Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Driver has overrun a stack-based buffer


  • This topic is locked This topic is locked
24 replies to this topic

#1 jackbetal

jackbetal

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 03 October 2012 - 01:32 PM

My laptop keeps switching to a blue screen with the above message in it. At the end of the message before it closes it mentions aswebr.sys and then collecting data for crash dump.

Thank you for your consideration.



--------------------------------------------------------------------------------------------------------------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Claire at 18:57:18 on 2012-10-03
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.1232 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Windows\system32\dmwu.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Citrix\Receiver\Receiver.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Users\Claire\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Claire\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Claire\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Claire\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Claire\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Claire\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ie/
mStart Page = hxxp://search.gboxapp.com/
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\web assistant\Extension32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.5.34\AVG Secure Search_toolbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.5.34\AVG Secure Search_toolbar.dll
uRun: [WheresJames Startup Manager] c:\program files\wheresjames\startupmgr\StartupMgr.exe
uRun: [Google Update] "c:\users\claire\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"
mRun: [<NO NAME>]
mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [CitrixReceiver] "c:\programdata\microsoft\windows\start menu\programs\citrix\Receiver Updater.lnk"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
StartupFolder: c:\users\claire\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 89.101.160.5 89.101.160.4
TCP: Interfaces\{3BA9B9D1-A131-4FBF-8BD5-6CBA92391685} : DhcpNameServer = 89.101.160.5 89.101.160.4
TCP: Interfaces\{3BA9B9D1-A131-4FBF-8BD5-6CBA92391685}\4586F6D637F6E6835423032393 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3BA9B9D1-A131-4FBF-8BD5-6CBA92391685}\84C424D27455543545 : DhcpNameServer = 10.0.20.28 10.0.20.29
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\citrix\icacli~1\RSHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-9-17 51936]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 178656]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-8-10 35168]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-8-13 176096]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-8-10 19808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-9-12 151648]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-9-14 89440]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-12 164704]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-18 27496]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2012-4-25 67960]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-8-20 5751928]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-8-20 184304]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-9-5 722528]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-6-21 188760]
R2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [2012-9-25 1006448]
R3 AswebrMP;AswebrMP;c:\windows\system32\drivers\aswebr.sys [2012-10-2 16384]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347136]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-12 250288]
S3 Aswebr;Aswebr Service;c:\windows\system32\drivers\aswebr.sys [2012-10-2 16384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-2 1343400]
.
=============== Created Last 30 ================
.
2012-10-03 13:39:00 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-03 13:39:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-03 09:20:13 -------- d-----w- c:\users\claire\appdata\roaming\FK_Monitor
2012-10-03 09:19:14 -------- d-----w- c:\program files\FK_Monitor
2012-10-03 08:24:44 -------- d-----w- c:\users\claire\appdata\roaming\Malwarebytes
2012-10-03 08:24:16 -------- d-----w- c:\programdata\Malwarebytes
2012-10-02 20:27:24 -------- d--h--w- c:\programdata\kprologs
2012-10-02 20:03:49 16384 ----a-w- c:\windows\system32\drivers\aswebr.sys
2012-10-02 20:03:48 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2012-10-02 20:03:47 28160 ----a-w- c:\windows\system32\anim.dll
2012-10-02 20:03:47 258352 ----a-w- c:\windows\system32\unicows.dll
2012-10-02 20:03:47 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2012-10-02 20:03:47 -------- d-----w- c:\program files\ProKAward
2012-09-29 09:13:56 -------- d-----w- c:\users\claire\appdata\roaming\AVG2013
2012-09-29 09:11:46 -------- d-----w- c:\users\claire\appdata\roaming\TuneUp Software
2012-09-29 09:11:10 -------- d-----w- c:\program files\AVG Secure Search
2012-09-29 09:08:43 -------- d-----w- c:\programdata\AVG2013
2012-09-29 09:06:40 -------- d-----w- c:\users\claire\appdata\local\MFAData
2012-09-29 09:06:40 -------- d-----w- c:\users\claire\appdata\local\Avg2013
2012-09-28 20:35:10 -------- d-----w- c:\users\claire\appdata\local\ElevatedDiagnostics
2012-09-25 19:14:44 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-09-25 19:14:44 632656 ----a-w- c:\windows\system32\msvcr80.dll
2012-09-25 19:14:44 554832 ----a-w- c:\windows\system32\msvcp80.dll
2012-09-25 19:14:44 479232 ----a-w- c:\windows\system32\msvcm80.dll
2012-09-25 19:14:43 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-09-25 19:14:43 28160 ----a-w- c:\windows\system32\ImHttpComm.dll
2012-09-25 19:14:43 1006448 ----a-w- c:\windows\system32\dmwu.exe
2012-09-25 19:14:43 -------- d-----w- c:\windows\system32\ARFC
2012-09-25 19:14:42 -------- d-----w- c:\windows\system32\WNLT
2012-09-17 17:58:56 51936 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-12 10:47:22 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-12 10:47:04 151648 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
==================== Find3M ====================
.
2012-09-22 11:54:14 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-22 11:54:14 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-05 17:04:12 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-13 15:40:54 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 03:52:28 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 03:52:18 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 12:56:44 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys
.
============= FINISH: 18:57:58.74 ===============
------------------------------------------------------------------------------------------------------------------------------------------------------

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:54 AM

Posted 03 October 2012 - 07:32 PM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 jackbetal

jackbetal
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 04 October 2012 - 09:21 AM

Hey CatByte.

Thanks for the quick reply.

Here is the FRST.txt log as requested.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2012 01
Ran by SYSTEM at 04-10-2012 15:11:50
Running from F:\
Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [290816 2005-04-22] ()
HKLM\...\Run: [] [x]
HKLM\...\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\" [36864 2008-09-02] ()
HKLM\...\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" [x]
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [380088 2012-07-26] (Citrix Systems, Inc.)
HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [947808 2012-09-29] ()
HKLM\...\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [x]
HKLM\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [x]
HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [3039352 2012-09-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT [856160 2012-09-29] ()
HKU\Claire\...\Run: [WheresJames Startup Manager] C:\Program Files\WheresJames\StartupMgr\StartupMgr.exe [x]
HKU\Claire\...\Run: [Google Update] "C:\Users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-08-02] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 89.101.160.5 89.101.160.4
AppInit_DLLs: C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll
Startup: C:\Users\Claire\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 AVGIDSAgent; "C:\Program Files\AVG\AVG2013\avgidsagent.exe" [5751928 2012-08-19] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files\AVG\AVG2013\avgwdsvc.exe" [184304 2012-08-19] (AVG Technologies CZ, s.r.o.)
3 dlbt_device; C:\Windows\system32\dlbtcoms.exe -service [466944 2005-03-03] (Dell)
2 vToolbarUpdater12.2.6; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [722528 2012-09-05] ()
2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2012-09-03] ()
2 WebOptimizer; C:\Windows\System32\dmwu.exe [1006448 2012-09-13] ()

==================== Drivers (Whitelisted) ====================

3 Aswebr; C:\Windows\System32\DRIVERS\aswebr.sys [16384 2011-01-27] (Microsoft Corporation)
3 AswebrMP; C:\Windows\System32\DRIVERS\aswebr.sys [16384 2011-01-27] (Microsoft Corporation)
1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [176096 2012-08-13] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [51936 2012-09-17] (AVG Technologies CZ, s.r.o. )
1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [19808 2012-08-09] (AVG Technologies CZ, s.r.o. )
1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [151648 2012-09-12] (AVG Technologies CZ, s.r.o.)
0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [178656 2012-08-09] (AVG Technologies CZ, s.r.o.)
1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [89440 2012-09-13] (AVG Technologies CZ, s.r.o.)
0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35168 2012-08-09] (AVG Technologies CZ, s.r.o.)
1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [164704 2012-09-12] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [27496 2012-09-05] (AVG Technologies)
3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347136 2009-07-13] (Realtek Semiconductor Corporation )

