
21:14:26.0365 4284 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:14:26.0380 4284 blbdrive - ok
21:14:26.0458 4284 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:14:26.0489 4284 Bonjour Service - ok
21:14:26.0536 4284 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:14:26.0536 4284 bowser - ok
21:14:26.0583 4284 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:14:26.0583 4284 BrFiltLo - ok
21:14:26.0599 4284 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:14:26.0599 4284 BrFiltUp - ok
21:14:26.0630 4284 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
21:14:26.0630 4284 Browser - ok
21:14:26.0645 4284 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
21:14:26.0645 4284 Brserid - ok
21:14:26.0661 4284 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:14:26.0661 4284 BrSerWdm - ok
21:14:26.0692 4284 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:14:26.0692 4284 BrUsbMdm - ok
21:14:26.0708 4284 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:14:26.0708 4284 BrUsbSer - ok
21:14:26.0739 4284 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:14:26.0739 4284 BTHMODEM - ok
21:14:26.0864 4284 catchme - ok
21:14:26.0879 4284 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:14:26.0879 4284 cdfs - ok
21:14:26.0926 4284 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:14:26.0926 4284 cdrom - ok
21:14:26.0973 4284 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
21:14:26.0989 4284 CertPropSvc - ok
21:14:27.0020 4284 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
21:14:27.0020 4284 circlass - ok
21:14:27.0051 4284 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
21:14:27.0051 4284 CLFS - ok
21:14:27.0098 4284 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:14:27.0098 4284 clr_optimization_v2.0.50727_32 - ok
21:14:27.0160 4284 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:14:27.0160 4284 clr_optimization_v4.0.30319_32 - ok
21:14:27.0176 4284 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:14:27.0191 4284 cmdide - ok
21:14:27.0207 4284 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:14:27.0207 4284 Compbatt - ok
21:14:27.0207 4284 COMSysApp - ok
21:14:27.0223 4284 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:14:27.0223 4284 crcdisk - ok
21:14:27.0238 4284 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
21:14:27.0238 4284 Crusoe - ok
21:14:27.0285 4284 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:14:27.0285 4284 CryptSvc - ok
21:14:27.0332 4284 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:14:27.0347 4284 DcomLaunch - ok
21:14:27.0363 4284 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:14:27.0379 4284 DfsC - ok
21:14:27.0425 4284 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
21:14:27.0457 4284 DFSR - ok
21:14:27.0519 4284 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:14:27.0519 4284 Dhcp - ok
21:14:27.0550 4284 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
21:14:27.0550 4284 disk - ok
21:14:27.0613 4284 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:14:27.0613 4284 Dnscache - ok
21:14:27.0644 4284 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:14:27.0644 4284 dot3svc - ok
21:14:27.0675 4284 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
21:14:27.0675 4284 Dot4 - ok
21:14:27.0722 4284 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:14:27.0722 4284 Dot4Print - ok
21:14:27.0737 4284 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
21:14:27.0737 4284 dot4usb - ok
21:14:27.0784 4284 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
21:14:27.0784 4284 DPS - ok
21:14:27.0815 4284 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:14:27.0815 4284 drmkaud - ok
21:14:27.0878 4284 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:14:27.0893 4284 DXGKrnl - ok
21:14:27.0956 4284 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
21:14:27.0956 4284 E1G60 - ok
21:14:28.0003 4284 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
21:14:28.0003 4284 EapHost - ok
21:14:28.0049 4284 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
21:14:28.0049 4284 Ecache - ok
21:14:28.0127 4284 [ B7DC2580425225C320CEDA78DE55A3D0 ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
21:14:28.0143 4284 eDataSecurity Service - ok
21:14:28.0205 4284 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:14:28.0205 4284 ehRecvr - ok
21:14:28.0221 4284 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
21:14:28.0221 4284 ehSched - ok
21:14:28.0237 4284 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
21:14:28.0237 4284 ehstart - ok
21:14:28.0268 4284 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:14:28.0283 4284 elxstor - ok
21:14:28.0315 4284 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:14:28.0330 4284 EMDMgmt - ok
21:14:28.0361 4284 [ 59FCCAF915BA89DD98CADF08DA91AFEE ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
21:14:28.0361 4284 eRecoveryService - ok
21:14:28.0377 4284 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:14:28.0393 4284 ErrDev - ok
21:14:28.0455 4284 [ A9745687A57CDD71237915859ABA8DAC ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
21:14:28.0455 4284 eSettingsService - ok
21:14:28.0502 4284 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
21:14:28.0502 4284 EventSystem - ok
21:14:28.0549 4284 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
21:14:28.0549 4284 exfat - ok
21:14:28.0580 4284 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:14:28.0580 4284 fastfat - ok
21:14:28.0611 4284 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:14:28.0611 4284 fdc - ok
21:14:28.0627 4284 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
21:14:28.0627 4284 fdPHost - ok
21:14:28.0627 4284 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
21:14:28.0642 4284 FDResPub - ok
21:14:28.0658 4284 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:14:28.0673 4284 FileInfo - ok
21:14:28.0673 4284 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:14:28.0673 4284 Filetrace - ok
21:14:28.0751 4284 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:14:28.0767 4284 FLEXnet Licensing Service - ok
21:14:28.0783 4284 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:14:28.0783 4284 flpydisk - ok
21:14:28.0814 4284 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:14:28.0829 4284 FltMgr - ok
21:14:28.0876 4284 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
21:14:28.0892 4284 FontCache - ok
21:14:28.0985 4284 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:14:28.0985 4284 FontCache3.0.0.0 - ok
21:14:29.0079 4284 [ 9513B437B7ADB1E6065B7F0D83D11ECF ] FreeAgentGoNext Service C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
21:14:29.0079 4284 FreeAgentGoNext Service - ok
21:14:29.0110 4284 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:14:29.0110 4284 Fs_Rec - ok
21:14:29.0141 4284 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:14:29.0141 4284 gagp30kx - ok
21:14:29.0173 4284 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:14:29.0188 4284 GEARAspiWDM - ok
21:14:29.0219 4284 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
21:14:29.0235 4284 gpsvc - ok
21:14:29.0422 4284 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:14:29.0422 4284 gupdate - ok