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-10-03 13:58 - 2012-10-03 13:58 - 00144872 ____A C:\Windows\Minidump\100312-30856-01.dmp
2012-10-03 13:54 - 2012-10-03 13:54 - 00144864 ____A C:\Windows\Minidump\100312-33228-01.dmp
2012-10-03 10:06 - 2012-10-03 10:06 - 00294216 ____A C:\Users\Claire\Downloads\gmer.zip
2012-10-03 09:58 - 2012-10-03 10:23 - 00000000 ____D C:\Users\Claire\Desktop\New folder
2012-10-03 09:55 - 2012-10-03 09:55 - 00607260 ____R (Swearware) C:\Users\Claire\Downloads\dds.com
2012-10-03 09:54 - 2012-10-03 09:54 - 00000474 ____A C:\Users\Claire\Downloads\defogger_disable.log
2012-10-03 09:54 - 2012-10-03 09:54 - 00000000 ____A C:\Users\Claire\defogger_reenable
2012-10-03 09:53 - 2012-10-03 09:53 - 00050477 ____A C:\Users\Claire\Downloads\Defogger.exe
2012-10-03 09:48 - 2012-10-03 09:48 - 00144864 ____A C:\Windows\Minidump\100312-23899-01.dmp
2012-10-03 07:40 - 2012-10-03 07:41 - 00144864 ____A C:\Windows\Minidump\100312-22230-01.dmp
2012-10-03 06:02 - 2012-10-03 06:02 - 00144872 ____A C:\Windows\Minidump\100312-23571-01.dmp
2012-10-03 05:55 - 2012-10-03 05:55 - 00144864 ____A C:\Windows\Minidump\100312-22542-01.dmp
2012-10-03 05:39 - 2012-10-03 05:39 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-03 05:39 - 2012-10-03 05:39 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-10-03 05:39 - 2012-09-07 08:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-10-03 05:38 - 2012-10-03 05:38 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Claire\Downloads\mbam-setup-1.65.0.1400.exe
2012-10-03 05:10 - 2012-10-03 05:10 - 00144872 ____A C:\Windows\Minidump\100312-28392-01.dmp
2012-10-03 05:04 - 2012-10-03 05:29 - 00000000 ____D C:\Users\Claire\Desktop\dumpcheck
2012-10-03 01:27 - 2012-10-03 01:28 - 00144872 ____A C:\Windows\Minidump\100312-37331-01.dmp
2012-10-03 01:20 - 2012-10-03 01:22 - 00000000 ____D C:\Users\Claire\AppData\Roaming\FK_Monitor
2012-10-03 01:19 - 2012-10-03 04:51 - 00000000 ____D C:\Program Files\FK_Monitor
2012-10-03 01:18 - 2012-10-03 01:18 - 00000000 ____D C:\Users\Claire\Downloads\fkeyloggerzip
2012-10-03 01:16 - 2012-10-03 01:16 - 00609880 ____A C:\Users\Claire\Downloads\cbsidlm-tr1_7-Free_Keylogger-10419683.exe
2012-10-03 01:02 - 2012-10-03 01:02 - 00144864 ____A C:\Windows\Minidump\100312-25662-01.dmp
2012-10-03 00:47 - 2012-10-03 00:47 - 00144864 ____A C:\Windows\Minidump\100312-22370-01.dmp
2012-10-03 00:43 - 2012-10-03 00:44 - 00144872 ____A C:\Windows\Minidump\100312-25677-01.dmp
2012-10-03 00:39 - 2012-10-03 00:39 - 00144872 ____A C:\Windows\Minidump\100312-25880-01.dmp
2012-10-03 00:26 - 2012-10-03 00:26 - 00144872 ____A C:\Windows\Minidump\100312-36348-01.dmp
2012-10-03 00:24 - 2012-10-03 00:24 - 00000000 ____D C:\Users\Claire\AppData\Roaming\Malwarebytes
2012-10-03 00:24 - 2012-10-03 00:24 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-10-03 00:21 - 2012-10-03 00:21 - 10523968 ____A (Malwarebytes Corporation ) C:\Users\Claire\Downloads\mbam-setup.exe
2012-10-03 00:18 - 2012-10-03 00:19 - 20823816 ____A (SUPERAntiSpyware.com) C:\Users\Claire\Downloads\SUPERAntiSpyware.exe
2012-10-03 00:10 - 2012-10-03 00:10 - 00144872 ____A C:\Windows\Minidump\100312-35287-01.dmp
2012-10-03 00:03 - 2012-10-03 00:03 - 00144872 ____A C:\Windows\Minidump\100312-34023-01.dmp
2012-10-02 23:59 - 2012-10-02 23:59 - 00144864 ____A C:\Windows\Minidump\100312-35365-01.dmp
2012-10-02 23:47 - 2012-10-02 23:47 - 00144864 ____A C:\Windows\Minidump\100312-35708-01.dmp
2012-10-02 22:18 - 2012-10-02 22:18 - 00144864 ____A C:\Windows\Minidump\100312-36566-01.dmp
2012-10-02 15:44 - 2012-10-03 13:58 - 197774386 ____A C:\Windows\MEMORY.DMP
2012-10-02 15:44 - 2012-10-03 13:58 - 00000000 ____D C:\Windows\Minidump
2012-10-02 15:44 - 2012-10-02 15:44 - 00144872 ____A C:\Windows\Minidump\100312-38579-01.dmp
2012-10-02 13:39 - 2012-10-02 13:39 - 00000000 ____D C:\Users\Claire\Desktop\Insidious.2010.DVDRip.XviD-ViP3R
2012-10-02 12:27 - 2012-10-03 01:02 - 00000047 ____A C:\Windows\System32\E302AF636FDE.ini
2012-10-02 12:03 - 2012-10-03 01:28 - 00000000 ____D C:\Program Files\ProKAward
2012-10-02 12:03 - 2012-10-02 12:03 - 00000886 ____A C:\Award Keylogger Pro.lnk
2012-10-02 12:03 - 2011-01-27 07:28 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\aswebr.sys
2012-10-02 12:03 - 2009-05-13 10:35 - 01706800 ____A (Microsoft Corporation) C:\Windows\System32\gdiplus.dll
2012-10-02 12:03 - 2009-05-13 10:35 - 00258352 ____A (Microsoft Corporation) C:\Windows\System32\unicows.dll