21:14:29.0438 4284 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:14:29.0438 4284 gupdatem - ok
21:14:29.0485 4284 [ 1BF044E23206FDDC16891A32922D571B ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:14:29.0485 4284 gusvc - ok
21:14:29.0516 4284 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:14:29.0516 4284 HdAudAddService - ok
21:14:29.0547 4284 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:14:29.0563 4284 HDAudBus - ok
21:14:29.0609 4284 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:14:29.0609 4284 HidBth - ok
21:14:29.0625 4284 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
21:14:29.0641 4284 HidIr - ok
21:14:29.0656 4284 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
21:14:29.0656 4284 hidserv - ok
21:14:29.0687 4284 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:14:29.0687 4284 HidUsb - ok
21:14:29.0703 4284 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:14:29.0703 4284 hkmsvc - ok
21:14:29.0719 4284 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:14:29.0719 4284 HpCISSs - ok
21:14:29.0843 4284 [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:14:29.0859 4284 hpqcxs08 - ok
21:14:29.0906 4284 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:14:29.0921 4284 hpqddsvc - ok
21:14:29.0953 4284 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:14:29.0968 4284 HTTP - ok
21:14:30.0015 4284 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:14:30.0015 4284 i2omp - ok
21:14:30.0046 4284 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:14:30.0046 4284 i8042prt - ok
21:14:30.0062 4284 [ 580BFEC487C55264BFE3D60C3C24EEE1 ] iaStor C:\Windows\system32\drivers\iastor.sys
21:14:30.0077 4284 iaStor - ok
21:14:30.0093 4284 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:14:30.0093 4284 iaStorV - ok
21:14:30.0171 4284 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:14:30.0171 4284 IDriverT - ok
21:14:30.0311 4284 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:14:30.0327 4284 idsvc - ok
21:14:30.0358 4284 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:14:30.0358 4284 iirsp - ok
21:14:30.0421 4284 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
21:14:30.0436 4284 IKEEXT - ok
21:14:30.0483 4284 [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15 C:\Acer\Empowering Technology\eRecovery\int15.sys
21:14:30.0483 4284 int15 - ok
21:14:30.0608 4284 [ F6E17C275666A4402588A30E36565910 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:14:30.0670 4284 IntcAzAudAddService - ok
21:14:30.0701 4284 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
21:14:30.0701 4284 intelide - ok
21:14:30.0733 4284 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:14:30.0733 4284 intelppm - ok
21:14:30.0764 4284 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:14:30.0764 4284 IPBusEnum - ok
21:14:30.0779 4284 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:14:30.0779 4284 IpFilterDriver - ok
21:14:30.0795 4284 IpInIp - ok
21:14:30.0811 4284 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:14:30.0811 4284 IPMIDRV - ok
21:14:30.0842 4284 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:14:30.0842 4284 IPNAT - ok
21:14:30.0904 4284 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:14:30.0920 4284 iPod Service - ok
21:14:30.0935 4284 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:14:30.0935 4284 IRENUM - ok
21:14:30.0967 4284 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:14:30.0967 4284 isapnp - ok
21:14:30.0998 4284 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:14:30.0998 4284 iScsiPrt - ok
21:14:31.0013 4284 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:14:31.0013 4284 iteatapi - ok
21:14:31.0029 4284 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:14:31.0029 4284 iteraid - ok
21:14:31.0060 4284 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:14:31.0060 4284 kbdclass - ok
21:14:31.0060 4284 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:14:31.0076 4284 kbdhid - ok
21:14:31.0091 4284 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
21:14:31.0091 4284 KeyIso - ok
21:14:31.0138 4284 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:14:31.0154 4284 KSecDD - ok
21:14:31.0185 4284 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
21:14:31.0201 4284 KtmRm - ok
21:14:31.0232 4284 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
21:14:31.0247 4284 LanmanServer - ok
21:14:31.0263 4284 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:14:31.0294 4284 LanmanWorkstation - ok
21:14:31.0544 4284 [ 3C879D04BB6466E2853C3155B635CC45 ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
21:14:31.0700 4284 LeapFrog Connect Device Service - ok
21:14:31.0778 4284 [ 5CFFDA921FE0C9E9EBDE3150D3C81594 ] Leapfrog-USBLAN C:\Windows\system32\DRIVERS\btblan.sys
21:14:31.0778 4284 Leapfrog-USBLAN - ok
21:14:31.0856 4284 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:14:31.0856 4284 LightScribeService - ok
21:14:31.0871 4284 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:14:31.0871 4284 lltdio - ok
21:14:31.0903 4284 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:14:31.0903 4284 lltdsvc - ok
21:14:31.0903 4284 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:14:31.0918 4284 lmhosts - ok
21:14:31.0934 4284 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:14:31.0949 4284 LSI_FC - ok
21:14:31.0965 4284 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:14:31.0965 4284 LSI_SAS - ok
21:14:31.0981 4284 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:14:31.0981 4284 LSI_SCSI - ok
21:14:32.0012 4284 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
21:14:32.0012 4284 luafv - ok
21:14:32.0043 4284 [ 4F74184920B2D6E33024409B4C5C57C1 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
21:14:32.0043 4284 McciCMService - ok
21:14:32.0059 4284 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2svc.dll
21:14:32.0059 4284 Mcx2Svc - ok
21:14:32.0090 4284 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
21:14:32.0090 4284 megasas - ok
21:14:32.0152 4284 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
21:14:32.0152 4284 MegaSR - ok
21:14:32.0183 4284 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
21:14:32.0183 4284 MMCSS - ok
21:14:32.0183 4284 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
21:14:32.0183 4284 Modem - ok
21:14:32.0215 4284 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:14:32.0215 4284 monitor - ok
21:14:32.0230 4284 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:14:32.0246 4284 mouclass - ok
21:14:32.0246 4284 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:14:32.0246 4284 mouhid - ok
21:14:32.0261 4284 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:14:32.0261 4284 MountMgr - ok
21:14:32.0339 4284 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:14:32.0355 4284 MozillaMaintenance - ok
21:14:32.0371 4284 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
21:14:32.0371 4284 mpio - ok
21:14:32.0402 4284 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:14:32.0402 4284 mpsdrv - ok
21:14:32.0449 4284 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
21:14:32.0464 4284 MpsSvc - ok
21:14:32.0495 4284 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:14:32.0495 4284 Mraid35x - ok
21:14:32.0527 4284 [ 80B2EC735495823AE5771A5F603E73BD ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
21:14:32.0527 4284 MREMP50 - ok
21:14:32.0527 4284 MREMP50a64 - ok
21:14:32.0573 4284 MREMPR5 - ok
21:14:32.0573 4284 MRENDIS5 - ok
21:14:32.0651 4284 [ 37D7C22F7E26DA90E2D2D260E5D27846 ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
21:14:32.0651 4284 MRESP50 - ok
21:14:32.0651 4284 MRESP50a64 - ok
21:14:32.0683 4284 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:14:32.0683 4284 MRxDAV - ok
21:14:32.0714 4284 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:14:32.0714 4284 mrxsmb - ok
21:14:32.0729 4284 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:14:32.0745 4284 mrxsmb10 - ok
21:14:32.0745 4284 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:14:32.0761 4284 mrxsmb20 - ok
21:14:32.0776 4284 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
21:14:32.0776 4284 msahci - ok
21:14:32.0839 4284 [ 31E023681015C35EBFE1498B07813B87 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
21:14:32.0839 4284 MSCamSvc - ok
21:14:32.0854 4284 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:14:32.0854 4284 msdsm - ok
21:14:32.0870 4284 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
21:14:32.0870 4284 MSDTC - ok
21:14:32.0885 4284 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:14:32.0885 4284 Msfs - ok
21:14:32.0901 4284 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:14:32.0901 4284 msisadrv - ok
21:14:32.0917 4284 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:14:32.0917 4284 MSiSCSI - ok
21:14:32.0948 4284 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:14:32.0948 4284 MSKSSRV - ok
21:14:32.0963 4284 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:14:32.0963 4284 MSPCLOCK - ok
21:14:32.0979 4284 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:14:32.0979 4284 MSPQM - ok
21:14:33.0010 4284 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:14:33.0010 4284 MsRPC - ok
21:14:33.0026 4284 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:14:33.0026 4284 mssmbios - ok
21:14:33.0026 4284 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:14:33.0026 4284 MSTEE - ok
21:14:33.0041 4284 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
21:14:33.0041 4284 Mup - ok
21:14:33.0073 4284 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
21:14:33.0088 4284 napagent - ok
21:14:33.0135 4284 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:14:33.0135 4284 NativeWifiP - ok
21:14:33.0151 4284 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:14:33.0166 4284 NDIS - ok
21:14:33.0182 4284 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:14:33.0182 4284 NdisTapi - ok
21:14:33.0197 4284 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:14:33.0213 4284 Ndisuio - ok
21:14:33.0244 4284 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:14:33.0244 4284 NdisWan - ok
21:14:33.0260 4284 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:14:33.0260 4284 NDProxy - ok
21:14:33.0307 4284 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:14:33.0307 4284 Net Driver HPZ12 - ok
21:14:33.0322 4284 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:14:33.0322 4284 NetBIOS - ok
21:14:33.0353 4284 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:14:33.0353 4284 netbt - ok
21:14:33.0369 4284 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
21:14:33.0369 4284 Netlogon - ok
21:14:33.0400 4284 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
21:14:33.0400 4284 Netman - ok
21:14:33.0416 4284 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
21:14:33.0416 4284 netprofm - ok
21:14:33.0431 4284 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:14:33.0447 4284 NetTcpPortSharing - ok
21:14:33.0463 4284 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:14:33.0463 4284 nfrd960 - ok
21:14:33.0494 4284 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:14:33.0494 4284 NlaSvc - ok
21:14:33.0509 4284 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:14:33.0509 4284 Npfs - ok
21:14:33.0541 4284 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
21:14:33.0541 4284 nsi - ok
21:14:33.0541 4284 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:14:33.0556 4284 nsiproxy - ok
21:14:33.0603 4284 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:14:33.0650 4284 Ntfs - ok
21:14:33.0681 4284 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
21:14:33.0681 4284 NTIDrvr - ok
21:14:33.0697 4284 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
21:14:33.0697 4284 ntrigdigi - ok
21:14:33.0712 4284 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
21:14:33.0712 4284 Null - ok
21:14:33.0775 4284 [ D958A2B5F6AD5C3B8CCDC4D7DA62466C ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
21:14:33.0775 4284 NVENETFD - ok
21:14:33.0806 4284 [ A82534D453425F5FEE4B6A583FDCF3EB ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
21:14:33.0821 4284 NVHDA - ok
21:14:34.0305 4284 [ 712D98D35E68D0006B121F4A3B8EE814 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:14:34.0539 4284 nvlddmkm - ok
21:14:34.0601 4284 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:14:34.0601 4284 nvraid - ok
21:14:34.0648 4284 [ 6F5BB0B40D251351A913B61BA9D64B3F ] nvrd32 C:\Windows\system32\drivers\nvrd32.sys
21:14:34.0648 4284 nvrd32 - ok
21:14:34.0664 4284 [ 7EC12A73067BACA25A8E3E2A58AE83D8 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
21:14:34.0664 4284 nvsmu - ok
21:14:34.0695 4284 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:14:34.0695 4284 nvstor - ok
21:14:34.0711 4284 [ 689A2160B851F8BF88F20728FD2F30BD ] nvstor32 C:\Windows\system32\drivers\nvstor32.sys
21:14:34.0711 4284 nvstor32 - ok
21:14:34.0742 4284 [ 8E1424DDB7214A2CF78EC728413BECCD ] nvsvc C:\Windows\system32\nvvsvc.exe
21:14:34.0757 4284 nvsvc - ok
21:14:34.0773 4284 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:14:34.0773 4284 nv_agp - ok
21:14:34.0773 4284 NwlnkFlt - ok
21:14:34.0789 4284 NwlnkFwd - ok
21:14:34.0898 4284 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:14:34.0913 4284 odserv - ok
21:14:34.0976 4284 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:14:34.0976 4284 ohci1394 - ok
21:14:35.0023 4284 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:14:35.0023 4284 ose - ok
21:14:35.0069 4284 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:14:35.0085 4284 p2pimsvc - ok
21:14:35.0101 4284 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
21:14:35.0101 4284 p2psvc - ok
21:14:35.0116 4284 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
21:14:35.0132 4284 Parport - ok
21:14:35.0163 4284 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:14:35.0163 4284 partmgr - ok
21:14:35.0179 4284 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
21:14:35.0194 4284 Parvdm - ok
21:14:35.0225 4284 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
21:14:35.0225 4284 PcaSvc - ok
21:14:35.0257 4284 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
21:14:35.0257 4284 pci - ok
21:14:35.0272 4284 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
21:14:35.0272 4284 pciide - ok
21:14:35.0288 4284 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:14:35.0303 4284 pcmcia - ok
21:14:35.0335 4284 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:14:35.0350 4284 PEAUTH - ok
21:14:35.0428 4284 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