2012-10-02 12:03 - 2009-05-13 10:35 - 00050688 ____A (Stardock.Net, Inc) C:\Windows\System32\wbhelp2.dll
2012-10-02 12:03 - 2009-05-13 10:35 - 00028160 ____A (Neil Banfield) C:\Windows\System32\anim.dll
2012-10-02 11:57 - 2012-10-02 11:58 - 00000000 ____D C:\Users\Claire\Downloads\Award Keylogger 2.18 incl crack
2012-10-02 11:57 - 2012-10-02 11:57 - 00002099 ____A C:\Users\Claire\Downloads\[kat.ph]award.keylogger.2.18.incl.crack.slicer.torrent
2012-10-02 11:56 - 2012-10-02 11:56 - 00261328 ____A C:\Users\Claire\Downloads\KGB_Key_Logger_4_5_4_Serial.exe
2012-10-02 11:44 - 2012-10-02 11:44 - 00001915 ____A C:\Users\Claire\Downloads\7516851C8413AEC3CB23203E43AAF977EFAADC48.torrent
2012-10-02 11:42 - 2012-10-02 11:50 - 00000000 ____D C:\Users\Claire\Downloads\Homeland S02E01 HDTV x264-EVOLVE[ettv]
2012-10-02 11:41 - 2012-10-02 11:41 - 00031389 ____A C:\Users\Claire\Downloads\[kat.ph]homeland.s02e01.hdtv.x264.evolve.ettv.torrent
2012-10-02 11:24 - 2012-10-02 11:24 - 00261408 ____A C:\Users\Claire\Downloads\Homeland_S02E01_HDTV_x264-EVOLVE[ettv]-HD-eztv.exe
2012-10-02 11:24 - 2012-10-02 11:24 - 00261408 ____A C:\Users\Claire\Downloads\Homeland_S02E01_HDTV_x264-EVOLVE[ettv]-HD-eztv (1).exe
2012-09-29 01:13 - 2012-09-29 01:13 - 00000000 ____D C:\Users\Claire\AppData\Roaming\AVG2013
2012-09-29 01:11 - 2012-09-29 01:11 - 00000935 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-09-29 01:11 - 2012-09-29 01:11 - 00000000 ____D C:\Users\Claire\AppData\Roaming\TuneUp Software
2012-09-29 01:11 - 2012-09-29 01:11 - 00000000 ____D C:\Program Files\AVG Secure Search
2012-09-29 01:08 - 2012-09-29 01:12 - 00000000 ____D C:\Users\All Users\AVG2013
2012-09-29 01:06 - 2012-10-02 11:51 - 00000000 ____D C:\Users\Claire\AppData\Local\Avg2013
2012-09-29 01:06 - 2012-09-29 01:06 - 00000000 ____D C:\Users\Claire\AppData\Local\MFAData
2012-09-28 12:30 - 2012-09-28 12:30 - 00347424 ____A (Microsoft Corporation) C:\Users\Claire\Downloads\MicrosoftFixit.Devices.Run.exe
2012-09-27 13:01 - 2012-09-27 13:01 - 00018142 ____A C:\Users\Claire\Desktop\December 2012 Exam entry acknowledgement.htm
2012-09-27 13:01 - 2012-09-27 13:01 - 00000000 ____D C:\Users\Claire\Desktop\December 2012 Exam entry acknowledgement_files
2012-09-27 12:36 - 2012-09-27 12:36 - 00033511 ____A C:\Users\Claire\Downloads\Attachments_2012_09_27.zip
2012-09-26 04:11 - 2012-09-26 04:11 - 08195368 ____A C:\Users\Claire\Downloads\Attachments_2012_09_26.zip
2012-09-26 03:59 - 2012-09-27 13:16 - 00000000 ____D C:\Users\Claire\Desktop\Statements
2012-09-26 03:33 - 2012-09-26 03:33 - 00904192 ____A C:\Users\Claire\Downloads\misrepresentation (1).ppt
2012-09-26 03:33 - 2012-09-26 03:33 - 00902144 ____A C:\Users\Claire\Downloads\misrepresentation.ppt
2012-09-25 11:14 - 2012-09-28 09:14 - 00000000 ____D C:\Windows\System32\WNLT
2012-09-25 11:14 - 2012-09-27 12:23 - 00000000 ____D C:\Windows\System32\ARFC
2012-09-25 11:14 - 2012-09-13 05:26 - 01006448 ____A C:\Windows\System32\dmwu.exe
2012-09-25 11:14 - 2012-09-13 05:24 - 00028160 ____A C:\Windows\System32\ImHttpComm.dll
2012-09-25 11:14 - 2011-06-10 14:58 - 00773968 ____A (Microsoft Corporation) C:\Windows\System32\msvcr100.dll
2012-09-25 11:14 - 2011-06-10 14:58 - 00421200 ____A (Microsoft Corporation) C:\Windows\System32\msvcp100.dll
2012-09-25 11:14 - 2011-05-13 15:17 - 00632656 ____A (Microsoft Corporation) C:\Windows\System32\msvcr80.dll
2012-09-25 11:14 - 2011-05-13 15:17 - 00554832 ____A (Microsoft Corporation) C:\Windows\System32\msvcp80.dll
2012-09-25 11:14 - 2011-05-13 15:17 - 00479232 ____A (Microsoft Corporation) C:\Windows\System32\msvcm80.dll
2012-09-25 11:14 - 2011-05-13 06:59 - 00001870 ____A C:\Windows\System32\Microsoft.VC80.CRT.manifest
2012-09-22 04:01 - 2012-09-22 04:01 - 00005860 ____A C:\Users\Claire\Desktop\Print Invoice Page.htm
2012-09-22 04:01 - 2012-09-22 04:01 - 00000000 ____D C:\Users\Claire\Desktop\Print Invoice Page_files
2012-09-17 09:58 - 2012-09-17 09:58 - 00051936 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidshx.sys
2012-09-13 20:34 - 2012-09-13 20:34 - 00089440 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx86.sys
2012-09-12 02:47 - 2012-09-12 02:47 - 00164704 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdix.sys
2012-09-12 02:47 - 2012-09-12 02:47 - 00151648 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx86.sys
2012-09-07 04:22 - 2012-09-07 04:22 - 00011026 ____A C:\Users\Claire\Downloads\Book1.xlsx
2012-09-07 04:21 - 2012-09-07 04:21 - 00011026 ____A C:\Users\Claire\Desktop\Book1.xlsx


==================== 3 Months Modified Files ==================

2012-10-04 05:54 - 2012-06-12 04:04 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-04 05:53 - 2011-08-02 16:44 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2852665561-1324931021-1180615828-1000UA.job
2012-10-04 05:53 - 2011-08-02 16:44 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2852665561-1324931021-1180615828-1000Core.job
2012-10-04 05:53 - 2011-08-02 13:07 - 01198502 ____A C:\Windows\WindowsUpdate.log
2012-10-03 13:58 - 2012-10-03 13:58 - 00144872 ____A C:\Windows\Minidump\100312-30856-01.dmp
2012-10-03 13:58 - 2012-10-02 15:44 - 197774386 ____A C:\Windows\MEMORY.DMP
2012-10-03 13:58 - 2012-08-13 10:52 - 00003584 ____A C:\Windows\setupact.log
2012-10-03 13:58 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-03 13:54 - 2012-10-03 13:54 - 00144864 ____A C:\Windows\Minidump\100312-33228-01.dmp
2012-10-03 10:06 - 2012-10-03 10:06 - 00294216 ____A C:\Users\Claire\Downloads\gmer.zip
2012-10-03 09:55 - 2012-10-03 09:55 - 00607260 ____R (Swearware) C:\Users\Claire\Downloads\dds.com
2012-10-03 09:54 - 2012-10-03 09:54 - 00000474 ____A C:\Users\Claire\Downloads\defogger_disable.log
2012-10-03 09:54 - 2012-10-03 09:54 - 00000000 ____A C:\Users\Claire\defogger_reenable
2012-10-03 09:53 - 2012-10-03 09:53 - 00050477 ____A C:\Users\Claire\Downloads\Defogger.exe
2012-10-03 09:48 - 2012-10-03 09:48 - 00144864 ____A C:\Windows\Minidump\100312-23899-01.dmp
2012-10-03 07:52 - 2010-11-20 13:01 - 00713888 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-03 07:41 - 2012-10-03 07:40 - 00144864 ____A C:\Windows\Minidump\100312-22230-01.dmp
2012-10-03 06:02 - 2012-10-03 06:02 - 00144872 ____A C:\Windows\Minidump\100312-23571-01.dmp
2012-10-03 05:55 - 2012-10-03 05:55 - 00144864 ____A C:\Windows\Minidump\100312-22542-01.dmp
2012-10-03 05:51 - 2012-08-13 10:52 - 00018292 ____A C:\Windows\PFRO.log
2012-10-03 05:39 - 2012-10-03 05:39 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-03 05:38 - 2012-10-03 05:38 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Claire\Downloads\mbam-setup-1.65.0.1400.exe
2012-10-03 05:10 - 2012-10-03 05:10 - 00144872 ____A C:\Windows\Minidump\100312-28392-01.dmp
2012-10-03 01:28 - 2012-10-03 01:27 - 00144872 ____A C:\Windows\Minidump\100312-37331-01.dmp
2012-10-03 01:16 - 2012-10-03 01:16 - 00609880 ____A C:\Users\Claire\Downloads\cbsidlm-tr1_7-Free_Keylogger-10419683.exe
2012-10-03 01:03 - 2011-08-02 16:41 - 00122488 ____A C:\Users\Claire\AppData\Local\GDIPFONTCACHEV1.DAT
2012-10-03 01:02 - 2012-10-03 01:02 - 00144864 ____A C:\Windows\Minidump\100312-25662-01.dmp
2012-10-03 01:02 - 2012-10-02 12:27 - 00000047 ____A C:\Windows\System32\E302AF636FDE.ini
2012-10-03 00:47 - 2012-10-03 00:47 - 00144864 ____A C:\Windows\Minidump\100312-22370-01.dmp
2012-10-03 00:44 - 2012-10-03 00:43 - 00144872 ____A C:\Windows\Minidump\100312-25677-01.dmp
2012-10-03 00:39 - 2012-10-03 00:39 - 00144872 ____A C:\Windows\Minidump\100312-25880-01.dmp
2012-10-03 00:26 - 2012-10-03 00:26 - 00144872 ____A C:\Windows\Minidump\100312-36348-01.dmp
2012-10-03 00:21 - 2012-10-03 00:21 - 10523968 ____A (Malwarebytes Corporation ) C:\Users\Claire\Downloads\mbam-setup.exe
2012-10-03 00:19 - 2012-10-03 00:18 - 20823816 ____A (SUPERAntiSpyware.com) C:\Users\Claire\Downloads\SUPERAntiSpyware.exe
2012-10-03 00:10 - 2012-10-03 00:10 - 00144872 ____A C:\Windows\Minidump\100312-35287-01.dmp
2012-10-03 00:03 - 2012-10-03 00:03 - 00144872 ____A C:\Windows\Minidump\100312-34023-01.dmp
2012-10-02 23:59 - 2012-10-02 23:59 - 00144864 ____A C:\Windows\Minidump\100312-35365-01.dmp
2012-10-02 23:47 - 2012-10-02 23:47 - 00144864 ____A C:\Windows\Minidump\100312-35708-01.dmp
2012-10-02 22:18 - 2012-10-02 22:18 - 00144864 ____A C:\Windows\Minidump\100312-36566-01.dmp
2012-10-02 15:44 - 2012-10-02 15:44 - 00144872 ____A C:\Windows\Minidump\100312-38579-01.dmp
2012-10-02 15:44 - 2009-07-13 20:53 - 00032544 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-02 12:03 - 2012-10-02 12:03 - 00000886 ____A C:\Award Keylogger Pro.lnk
2012-10-02 11:57 - 2012-10-02 11:57 - 00002099 ____A C:\Users\Claire\Downloads\[kat.ph]award.keylogger.2.18.incl.crack.slicer.torrent
2012-10-02 11:56 - 2012-10-02 11:56 - 00261328 ____A C:\Users\Claire\Downloads\KGB_Key_Logger_4_5_4_Serial.exe
2012-10-02 11:44 - 2012-10-02 11:44 - 00001915 ____A C:\Users\Claire\Downloads\7516851C8413AEC3CB23203E43AAF977EFAADC48.torrent
2012-10-02 11:41 - 2012-10-02 11:41 - 00031389 ____A C:\Users\Claire\Downloads\[kat.ph]homeland.s02e01.hdtv.x264.evolve.ettv.torrent
2012-10-02 11:24 - 2012-10-02 11:24 - 00261408 ____A C:\Users\Claire\Downloads\Homeland_S02E01_HDTV_x264-EVOLVE[ettv]-HD-eztv.exe
2012-10-02 11:24 - 2012-10-02 11:24 - 00261408 ____A C:\Users\Claire\Downloads\Homeland_S02E01_HDTV_x264-EVOLVE[ettv]-HD-eztv (1).exe
2012-09-29 01:11 - 2012-09-29 01:11 - 00000935 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-09-28 13:30 - 2009-07-13 20:34 - 00040192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-28 13:30 - 2009-07-13 20:34 - 00040192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-28 12:30 - 2012-09-28 12:30 - 00347424 ____A (Microsoft Corporation) C:\Users\Claire\Downloads\MicrosoftFixit.Devices.Run.exe
2012-09-28 09:35 - 2011-08-02 16:45 - 00002454 ____A C:\Users\Claire\Desktop\Google Chrome.lnk
2012-09-27 13:01 - 2012-09-27 13:01 - 00018142 ____A C:\Users\Claire\Desktop\December 2012 Exam entry acknowledgement.htm
2012-09-27 12:36 - 2012-09-27 12:36 - 00033511 ____A C:\Users\Claire\Downloads\Attachments_2012_09_27.zip
2012-09-26 04:11 - 2012-09-26 04:11 - 08195368 ____A C:\Users\Claire\Downloads\Attachments_2012_09_26.zip
2012-09-26 03:33 - 2012-09-26 03:33 - 00904192 ____A C:\Users\Claire\Downloads\misrepresentation (1).ppt
2012-09-26 03:33 - 2012-09-26 03:33 - 00902144 ____A C:\Users\Claire\Downloads\misrepresentation.ppt
2012-09-22 04:01 - 2012-09-22 04:01 - 00005860 ____A C:\Users\Claire\Desktop\Print Invoice Page.htm
2012-09-22 03:54 - 2012-06-12 04:03 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-09-22 03:54 - 2011-11-12 15:57 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-09-17 09:58 - 2012-09-17 09:58 - 00051936 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidshx.sys