21:14:35.0475 4284 pla - ok
21:14:35.0506 4284 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:14:35.0522 4284 PlugPlay - ok
21:14:35.0553 4284 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:14:35.0553 4284 Pml Driver HPZ12 - ok
21:14:35.0569 4284 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:14:35.0569 4284 PNRPAutoReg - ok
21:14:35.0584 4284 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:14:35.0600 4284 PNRPsvc - ok
21:14:35.0647 4284 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:14:35.0662 4284 PolicyAgent - ok
21:14:35.0725 4284 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:14:35.0725 4284 PptpMiniport - ok
21:14:35.0740 4284 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
21:14:35.0740 4284 Processor - ok
21:14:35.0756 4284 Profos - ok
21:14:35.0803 4284 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
21:14:35.0803 4284 ProfSvc - ok
21:14:35.0818 4284 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
21:14:35.0818 4284 ProtectedStorage - ok
21:14:35.0849 4284 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:14:35.0849 4284 PSched - ok
21:14:35.0865 4284 [ AB94285FF6C6BC5433407D8D182A4BB4 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
21:14:35.0865 4284 PSDFilter - ok
21:14:35.0881 4284 [ 2AAF9A5D7A63D26BFAEA853C5F2292BC ] PSDNServ C:\Windows\system32\DRIVERS\PSDNServ.sys
21:14:35.0881 4284 PSDNServ - ok
21:14:35.0881 4284 [ 0EB8CEC99855BEAE5B0D02C2302619EF ] psdvdisk C:\Windows\system32\DRIVERS\PSDVdisk.sys
21:14:35.0896 4284 psdvdisk - ok
21:14:35.0943 4284 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
21:14:35.0943 4284 PxHelp20 - ok
21:14:35.0990 4284 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:14:36.0037 4284 ql2300 - ok
21:14:36.0068 4284 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:14:36.0068 4284 ql40xx - ok
21:14:36.0099 4284 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
21:14:36.0099 4284 QWAVE - ok
21:14:36.0115 4284 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:14:36.0115 4284 QWAVEdrv - ok
21:14:36.0317 4284 [ 9054C4B91761773F0EFA59BED70C54B6 ] RapportCerberus_42020 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys
21:14:36.0317 4284 RapportCerberus_42020 - ok
21:14:36.0473 4284 [ 224C195B31F19CC67DFCDDA6FFE403AE ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
21:14:36.0473 4284 RapportEI - ok
21:14:36.0520 4284 [ 35199EC35EDC7DCBA71FDA711DFB05C0 ] RapportIaso c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys
21:14:36.0520 4284 RapportIaso - ok
21:14:36.0551 4284 [ BEF9A6B068C2D0882D88A9B688457726 ] RapportKELL C:\Windows\system32\Drivers\RapportKELL.sys
21:14:36.0551 4284 RapportKELL - ok
21:14:36.0583 4284 [ B9B6D1593F1CDE5C886C47EFA6867FAB ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
21:14:36.0614 4284 RapportMgmtService - ok
21:14:36.0661 4284 [ C8FD0209314FB599AB305584873F5915 ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
21:14:36.0676 4284 RapportPG - ok
21:14:36.0692 4284 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:14:36.0692 4284 RasAcd - ok
21:14:36.0692 4284 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
21:14:36.0692 4284 RasAuto - ok
21:14:36.0707 4284 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:14:36.0707 4284 Rasl2tp - ok
21:14:36.0754 4284 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
21:14:36.0754 4284 RasMan - ok
21:14:36.0770 4284 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:14:36.0770 4284 RasPppoe - ok
21:14:36.0785 4284 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:14:36.0785 4284 RasSstp - ok
21:14:36.0817 4284 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:14:36.0817 4284 rdbss - ok
21:14:36.0848 4284 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:14:36.0848 4284 RDPCDD - ok
21:14:36.0863 4284 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
21:14:36.0879 4284 rdpdr - ok
21:14:36.0879 4284 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:14:36.0879 4284 RDPENCDD - ok
21:14:36.0910 4284 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:14:36.0910 4284 RDPWD - ok
21:14:36.0941 4284 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:14:36.0957 4284 RemoteAccess - ok
21:14:36.0973 4284 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:14:36.0988 4284 RemoteRegistry - ok
21:14:37.0004 4284 [ C1C132455200AD4704142442C89D0FA4 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
21:14:37.0004 4284 RichVideo - ok
21:14:37.0035 4284 [ 616EAC1B0E48B236A5A9B8AE07FDB81C ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
21:14:37.0035 4284 RimUsb - ok
21:14:37.0082 4284 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
21:14:37.0082 4284 RimVSerPort - ok
21:14:37.0082 4284 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
21:14:37.0097 4284 ROOTMODEM - ok
21:14:37.0129 4284 RoxLiveShare9 - ok
21:14:37.0144 4284 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
21:14:37.0144 4284 RpcLocator - ok
21:14:37.0175 4284 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
21:14:37.0175 4284 RpcSs - ok
21:14:37.0207 4284 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:14:37.0207 4284 rspndr - ok
21:14:37.0269 4284 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
21:14:37.0269 4284 SamSs - ok
21:14:37.0300 4284 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:14:37.0300 4284 sbp2port - ok
21:14:37.0347 4284 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:14:37.0363 4284 SCardSvr - ok
21:14:37.0456 4284 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
21:14:37.0472 4284 Schedule - ok
21:14:37.0503 4284 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:14:37.0503 4284 SCPolicySvc - ok
21:14:37.0534 4284 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:14:37.0534 4284 SDRSVC - ok
21:14:37.0550 4284 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:14:37.0550 4284 secdrv - ok
21:14:37.0565 4284 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
21:14:37.0565 4284 seclogon - ok
21:14:37.0581 4284 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
21:14:37.0581 4284 SENS - ok
21:14:37.0597 4284 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:14:37.0597 4284 Serenum - ok
21:14:37.0628 4284 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:14:37.0628 4284 Serial - ok
21:14:37.0675 4284 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:14:37.0675 4284 sermouse - ok
21:14:37.0706 4284 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
21:14:37.0706 4284 SessionEnv - ok
21:14:37.0721 4284 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:14:37.0737 4284 sffdisk - ok
21:14:37.0737 4284 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:14:37.0737 4284 sffp_mmc - ok
21:14:37.0753 4284 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:14:37.0753 4284 sffp_sd - ok
21:14:37.0768 4284 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:14:37.0768 4284 sfloppy - ok
21:14:37.0831 4284 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:14:37.0846 4284 ShellHWDetection - ok
21:14:37.0862 4284 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:14:37.0862 4284 sisagp - ok
21:14:37.0877 4284 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:14:37.0877 4284 SiSRaid2 - ok
21:14:37.0893 4284 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:14:37.0893 4284 SiSRaid4 - ok