2012-09-13 20:34 - 2012-09-13 20:34 - 00089440 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx86.sys
2012-09-13 05:26 - 2012-09-25 11:14 - 01006448 ____A C:\Windows\System32\dmwu.exe
2012-09-13 05:24 - 2012-09-25 11:14 - 00028160 ____A C:\Windows\System32\ImHttpComm.dll
2012-09-12 02:47 - 2012-09-12 02:47 - 00164704 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdix.sys
2012-09-12 02:47 - 2012-09-12 02:47 - 00151648 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx86.sys
2012-09-07 08:04 - 2012-10-03 05:39 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-07 04:22 - 2012-09-07 04:22 - 00011026 ____A C:\Users\Claire\Downloads\Book1.xlsx
2012-09-07 04:21 - 2012-09-07 04:21 - 00011026 ____A C:\Users\Claire\Desktop\Book1.xlsx
2012-09-05 09:04 - 2012-08-18 10:29 - 00027496 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2012-08-29 12:55 - 2012-08-29 12:51 - 295898582 ____A C:\Users\Claire\Downloads\The 7 Habits Of Highly Effective People by Stephen Covey.RAR
2012-08-29 12:51 - 2012-08-29 12:51 - 00023855 ____A C:\Users\Claire\Downloads\9F2DFEC559A3A2A333DF2847ED7359BC7A2227B7.torrent
2012-08-29 12:50 - 2012-08-29 12:50 - 00001953 ____A C:\Users\Claire\Downloads\A5C3F54C1CFBD5CCAF21BEE7D5F73E993EFCD913.torrent
2012-08-29 12:35 - 2012-08-29 12:35 - 00030825 ____A C:\Users\Claire\Downloads\D39A03659FDB109303ABCC9582E3344A1B2B1F80 (1).torrent
2012-08-29 12:35 - 2012-08-29 12:35 - 00028380 ____A C:\Users\Claire\Downloads\3812924B98B648DFE9F91092F41D5949815A145C (2).torrent
2012-08-29 12:35 - 2012-08-29 12:35 - 00025358 ____A C:\Users\Claire\Downloads\FD97679D6273E26EFF7752CCEA0F69622A9604B9 (1).torrent
2012-08-28 14:29 - 2012-08-28 14:29 - 00030825 ____A C:\Users\Claire\Downloads\D39A03659FDB109303ABCC9582E3344A1B2B1F80.torrent
2012-08-28 14:04 - 2012-08-28 14:04 - 00028380 ____A C:\Users\Claire\Downloads\3812924B98B648DFE9F91092F41D5949815A145C.torrent
2012-08-28 14:04 - 2012-08-28 14:04 - 00028380 ____A C:\Users\Claire\Downloads\3812924B98B648DFE9F91092F41D5949815A145C (1).torrent
2012-08-28 14:03 - 2012-08-28 14:03 - 00025358 ____A C:\Users\Claire\Downloads\FD97679D6273E26EFF7752CCEA0F69622A9604B9.torrent
2012-08-23 08:58 - 2012-08-23 08:58 - 00138041 ____A C:\Users\Claire\Downloads\Unconfirmed 815112.crdownload
2012-08-23 04:19 - 2012-08-23 04:19 - 00249470 ____A C:\Users\Claire\Downloads\attachments_2012_08_23.zip
2012-08-18 10:29 - 2012-08-18 10:29 - 01606064 ____A C:\Users\Claire\Downloads\googletalksetup.exe
2012-08-17 04:16 - 2012-08-17 04:16 - 00496155 ____A C:\Users\Claire\Downloads\Attachments_2012_08_17.zip
2012-08-16 10:22 - 2012-08-16 10:22 - 04518720 ____A (FileZilla Project) C:\Users\Claire\Downloads\FileZilla_3.5.3_win32-setup.exe
2012-08-16 07:19 - 2012-08-16 07:17 - 00000205 ____A C:\Users\Claire\Desktop\Office.url
2012-08-15 12:50 - 2012-08-15 12:50 - 45055152 ____A (Citrix Systems, Inc.) C:\Users\Claire\Downloads\CitrixReceiver.exe
2012-08-13 10:52 - 2012-08-13 10:52 - 00000000 ____A C:\Windows\setuperr.log
2012-08-13 07:40 - 2012-08-13 07:40 - 00176096 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdriverx.sys
2012-08-12 06:30 - 2012-08-12 06:30 - 00001226 ____A C:\Users\Claire\Desktop\Revo Uninstaller.lnk
2012-08-12 06:29 - 2012-08-12 06:29 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Claire\Downloads\revosetup (1).exe
2012-08-12 05:38 - 2012-08-12 05:38 - 00001533 ____A C:\Users\Claire\Desktop\CitrixOnlinePluginWeb - Shortcut (2).lnk
2012-08-12 04:34 - 2012-08-12 04:34 - 00000000 ___AH C:\Users\Claire\Documents\Default.rdp
2012-08-09 19:52 - 2012-08-09 19:52 - 00035168 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx86.sys
2012-08-09 19:52 - 2012-08-09 19:52 - 00019808 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsshimx.sys
2012-08-09 04:56 - 2012-08-09 04:56 - 00178656 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avglogx.sys
2012-08-04 15:34 - 2012-08-04 15:33 - 01114576 ____A C:\Users\Claire\Downloads\revosetup.exe
2012-08-02 15:35 - 2012-07-31 14:25 - 16450944 ____A C:\Users\Claire\Downloads\TrendyFlash_Site_Builder_FULL.rar
2012-07-31 14:23 - 2012-07-31 14:23 - 00025737 ____A C:\Users\Claire\Downloads\7B3FF0F71EFCD7A66CB14E2D0062E39882D8559F.torrent
2012-07-31 14:23 - 2012-07-31 14:23 - 00025737 ____A C:\Users\Claire\Downloads\7B3FF0F71EFCD7A66CB14E2D0062E39882D8559F (1).torrent
2012-07-27 16:15 - 2012-07-27 16:15 - 00010938 ____A C:\Users\Claire\Downloads\A73CC4A5CA3148BCFE38877565B529AA3B60F87A.torrent
2012-07-27 16:14 - 2012-07-27 16:14 - 00002135 ____A C:\Users\Claire\Downloads\F4849FF3EF885F15436B74F2CFBDF2CA253C6280.torrent
2012-07-27 16:13 - 2012-07-27 16:13 - 00016911 ____A C:\Users\Claire\Downloads\A814147283849AD4E4C62340D15E3F517C4EAF4F.torrent
2012-07-27 16:10 - 2012-07-27 16:10 - 00019643 ____A C:\Users\Claire\Downloads\8BF2C7D9929F377A8E426E3576A62704A4C21B08.torrent
2012-07-23 06:45 - 2012-07-23 06:45 - 00496155 ____A C:\Users\Claire\Downloads\Attachments_2012_07_23.zip
2012-07-22 06:01 - 2012-07-22 06:01 - 00290184 ____A C:\Users\Claire\Downloads\Windows_7_Loader_2_0_9_by_DAZ_rar.exe
2012-07-22 06:01 - 2012-07-22 06:01 - 00290184 ____A C:\Users\Claire\Downloads\Windows_7_Loader_2_0_9_by_DAZ_rar (1).exe
2012-07-22 05:49 - 2012-07-19 14:17 - 00783424 ____A C:\Windows\pkeyconfig.xrm-ms
2012-07-20 15:37 - 2012-07-20 15:37 - 00496155 ____A C:\Users\Claire\Downloads\Attachments_2012_07_21.zip
2012-07-19 14:16 - 2012-07-19 14:16 - 01517376 ____A C:\Users\Claire\Downloads\wrar420.exe
2012-07-19 14:14 - 2012-07-19 14:14 - 03220218 ____A C:\Users\Claire\Downloads\Loader.rar
2012-07-15 15:40 - 2012-07-15 15:38 - 22909755 ____A C:\Users\Claire\Downloads\Windows 7 Activator.exe
2012-07-09 13:49 - 2012-07-09 13:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-07-08 16:13 - 2012-07-08 16:13 - 00000280 ____A C:\Users\Claire\Downloads\Windows 7 Anytime Upgrade Product Key (1).txt
2012-07-07 06:20 - 2012-07-07 06:20 - 00159497 ____A C:\Users\Claire\Downloads\[kat.ph]the.sopranos.seasons.1.6.complete.gangafreak.torrent
2012-07-07 00:07 - 2012-07-07 00:02 - 593625088 ____A C:\Users\Claire\Downloads\XP_HOME.iso


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-25 13:49:22
Restore point made on: 2012-09-29 01:08:11
Restore point made on: 2012-09-29 01:08:53
Restore point made on: 2012-10-02 12:44:54
Restore point made on: 2012-10-03 01:04:57
Restore point made on: 2012-10-03 01:14:49
Restore point made on: 2012-10-03 01:25:10
Restore point made on: 2012-10-03 07:50:21
Restore point made on: 2012-10-03 09:44:08

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 2038.4 MB
Available physical RAM: 1636.8 MB
Total Pagefile: 2038.4 MB
Available Pagefile: 1641.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.68 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:111.69 GB) (Free:74.55 GB) NTFS
3 Drive f: (disgo) (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 111 GB 0 B
Disk 1 Online 245 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 111 GB 101 MB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 111 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 244 MB 16 KB

=========================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F disgo FAT Removable 244 MB Healthy

=========================================================

Last Boot: 2012-09-26 05:09

==================== End Of Log ============================

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:54 AM

Posted 04 October 2012 - 09:06 PM

Please run the following

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 jackbetal

jackbetal
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 05 October 2012 - 08:20 AM

ComboFix log as requested.


ComboFix 12-10-04.02 - Claire 10/05/2012 13:54:48.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.1346 [GMT 1:00]
Running from: c:\users\Claire\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BasicScan
c:\program files\DealPly
c:\program files\DealPly\DealPlyTune.dll
c:\programdata\a2a3102058232317e4d2cc6d2273c397_c
c:\programdata\BasicScan
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-05 to 2012-10-05 )))))))))))))))))))))))))))))))
.
.
2012-10-04 23:11 . 2012-10-04 23:11 -------- d-----w- C:\FRST
2012-10-03 13:39 . 2012-10-03 13:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-03 13:39 . 2012-09-07 16:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-03 09:20 . 2012-10-03 09:22 -------- d-----w- c:\users\Claire\AppData\Roaming\FK_Monitor
2012-10-03 09:19 . 2012-10-03 12:51 -------- d-----w- c:\program files\FK_Monitor
2012-10-03 08:24 . 2012-10-03 08:24 -------- d-----w- c:\users\Claire\AppData\Roaming\Malwarebytes
2012-10-03 08:24 . 2012-10-03 08:24 -------- d-----w- c:\programdata\Malwarebytes
2012-10-02 20:27 . 2012-10-03 09:12 -------- d--h--w- c:\programdata\kprologs
2012-10-02 20:03 . 2011-01-27 15:28 16384 ----a-w- c:\windows\system32\drivers\aswebr.sys
2012-10-02 20:03 . 2009-05-13 18:35 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2012-10-02 20:03 . 2012-10-03 09:28 -------- d-----w- c:\program files\ProKAward
2012-10-02 20:03 . 2009-05-13 18:35 28160 ----a-w- c:\windows\system32\anim.dll
2012-10-02 20:03 . 2009-05-13 18:35 258352 ----a-w- c:\windows\system32\unicows.dll
2012-10-02 20:03 . 2009-05-13 18:35 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2012-09-29 09:13 . 2012-09-29 09:13 -------- d-----w- c:\users\Claire\AppData\Roaming\AVG2013
2012-09-29 09:11 . 2012-09-29 09:11 -------- d-----w- c:\users\Claire\AppData\Roaming\TuneUp Software
2012-09-29 09:11 . 2012-09-29 09:11 -------- d-----w- c:\program files\AVG Secure Search
2012-09-29 09:08 . 2012-09-29 09:12 -------- d-----w- c:\programdata\AVG2013
2012-09-29 09:06 . 2012-10-02 19:51 -------- d-----w- c:\users\Claire\AppData\Local\Avg2013
2012-09-29 09:06 . 2012-09-29 09:06 -------- d-----w- c:\users\Claire\AppData\Local\MFAData
2012-09-28 20:35 . 2012-09-28 20:35 -------- d-----w- c:\users\Claire\AppData\Local\ElevatedDiagnostics
2012-09-25 19:14 . 2011-06-10 22:58 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-09-25 19:14 . 2011-05-13 23:17 632656 ----a-w- c:\windows\system32\msvcr80.dll
2012-09-25 19:14 . 2011-05-13 23:17 479232 ----a-w- c:\windows\system32\msvcm80.dll
2012-09-25 19:14 . 2011-05-13 23:17 554832 ----a-w- c:\windows\system32\msvcp80.dll
2012-09-25 19:14 . 2012-09-27 20:23 -------- d-----w- c:\windows\system32\ARFC
2012-09-25 19:14 . 2012-09-13 13:26 1006448 ----a-w- c:\windows\system32\dmwu.exe
2012-09-25 19:14 . 2012-09-13 13:24 28160 ----a-w- c:\windows\system32\ImHttpComm.dll
2012-09-25 19:14 . 2011-06-10 22:58 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-09-25 19:14 . 2012-09-28 17:14 -------- d-----w- c:\windows\system32\WNLT
2012-09-17 17:58 . 2012-09-17 17:58 51936 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-14 04:34 . 2012-09-14 04:34 89440 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-09-12 10:47 . 2012-09-12 10:47 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-12 10:47 . 2012-09-12 10:47 151648 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-22 11:54 . 2012-06-12 12:03 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-22 11:54 . 2011-11-12 23:57 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-05 17:04 . 2012-08-18 18:29 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-13 15:40 . 2012-08-13 15:40 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 03:52 . 2012-08-10 03:52 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 03:52 . 2012-08-10 03:52 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 12:56 . 2012-08-09 12:56 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-08-02 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-29 09:11 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll" [2012-09-29 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2005-04-22 290816]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-09-02 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2012-07-27 380088]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-29 947808]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-09-14 3039352]
"ROC_ROC_NT"="c:\program files\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-29 856160]
.
c:\users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Citrix\ICACLI~1\RSHook.dll
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 Aswebr;Aswebr Service;c:\windows\system32\DRIVERS\aswebr.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [x]
S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [x]
S2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [x]
S3 AswebrMP;AswebrMP;c:\windows\system32\DRIVERS\aswebr.sys [x]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 11:54]
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2852665561-1324931021-1180615828-1000Core.job
- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 00:44]
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2852665561-1324931021-1180615828-1000UA.job
- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 00:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ie/
mStart Page = hxxp://search.gboxapp.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 89.101.160.5 89.101.160.4
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
HKCU-Run-WheresJames Startup Manager - c:\program files\WheresJames\StartupMgr\StartupMgr.exe
HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\taskhost.exe
c:\program files\AVG\AVG2013\avgnsx.exe
c:\program files\AVG\AVG2013\avgrsx.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-10-05 14:07:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-05 13:07
.
Pre-Run: 75,159,052,288 bytes free
Post-Run: 75,139,166,208 bytes free
.
- - End Of File - - C3349F857738AA9561A5BB5B9F9CF640

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:54 AM

Posted 05 October 2012 - 09:19 AM

Please do the following:

submit a file to virustotal for analysis
  • Use the browse button on that page to navigate to the location of the file to be scanned.
  • In the right hand panel,
  • click on the file c:\windows\system32\drivers\aswebr.sys
  • then click the open button.
  • The file will now be displayed in the submit box.
  • Scroll down a bit and click "send file", wait for the results
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 jackbetal

jackbetal
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 05 October 2012 - 08:01 PM

This is the result.

https://www.virustotal.com/file/e33fee057eb61153e33d89a65dfad1fe49e5c3e3bc617af5c42cb0b5bb2af6c2/analysis/1349485056/

Edited by jackbetal, 05 October 2012 - 08:04 PM.


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:54 AM

Posted 05 October 2012 - 08:08 PM

Please run the following:

Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 jackbetal

jackbetal
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 05 October 2012 - 09:31 PM

# AdwCleaner v2.003 - Logfile created 10/06/2012 at 02:26:10
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Claire - CLAIRE-PC
# Boot Mode : Normal
# Running from : C:\Users\Claire\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Web Assistant Updater

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\user.js
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BabylonUpdater
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Claire\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Claire\AppData\Local\Babylon
Folder Deleted : C:\Users\Claire\AppData\Local\Conduit
Folder Deleted : C:\Users\Claire\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Claire\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Claire\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Claire\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\Claire\AppData\Roaming\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\SweetIm
Key Deleted : HKLM\Software\Web Assistant
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.gboxapp.com/ --> hxxp://www.google.com

-\\ Google Chrome v22.0.1229.79

File : C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.55] : icon_url = "hxxps://isearch.avg.com/favicon.ico",
Deleted [l.58] : keyword = "isearch.avg.com",
Deleted [l.61] : search_url = "hxxps://isearch.avg.com/search?cid={12EE26B9-69E6-4CB6-BA79-37E56F6DC44C}&mid=244790c7f8ba47d1ad31d1e9976db656-c0dbcbeb6b589ff0b04dcbada28f000a28b6bfbf&lang=en&ds=ft011&pr=sa&d=2012-08-18 19:29:57&v=12.2.5.32&sap=dsp&q={searchTerms}",

*************************

AdwCleaner[S1].txt - [9174 octets] - [06/10/2012 02:26:10]

########## EOF - C:\AdwCleaner[S1].txt - [9234 octets] ##########

------------------------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.05.12

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Claire :: CLAIRE-PC [administrator]

10/6/2012 2:32:13 AM
mbam-log-2012-10-06 (02-32-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188881
Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
------------------------------------------------------------------------------------------------------------------------------------------------------

C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0IIDX0EZ\counter[1].htm HTML/Iframe.B.Gen virus
C:\Users\Claire\Downloads\Windows_7_Loader_2_0_9_by_DAZ_rar (1).exe Win32/Adware.1ClickDownload.C application
C:\Users\Claire\Downloads\Windows_7_Loader_2_0_9_by_DAZ_rar.exe Win32/Adware.1ClickDownload.C application
C:\Users\Claire\Downloads\XP_HOME.iso Win32/HackTool.WpaKill.C application
C:\Users\Claire\Downloads\Award Keylogger 2.18 incl crack\Award Keylogger 2.18 incl crack-Slicer.rar a variant of Win32/KeyLogger.AwardKeylogger.A application
C:\Users\Claire\Downloads\Award Keylogger 2.18 incl crack\klproinstall.exe a variant of Win32/KeyLogger.AwardKeylogger.A application
C:\Users\Claire\Downloads\Award Keylogger 2.18 incl crack\crack\kl.exe a variant of Win32/KeyLogger.AwardKeylogger.A application

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:54 AM

Posted 05 October 2012 - 09:40 PM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0IIDX0EZ\counter[1].htm 
C:\Users\Claire\Downloads\Windows_7_Loader_2_0_9_by_DAZ_rar (1).exe 
C:\Users\Claire\Downloads\Windows_7_Loader_2_0_9_by_DAZ_rar.exe 
C:\Users\Claire\Downloads\XP_HOME.iso 
C:\Users\Claire\Downloads\Award Keylogger 2.18 incl crack\Award Keylogger 2.18 incl crack-Slicer.rar 
C:\Users\Claire\Downloads\Award Keylogger 2.18 incl crack\klproinstall.exe 
C:\Users\Claire\Downloads\Award Keylogger 2.18 incl crack\crack\kl.exe 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 jackbetal

jackbetal
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 06 October 2012 - 06:30 AM

I'm afraid there is still no change. I have the same problem. As soon as I open up my browser to surf the net then within a minute or two I am back at the blue screen. I have attached a photo of an earlier capture of what the screen looks like if that helps.