21:14:37.0955 4284 [ DB0405D9AAD62F0762E0876AC142B7E1 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:14:37.0971 4284 SkypeUpdate - ok
21:14:38.0096 4284 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
21:14:38.0205 4284 slsvc - ok
21:14:38.0252 4284 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:14:38.0252 4284 SLUINotify - ok
21:14:38.0283 4284 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:14:38.0283 4284 Smb - ok
21:14:38.0330 4284 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:14:38.0330 4284 SNMPTRAP - ok
21:14:38.0392 4284 [ 4945020BC094C322571184A6E8056B3A ] SolidWorks Licensing Service C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
21:14:38.0392 4284 SolidWorks Licensing Service - ok
21:14:38.0423 4284 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
21:14:38.0423 4284 spldr - ok
21:14:38.0455 4284 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
21:14:38.0455 4284 Spooler - ok
21:14:38.0501 4284 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:14:38.0501 4284 srv - ok
21:14:38.0533 4284 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:14:38.0533 4284 srv2 - ok
21:14:38.0548 4284 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:14:38.0548 4284 srvnet - ok
21:14:38.0579 4284 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:14:38.0579 4284 SSDPSRV - ok
21:14:38.0611 4284 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:14:38.0611 4284 SstpSvc - ok
21:14:38.0642 4284 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
21:14:38.0657 4284 stisvc - ok
21:14:38.0657 4284 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:14:38.0657 4284 swenum - ok
21:14:38.0704 4284 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
21:14:38.0720 4284 swprv - ok
21:14:38.0735 4284 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:14:38.0735 4284 Symc8xx - ok
21:14:38.0767 4284 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:14:38.0767 4284 Sym_hi - ok
21:14:38.0798 4284 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:14:38.0798 4284 Sym_u3 - ok
21:14:38.0829 4284 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
21:14:38.0845 4284 SysMain - ok
21:14:38.0876 4284 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:14:38.0876 4284 TabletInputService - ok
21:14:38.0907 4284 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:14:38.0907 4284 TapiSrv - ok
21:14:38.0938 4284 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
21:14:38.0938 4284 TBS - ok
21:14:38.0969 4284 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:14:39.0001 4284 Tcpip - ok
21:14:39.0016 4284 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:14:39.0032 4284 Tcpip6 - ok
21:14:39.0079 4284 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:14:39.0079 4284 tcpipreg - ok
21:14:39.0125 4284 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:14:39.0125 4284 TDPIPE - ok
21:14:39.0141 4284 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:14:39.0141 4284 TDTCP - ok
21:14:39.0172 4284 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:14:39.0172 4284 tdx - ok
21:14:39.0172 4284 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:14:39.0188 4284 TermDD - ok
21:14:39.0219 4284 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
21:14:39.0235 4284 TermService - ok
21:14:39.0281 4284 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
21:14:39.0297 4284 Themes - ok
21:14:39.0313 4284 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
21:14:39.0313 4284 THREADORDER - ok
21:14:39.0328 4284 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
21:14:39.0328 4284 TrkWks - ok
21:14:39.0359 4284 [ C11362058918CD38C8B8D3E265DA80F5 ] TrueSight C:\Windows\system32\drivers\TrueSight.sys
21:14:39.0359 4284 TrueSight - ok
21:14:39.0406 4284 Trufos - ok
21:14:39.0437 4284 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:14:39.0437 4284 TrustedInstaller - ok
21:14:39.0453 4284 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:14:39.0453 4284 tssecsrv - ok
21:14:39.0469 4284 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:14:39.0484 4284 tunmp - ok
21:14:39.0500 4284 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:14:39.0500 4284 tunnel - ok
21:14:39.0515 4284 [ 97DD70FECA64FB4F63DE7BB7E66A80B1 ] tvicport C:\Windows\system32\drivers\tvicport.sys
21:14:39.0515 4284 tvicport - ok
21:14:39.0531 4284 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:14:39.0531 4284 uagp35 - ok
21:14:39.0562 4284 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:14:39.0578 4284 udfs - ok
21:14:39.0593 4284 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:14:39.0593 4284 UI0Detect - ok
21:14:39.0609 4284 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:14:39.0609 4284 uliagpkx - ok
21:14:39.0640 4284 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:14:39.0640 4284 uliahci - ok
21:14:39.0656 4284 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:14:39.0656 4284 UlSata - ok
21:14:39.0671 4284 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:14:39.0687 4284 ulsata2 - ok
21:14:39.0687 4284 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:14:39.0687 4284 umbus - ok
21:14:39.0718 4284 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
21:14:39.0734 4284 upnphost - ok
21:14:39.0765 4284 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
21:14:39.0765 4284 USBAAPL - ok
21:14:39.0812 4284 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:14:39.0812 4284 usbaudio - ok
21:14:39.0812 4284 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:14:39.0827 4284 usbccgp - ok
21:14:39.0843 4284 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:14:39.0843 4284 usbcir - ok
21:14:39.0874 4284 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:14:39.0874 4284 usbehci - ok
21:14:39.0905 4284 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:14:39.0905 4284 usbhub - ok
21:14:39.0905 4284 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:14:39.0905 4284 usbohci - ok
21:14:39.0937 4284 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:14:39.0937 4284 usbprint - ok
21:14:39.0983 4284 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:14:39.0983 4284 usbscan - ok
21:14:40.0015 4284 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:14:40.0015 4284 USBSTOR - ok
21:14:40.0030 4284 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:14:40.0030 4284 usbuhci - ok
21:14:40.0046 4284 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
21:14:40.0046 4284 UxSms - ok
21:14:40.0077 4284 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
21:14:40.0093 4284 vds - ok
21:14:40.0108 4284 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:14:40.0108 4284 vga - ok
21:14:40.0124 4284 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
21:14:40.0124 4284 VgaSave - ok
21:14:40.0139 4284 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:14:40.0139 4284 viaagp - ok
21:14:40.0155 4284 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
21:14:40.0171 4284 ViaC7 - ok
21:14:40.0186 4284 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
21:14:40.0186 4284 viaide - ok
21:14:40.0202 4284 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:14:40.0202 4284 volmgr - ok
21:14:40.0217 4284 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:14:40.0233 4284 volmgrx - ok