------------------------------------------------------------------------------------------------------------------------------------------------------
ComboFix 12-10-04.02 - Claire 10/06/2012 11:58:38.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.1220 [GMT 1:00]
Running from: c:\users\Claire\Desktop\ComboFix.exe
Command switches used :: c:\users\Claire\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0IIDX0EZ\counter[1].htm"
"c:\users\Claire\Downloads\Award Keylogger 2.18 incl crack\Award Keylogger 2.18 incl crack-Slicer.rar"
"c:\users\Claire\Downloads\Award Keylogger 2.18 incl crack\crack\kl.exe"
"c:\users\Claire\Downloads\Award Keylogger 2.18 incl crack\klproinstall.exe"
"c:\users\Claire\Downloads\Windows_7_Loader_2_0_9_by_DAZ_rar (1).exe"
"c:\users\Claire\Downloads\Windows_7_Loader_2_0_9_by_DAZ_rar.exe"
"c:\users\Claire\Downloads\XP_HOME.iso"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0IIDX0EZ\counter[1].htm
c:\users\Claire\Downloads\Award Keylogger 2.18 incl crack\Award Keylogger 2.18 incl crack-Slicer.rar
c:\users\Claire\Downloads\Award Keylogger 2.18 incl crack\crack\kl.exe
c:\users\Claire\Downloads\Award Keylogger 2.18 incl crack\klproinstall.exe
c:\users\Claire\Downloads\Windows_7_Loader_2_0_9_by_DAZ_rar (1).exe
c:\users\Claire\Downloads\Windows_7_Loader_2_0_9_by_DAZ_rar.exe
c:\users\Claire\Downloads\XP_HOME.iso
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-06 to 2012-10-06 )))))))))))))))))))))))))))))))
.
.
2012-10-06 11:05 . 2012-10-06 11:08 -------- d-----w- c:\users\Claire\AppData\Local\temp
2012-10-06 11:05 . 2012-10-06 11:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-06 01:44 . 2012-10-06 01:44 -------- d-----w- c:\program files\ESET
2012-10-04 23:11 . 2012-10-04 23:11 -------- d-----w- C:\FRST
2012-10-03 13:39 . 2012-10-03 13:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-03 13:39 . 2012-09-07 16:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-03 09:20 . 2012-10-03 09:22 -------- d-----w- c:\users\Claire\AppData\Roaming\FK_Monitor
2012-10-03 09:19 . 2012-10-03 12:51 -------- d-----w- c:\program files\FK_Monitor
2012-10-03 08:24 . 2012-10-03 08:24 -------- d-----w- c:\users\Claire\AppData\Roaming\Malwarebytes
2012-10-03 08:24 . 2012-10-03 08:24 -------- d-----w- c:\programdata\Malwarebytes
2012-10-02 20:27 . 2012-10-03 09:12 -------- d--h--w- c:\programdata\kprologs
2012-10-02 20:03 . 2011-01-27 15:28 16384 ----a-w- c:\windows\system32\drivers\aswebr.sys
2012-10-02 20:03 . 2009-05-13 18:35 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2012-10-02 20:03 . 2012-10-03 09:28 -------- d-----w- c:\program files\ProKAward
2012-10-02 20:03 . 2009-05-13 18:35 28160 ----a-w- c:\windows\system32\anim.dll
2012-10-02 20:03 . 2009-05-13 18:35 258352 ----a-w- c:\windows\system32\unicows.dll
2012-10-02 20:03 . 2009-05-13 18:35 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2012-09-29 09:13 . 2012-09-29 09:13 -------- d-----w- c:\users\Claire\AppData\Roaming\AVG2013
2012-09-29 09:11 . 2012-09-29 09:11 -------- d-----w- c:\users\Claire\AppData\Roaming\TuneUp Software
2012-09-29 09:08 . 2012-09-29 09:12 -------- d-----w- c:\programdata\AVG2013
2012-09-29 09:06 . 2012-10-02 19:51 -------- d-----w- c:\users\Claire\AppData\Local\Avg2013
2012-09-29 09:06 . 2012-09-29 09:06 -------- d-----w- c:\users\Claire\AppData\Local\MFAData
2012-09-28 20:35 . 2012-09-28 20:35 -------- d-----w- c:\users\Claire\AppData\Local\ElevatedDiagnostics
2012-09-25 19:14 . 2011-06-10 22:58 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-09-25 19:14 . 2011-05-13 23:17 632656 ----a-w- c:\windows\system32\msvcr80.dll
2012-09-25 19:14 . 2011-05-13 23:17 479232 ----a-w- c:\windows\system32\msvcm80.dll
2012-09-25 19:14 . 2011-05-13 23:17 554832 ----a-w- c:\windows\system32\msvcp80.dll
2012-09-25 19:14 . 2012-09-27 20:23 -------- d-----w- c:\windows\system32\ARFC
2012-09-25 19:14 . 2012-09-13 13:26 1006448 ----a-w- c:\windows\system32\dmwu.exe
2012-09-25 19:14 . 2012-09-13 13:24 28160 ----a-w- c:\windows\system32\ImHttpComm.dll
2012-09-25 19:14 . 2011-06-10 22:58 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-09-25 19:14 . 2012-09-28 17:14 -------- d-----w- c:\windows\system32\WNLT
2012-09-17 17:58 . 2012-09-17 17:58 51936 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-14 04:34 . 2012-09-14 04:34 89440 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-09-12 10:47 . 2012-09-12 10:47 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-12 10:47 . 2012-09-12 10:47 151648 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-22 11:54 . 2012-06-12 12:03 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-22 11:54 . 2011-11-12 23:57 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-05 17:04 . 2012-08-18 18:29 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-13 15:40 . 2012-08-13 15:40 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 03:52 . 2012-08-10 03:52 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 03:52 . 2012-08-10 03:52 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 12:56 . 2012-08-09 12:56 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-08-02 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2005-04-22 290816]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-09-02 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2012-07-27 380088]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-09-14 3039352]
.
c:\users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Citrix\ICACLI~1\RSHook.dll
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 Aswebr;Aswebr Service;c:\windows\system32\DRIVERS\aswebr.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [x]
S2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [x]
S3 AswebrMP;AswebrMP;c:\windows\system32\DRIVERS\aswebr.sys [x]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 11:54]
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2852665561-1324931021-1180615828-1000Core.job
- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 00:44]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2852665561-1324931021-1180615828-1000UA.job
- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 00:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ie/
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 89.101.160.5 89.101.160.4
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\taskhost.exe
c:\program files\AVG\AVG2013\avgnsx.exe
c:\program files\AVG\AVG2013\avgrsx.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-10-06 12:10:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-06 11:10
ComboFix2.txt 2012-10-05 13:07
.
Pre-Run: 74,749,530,112 bytes free
Post-Run: 74,468,229,120 bytes free
.
- - End Of File - - 49A08588EBCA382A882B48E0E9DA2FB3

------------------------------------------------------------------------------------------------------------------------------------------------------

MiniToolBox by Farbar Version: 23-07-2012
Ran by Claire (administrator) on 06-10-2012 at 12:13:40
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 3.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AVG 2013 (Version: 13.0.2591)
AVG 2013 (Version: 13.0.2677)
AVG 2013 (Version: 2013.0.2677)
CCleaner (Version: 3.12)
Citrix Authentication Manager (Version: 3.0.0.47031)
Citrix Receiver (HDX Flash Redirection) (Version: 13.3.0.55)
Citrix Receiver (Version: 13.3.0.55)
Citrix Receiver Inside (Version: 3.3.0.17208)
Citrix Receiver Updater (Version: 3.3.0.17207)
Citrix Receiver(Aero) (Version: 13.3.0.55)
Citrix Receiver(DV) (Version: 13.3.0.55)
Citrix Receiver(USB) (Version: 13.3.0.55)
CustomerResearchQFolder (Version: 1.00.0000)
Dell Photo AIO Printer 922
ESET Online Scanner v3
FileZilla Client 3.5.3 (Version: 3.5.3)
Google Chrome (Version: 22.0.1229.79)
HP Customer Participation Program 10.0 (Version: 10.0)
HP LaserJet P2050 Series 4.0 (Version: 4.0)
hppFonts (Version: 001.001.00061)
hppQFolderP2050 (Version: 1.00.0000)
hppusgP2050 (Version: 000.000.00007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel® TV Wizard
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
MarketResearch (Version: 100.0.170.000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Online Plug-in (Version: 13.3.0.55)
Revo Uninstaller 1.94 (Version: 1.94)
Self-service Plug-in (Version: 3.3.0.27839)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
VLC media player 1.1.11 (Version: 1.1.11)
Web Optimizer (Version: 2.0.0.2)
WebReg (Version: 100.0.170.000)
WinRAR 4.20 (32-bit) (Version: 4.20.0)

**** End of log ****
------------------------------------------------------------------------------------------------------------------------------------------------------

Farbar Service Scanner Version: 19-09-2012
Ran by Claire (administrator) on 06-10-2012 at 12:16:01
Running from "C:\Users\Claire\Desktop\New folder"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Attached Files


Edited by jackbetal, 06 October 2012 - 06:32 AM.