21:14:40.0264 4284 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:14:40.0264 4284 volsnap - ok
21:14:40.0295 4284 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:14:40.0295 4284 vsmraid - ok
21:14:40.0327 4284 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
21:14:40.0358 4284 VSS - ok
21:14:40.0467 4284 [ 40DBA03782BCC10685A8C200C5EBDCD0 ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
21:14:40.0529 4284 vToolbarUpdater12.2.6 - ok
21:14:40.0639 4284 [ 2FBF9E882FC28A315A86AA1F831C144E ] VX1000 C:\Windows\system32\DRIVERS\VX1000.sys
21:14:40.0685 4284 VX1000 - ok
21:14:40.0717 4284 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
21:14:40.0717 4284 W32Time - ok
21:14:40.0748 4284 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:14:40.0748 4284 WacomPen - ok
21:14:40.0763 4284 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:14:40.0763 4284 Wanarp - ok
21:14:40.0779 4284 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:14:40.0779 4284 Wanarpv6 - ok
21:14:40.0795 4284 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:14:40.0810 4284 wcncsvc - ok
21:14:40.0841 4284 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:14:40.0841 4284 WcsPlugInService - ok
21:14:40.0857 4284 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
21:14:40.0857 4284 Wd - ok
21:14:40.0888 4284 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:14:40.0904 4284 Wdf01000 - ok
21:14:40.0919 4284 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:14:40.0919 4284 WdiServiceHost - ok
21:14:40.0919 4284 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:14:40.0935 4284 WdiSystemHost - ok
21:14:40.0951 4284 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
21:14:40.0966 4284 WebClient - ok
21:14:40.0997 4284 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:14:40.0997 4284 Wecsvc - ok
21:14:40.0997 4284 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:14:41.0013 4284 wercplsupport - ok
21:14:41.0044 4284 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
21:14:41.0044 4284 WerSvc - ok
21:14:41.0075 4284 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:14:41.0091 4284 WinDefend - ok
21:14:41.0091 4284 WinHttpAutoProxySvc - ok
21:14:41.0122 4284 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:14:41.0122 4284 Winmgmt - ok
21:14:41.0309 4284 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
21:14:41.0325 4284 WinRM - ok
21:14:41.0372 4284 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:14:41.0387 4284 Wlansvc - ok
21:14:41.0590 4284 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:14:41.0653 4284 wlidsvc - ok
21:14:41.0668 4284 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:14:41.0668 4284 WmiAcpi - ok
21:14:41.0715 4284 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:14:41.0715 4284 wmiApSrv - ok
21:14:41.0762 4284 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:14:41.0777 4284 WMPNetworkSvc - ok
21:14:41.0793 4284 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:14:41.0809 4284 WPCSvc - ok
21:14:41.0824 4284 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:14:41.0840 4284 WPDBusEnum - ok
21:14:41.0871 4284 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
21:14:41.0871 4284 WpdUsb - ok
21:14:41.0965 4284 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:14:42.0027 4284 WPFFontCache_v0400 - ok
21:14:42.0043 4284 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:14:42.0043 4284 ws2ifsl - ok
21:14:42.0058 4284 WSearch - ok
21:14:42.0167 4284 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:14:42.0230 4284 wuauserv - ok
21:14:42.0261 4284 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:14:42.0261 4284 WUDFRd - ok
21:14:42.0277 4284 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:14:42.0292 4284 wudfsvc - ok
21:14:42.0339 4284 [ 40AC8590CC9006DBB99FFCB37879D4C6 ] zntport C:\Windows\system32\drivers\zntport.sys
21:14:42.0339 4284 zntport - ok
21:14:42.0355 4284 ================ Scan global ===============================
21:14:42.0370 4284 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:14:42.0417 4284 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:14:42.0448 4284 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:14:42.0479 4284 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
21:14:42.0495 4284 [Global] - ok
21:14:42.0495 4284 ================ Scan MBR ==================================
21:14:42.0511 4284 [ A863475757CC50891AA8458C415E4B25 ] \Device\Harddisk0\DR0
21:14:44.0710 4284 \Device\Harddisk0\DR0 - ok
21:14:44.0741 4284 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk6\DR6
21:14:44.0741 4284 \Device\Harddisk6\DR6 - ok
21:14:44.0741 4284 ================ Scan VBR ==================================
21:14:44.0757 4284 [ 387ABA6CC787A8FA9BA645238375F063 ] \Device\Harddisk0\DR0\Partition1
21:14:44.0757 4284 \Device\Harddisk0\DR0\Partition1 - ok
21:14:44.0773 4284 [ F981587D5CAD067CF05EF8358399F2A0 ] \Device\Harddisk0\DR0\Partition2
21:14:44.0773 4284 \Device\Harddisk0\DR0\Partition2 - ok
21:14:44.0773 4284 [ AAB004567835922FCF5515A028F11B7B ] \Device\Harddisk6\DR6\Partition1
21:14:44.0773 4284 \Device\Harddisk6\DR6\Partition1 - ok
21:14:44.0773 4284 ============================================================
21:14:44.0773 4284 Scan finished
21:14:44.0773 4284 ============================================================
21:14:44.0788 7008 Detected object count: 0
21:14:44.0788 7008 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-04 21:16:47
-----------------------------
21:16:47.962 OS Version: Windows 6.0.6002 Service Pack 2
21:16:47.963 Number of processors: 4 586 0xF0B
21:16:47.963 ComputerName: GLENFRIESEN-PC UserName: Glen Friesen
21:16:51.713 Initialize success
21:18:03.590 AVAST engine defs: 12100500
21:31:47.514 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006e
21:31:47.530 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 6
21:31:47.530 Disk 0 MBR read successfully
21:31:47.545 Disk 0 MBR scan
21:31:47.545 Disk 0 unknown MBR code
21:31:47.545 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9993 MB offset 63
21:31:47.577 Disk 0 Partition 2 80 (A) 06 FAT16 NTFS 300374 MB offset 20467712
21:31:47.592 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 300110 MB offset 635633664
21:31:47.608 Disk 0 scanning sectors +1250260984
21:31:47.686 Disk 0 scanning C:\Windows\system32\drivers
21:31:59.847 Service scanning
21:32:26.360 Modules scanning
21:32:34.378 Disk 0 trace - called modules:
21:32:34.409 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
21:32:34.409 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8d141400]
21:32:34.425 3 CLASSPNP.SYS[8979b8b3] -> nt!IofCallDriver -> [0x8c3ca4f0]
21:32:34.425 5 acpi.sys[896946bc] -> nt!IofCallDriver -> \Device\0000006e[0x8c4335b8]
21:32:36.687 AVAST engine scan C:\Windows
21:32:44.358 AVAST engine scan C:\Windows\system32
21:35:35.054 File: C:\Windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
21:37:50.870 AVAST engine scan C:\Windows\system32\drivers
21:38:17.117 AVAST engine scan C:\Users\Glen Friesen
21:49:13.916 Disk 0 MBR has been saved successfully to "C:\Users\Glen Friesen\Desktop\MBR.dat"
21:49:13.931 The log file has been saved successfully to "C:\Users\Glen Friesen\Desktop\aswMBR.txt"

Thanks a lot. I'm going out of town for the weekend, I will come back on monday or turesday.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 PM

Posted 04 October 2012 - 10:58 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 PM

Posted 09 October 2012 - 12:55 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Glennifer

Glennifer
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 09 October 2012 - 10:36 PM

Sorry for the delay. I was out of town on the long weekend and I went to bed before the latest scan was finished.
The computer seems to be better now but I haven't had much of a chance to use it lately. I will try it out tonight. I disabled AVG the same as last time I ran the combofix scan but this time it said that AVG was still running and the scan would continue at my risk, or something along those lines.

Here are the results:


ComboFix 12-10-08.03 - Glen Friesen 08/10/2012 21:03:54.3.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2815.1134 [GMT -6:00]
Running from: c:\users\Glen Friesen\Downloads\ComboFix.exe
Command switches used :: c:\users\Glen Friesen\Desktop\CFScript.txt
AV: AVG Anti-Virus 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
N:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-09-09 to 2012-10-09 )))))))))))))))))))))))))))))))
.
.
2012-10-09 03:15 . 2012-10-09 04:03 -------- dc----w- c:\users\Glen Friesen\AppData\Local\temp
2012-10-09 03:15 . 2012-10-09 04:03 -------- dc----w- c:\users\Erin Friesen\AppData\Local\temp
2012-10-09 03:15 . 2012-10-09 03:15 -------- dc----w- c:\users\Guest\AppData\Local\temp
2012-10-09 03:15 . 2012-10-09 03:15 -------- dc----w- c:\users\Default\AppData\Local\temp
2012-10-06 09:09 . 2012-09-19 06:59 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{FB46B7A4-04D6-43E7-87CA-5B0554614353}\mpengine.dll ERROR(0x00000005)
2012-10-05 00:49 . 2012-09-19 06:59 6980552 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll ERROR(0x00000005)
2012-10-03 03:05 . 2012-10-03 03:05 14080 -c--a-w- c:\windows\system32\drivers\TrueSight.sys
2012-10-01 00:43 . 2012-10-01 00:43 73696 -c--a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-10-01 00:43 . 2012-10-01 00:43 770384 -c--a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-10-01 00:43 . 2012-10-01 00:43 421200 -c--a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-09-23 17:09 . 2012-09-23 17:09 -------- dc----w- c:\users\Erin Friesen\AppData\Roaming\AVG2013
2012-09-23 17:09 . 2012-09-23 17:21 -------- dc----w- c:\users\Erin Friesen\AppData\Local\Avg2013
2012-09-22 02:39 . 2012-09-22 02:39 -------- dc----w- c:\users\Glen Friesen\AppData\Roaming\AVG2013
2012-09-22 02:37 . 2012-09-22 02:37 -------- dc----w- c:\users\Glen Friesen\AppData\Roaming\TuneUp Software
2012-09-22 02:37 . 2012-09-22 02:37 27496 -c--a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-09-22 02:37 . 2012-10-03 02:58 -------- dc----w- c:\program files\Common Files\AVG Secure Search
2012-09-22 02:31 . 2012-09-22 02:42 -------- dc----w- c:\users\Glen Friesen\AppData\Local\Avg2013
2012-09-22 02:31 . 2012-09-22 02:31 -------- dc----w- c:\users\Glen Friesen\AppData\Local\MFAData
2012-09-21 03:50 . 2012-09-21 04:13 696240 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 03:42 . 2012-09-21 04:13 73136 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 03:28 . 2012-09-21 03:28 11776 -c--a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2012-09-21 03:28 . 2012-09-21 03:28 -------- dc----w- c:\program files\Common Files\xing shared
2012-09-21 03:28 . 2012-09-21 03:28 150736 -c--a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2012-09-21 03:28 . 2012-09-21 03:28 129176 -c--a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2012-09-21 03:27 . 2012-09-21 03:28 -------- dc----w- c:\program files\Real
2012-09-21 02:48 . 2012-09-21 02:48 -------- dc----w- c:\users\Glen Friesen\AppData\Local\IIIU
2012-09-20 03:46 . 2012-08-21 19:01 26840 -c--a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-20 03:46 . 2012-09-20 03:46 -------- dc----w- c:\program files\iPod
2012-09-20 03:46 . 2012-09-20 03:46 -------- dc----w- c:\program files\iTunes
2012-09-18 00:58 . 2012-09-18 00:58 51936 -c--a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-14 11:34 . 2012-09-14 11:34 89440 -c--a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-09-12 17:47 . 2012-09-12 17:47 164704 -c--a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-12 17:47 . 2012-09-12 17:47 151648 -c--a-w- c:\windows\system32\drivers\avgldx86.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 03:28 . 2003-03-19 02:14 499712 -c--a-w- c:\windows\system32\msvcp71.dll
2012-09-21 03:28 . 2003-02-21 11:42 348160 -c--a-w- c:\windows\system32\msvcr71.dll
2012-09-19 06:59 . 2009-04-17 04:12 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)
2012-09-07 17:07 . 2012-09-07 17:07 65848 -c--a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-08-21 19:01 . 2009-09-16 03:47 106928 -c--a-w- c:\windows\system32\GEARAspi.dll
2012-08-13 22:40 . 2012-08-13 22:40 176096 -c--a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 10:52 . 2012-08-10 10:52 19808 -c--a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 10:52 . 2012-08-10 10:52 35168 -c--a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 19:56 . 2012-08-09 19:56 178656 -c--a-w- c:\windows\system32\drivers\avglogx.sys
2012-10-01 00:43 . 2012-08-22 04:29 266720 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 4702208]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-10 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-26 204908]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-12-07 196128]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"VX1000"="c:\windows\vVX1000.exe" [2009-06-27 757248]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-09-21 296096]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-09-14 3039352]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-16 535336]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R4 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 04:13]
.
2012-10-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2489832424-1445258919-586943893-1001Core.job
- c:\users\Erin Friesen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-08 02:46]
.
2012-10-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2489832424-1445258919-586943893-1001UA.job
- c:\users\Erin Friesen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-08 02:46]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-23 14:12]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-23 14:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sn114w.snt114.mail.live.com/default.aspx?wa=wsignin1.0
mStart Page = hxxp://en.ca.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Glen Friesen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Glen Friesen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.254 75.153.176.1
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\TurboTax 2011\ic2011pp.dll
FF - ProfilePath - c:\users\Glen Friesen\AppData\Roaming\Mozilla\Firefox\Profiles\x5ghauhl.default\
FF - prefs.js: browser.startup.homepage - hxxp://hotmail.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-08 22:03
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5728)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2013\avgrsx.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\AVG\AVG2013\avgidsagent.exe
c:\program files\AVG\AVG2013\avgwdsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG2013\avgnsx.exe
c:\windows\system32\WUDFHost.exe
c:\program files\AVG\AVG2013\avgemcx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Seagate\SeagateManager\Sync\MaxSync.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2012-10-08 22:06:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-09 04:06
ComboFix2.txt 2012-10-04 03:41
.
Pre-Run: 59,113,971,712 bytes free
Post-Run: 59,246,104,576 bytes free
.
- - End Of File - - 82E576EB8A442C7628AECE4F0A10A98F

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 PM

Posted 09 October 2012 - 10:48 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.5.2
Java™ 6 Update 24
TheBflix
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Glennifer

Glennifer
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 10 October 2012 - 11:07 PM

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.11.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Glen Friesen :: GLENFRIESEN-PC [administrator]

Protection: Enabled

10/10/2012 9:50:28 PM
mbam-log-2012-10-10 (21-50-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 260176
Time elapsed: 5 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:00:26 PM, on 10/10/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\vVX1000.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Glen Friesen\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sn114w.snt114.mail.live.com/default.aspx?wa=wsignin1.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
O8 - Extra context menu item: Free YouTube Download - C:\Users\Glen Friesen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Glen Friesen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (file missing)
O18 - Protocol: intu-qt2009 - {03947252-2355-4E9B-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (file missing)
O18 - Protocol: intu-tt2010 - {97A0575E-2309-4E75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll
O18 - Protocol: intu-tt2011 - {B3B5DAD9-E96D-45B4-B636-B6CF2F773DE1} - C:\Program Files\TurboTax 2011\ic2011pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

--
End of file - 13053 bytes

Computer crashed during a scan this time around. Blue screen, restarted "run windows normally"

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.11.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Glen Friesen :: GLENFRIESEN-PC [administrator]

Protection: Enabled

10/10/2012 9:50:28 PM
mbam-log-2012-10-10 (21-50-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 260176
Time elapsed: 5 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:00:26 PM, on 10/10/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\vVX1000.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Glen Friesen\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sn114w.snt114.mail.live.com/default.aspx?wa=wsignin1.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
O8 - Extra context menu item: Free YouTube Download - C:\Users\Glen Friesen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Glen Friesen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (file missing)
O18 - Protocol: intu-qt2009 - {03947252-2355-4E9B-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (file missing)
O18 - Protocol: intu-tt2010 - {97A0575E-2309-4E75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll
O18 - Protocol: intu-tt2011 - {B3B5DAD9-E96D-45B4-B636-B6CF2F773DE1} - C:\Program Files\TurboTax 2011\ic2011pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

--
End of file - 13053 bytes

Computer crashed during a scan this time around. Blue screen, restarted "run windows normally"

#13 Glennifer

Glennifer
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 10 October 2012 - 11:08 PM

Not sure why the double post. Sorry.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 PM

Posted 11 October 2012 - 12:01 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
      O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
      O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
      O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
      O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - Global Startup: Empowering Technology Launcher.lnk = ?
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Glennifer

Glennifer
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 11 October 2012 - 10:36 PM

Scan complete. No threats found. I was having a problem with MSOffice crashing when ever I tried to save anything. I will check and see how this is working now and get back to you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users