#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:54 AM

Posted 06 October 2012 - 08:52 AM

open Device Manager


expand all the trees and see if there are any warning triangles beside any devices

if there are > uninstall the device, reboot and allow Windows to reinstall the driver



NEXT



  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

FCopy::
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll | c:\windows\System32\user32.dll

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT



Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 jackbetal

jackbetal
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 06 October 2012 - 11:44 AM

I opened my browser after these scans to check was there any change and it went to blue screen again after 30 seconds or so.

----------------------------------------------------------------------------------------------------------------------

ComboFix 12-10-04.02 - Claire 10/06/2012 17:20:46.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.1272 [GMT 1:00]
Running from: c:\users\Claire\Desktop\ComboFix.exe
Command switches used :: c:\users\Claire\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache\userinit.exe
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll --> c:\windows\System32\user32.dll
.
((((((((((((((((((((((((( Files Created from 2012-09-06 to 2012-10-06 )))))))))))))))))))))))))))))))
.
.
2012-10-06 16:27 . 2012-10-06 16:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-06 11:05 . 2012-10-06 16:29 -------- d-----w- c:\users\Claire\AppData\Local\temp
2012-10-06 01:44 . 2012-10-06 01:44 -------- d-----w- c:\program files\ESET
2012-10-04 23:11 . 2012-10-04 23:11 -------- d-----w- C:\FRST
2012-10-03 13:39 . 2012-10-03 13:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-03 13:39 . 2012-09-07 16:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-03 09:20 . 2012-10-03 09:22 -------- d-----w- c:\users\Claire\AppData\Roaming\FK_Monitor
2012-10-03 09:19 . 2012-10-03 12:51 -------- d-----w- c:\program files\FK_Monitor
2012-10-03 08:24 . 2012-10-03 08:24 -------- d-----w- c:\users\Claire\AppData\Roaming\Malwarebytes
2012-10-03 08:24 . 2012-10-03 08:24 -------- d-----w- c:\programdata\Malwarebytes
2012-10-02 20:27 . 2012-10-03 09:12 -------- d--h--w- c:\programdata\kprologs
2012-10-02 20:03 . 2011-01-27 15:28 16384 ----a-w- c:\windows\system32\drivers\aswebr.sys
2012-10-02 20:03 . 2009-05-13 18:35 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2012-10-02 20:03 . 2012-10-03 09:28 -------- d-----w- c:\program files\ProKAward
2012-10-02 20:03 . 2009-05-13 18:35 28160 ----a-w- c:\windows\system32\anim.dll
2012-10-02 20:03 . 2009-05-13 18:35 258352 ----a-w- c:\windows\system32\unicows.dll
2012-10-02 20:03 . 2009-05-13 18:35 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2012-09-29 09:13 . 2012-09-29 09:13 -------- d-----w- c:\users\Claire\AppData\Roaming\AVG2013
2012-09-29 09:11 . 2012-09-29 09:11 -------- d-----w- c:\users\Claire\AppData\Roaming\TuneUp Software
2012-09-29 09:08 . 2012-09-29 09:12 -------- d-----w- c:\programdata\AVG2013
2012-09-29 09:06 . 2012-10-02 19:51 -------- d-----w- c:\users\Claire\AppData\Local\Avg2013
2012-09-29 09:06 . 2012-09-29 09:06 -------- d-----w- c:\users\Claire\AppData\Local\MFAData
2012-09-28 20:35 . 2012-09-28 20:35 -------- d-----w- c:\users\Claire\AppData\Local\ElevatedDiagnostics
2012-09-25 19:14 . 2011-06-10 22:58 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-09-25 19:14 . 2011-05-13 23:17 632656 ----a-w- c:\windows\system32\msvcr80.dll
2012-09-25 19:14 . 2011-05-13 23:17 479232 ----a-w- c:\windows\system32\msvcm80.dll
2012-09-25 19:14 . 2011-05-13 23:17 554832 ----a-w- c:\windows\system32\msvcp80.dll
2012-09-25 19:14 . 2012-09-27 20:23 -------- d-----w- c:\windows\system32\ARFC
2012-09-25 19:14 . 2012-09-13 13:26 1006448 ----a-w- c:\windows\system32\dmwu.exe
2012-09-25 19:14 . 2012-09-13 13:24 28160 ----a-w- c:\windows\system32\ImHttpComm.dll
2012-09-25 19:14 . 2011-06-10 22:58 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-09-25 19:14 . 2012-09-28 17:14 -------- d-----w- c:\windows\system32\WNLT
2012-09-17 17:58 . 2012-09-17 17:58 51936 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-14 04:34 . 2012-09-14 04:34 89440 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-09-12 10:47 . 2012-09-12 10:47 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-12 10:47 . 2012-09-12 10:47 151648 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-22 11:54 . 2012-06-12 12:03 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-22 11:54 . 2011-11-12 23:57 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-05 17:04 . 2012-08-18 18:29 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-13 15:40 . 2012-08-13 15:40 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 03:52 . 2012-08-10 03:52 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 03:52 . 2012-08-10 03:52 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 12:56 . 2012-08-09 12:56 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2005-04-22 290816]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-09-02 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2012-07-27 380088]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-09-14 3039352]
.
c:\users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Citrix\ICACLI~1\RSHook.dll
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 Aswebr;Aswebr Service;c:\windows\system32\DRIVERS\aswebr.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [x]
S2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [x]
S3 AswebrMP;AswebrMP;c:\windows\system32\DRIVERS\aswebr.sys [x]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 11:54]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2852665561-1324931021-1180615828-1000Core.job
- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 00:44]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2852665561-1324931021-1180615828-1000UA.job
- c:\users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 00:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ie/
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 89.101.160.5 89.101.160.4
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\AVG\AVG2013\avgnsx.exe
c:\program files\AVG\AVG2013\avgrsx.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-10-06 17:32:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-06 16:32
ComboFix2.txt 2012-10-05 13:07
.
Pre-Run: 74,512,125,952 bytes free
Post-Run: 74,462,818,304 bytes free
.
- - End Of File - - 6A1E12E33602D5BC8B53C3D5E8B53955

------------------------------------------------------------------------------------------------------------------------------------------------------

17:34:49.0394 3164 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:34:49.0628 3164 ============================================================
17:34:49.0628 3164 Current date / time: 2012/10/06 17:34:49.0628
17:34:49.0628 3164 SystemInfo:
17:34:49.0628 3164
17:34:49.0628 3164 OS Version: 6.1.7601 ServicePack: 1.0
17:34:49.0628 3164 Product type: Workstation
17:34:49.0628 3164 ComputerName: CLAIRE-PC
17:34:49.0628 3164 UserName: Claire
17:34:49.0628 3164 Windows directory: C:\Windows
17:34:49.0628 3164 System windows directory: C:\Windows
17:34:49.0628 3164 Processor architecture: Intel x86
17:34:49.0628 3164 Number of processors: 2
17:34:49.0628 3164 Page size: 0x1000
17:34:49.0628 3164 Boot type: Normal boot
17:34:49.0628 3164 ============================================================
17:34:52.0046 3164 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:34:52.0046 3164 ============================================================
17:34:52.0046 3164 \Device\Harddisk0\DR0:
17:34:52.0046 3164 MBR partitions:
17:34:52.0046 3164 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:34:52.0046 3164 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
17:34:52.0046 3164 ============================================================
17:34:52.0124 3164 C: <-> \Device\Harddisk0\DR0\Partition2
17:34:52.0124 3164 ============================================================
17:34:52.0124 3164 Initialize success
17:34:52.0124 3164 ============================================================
17:35:54.0980 3352 ============================================================
17:35:54.0980 3352 Scan started
17:35:54.0980 3352 Mode: Manual; TDLFS;
17:35:54.0980 3352 ============================================================
17:35:56.0711 3352 ================ Scan system memory ========================
17:35:56.0711 3352 System memory - ok
17:35:56.0711 3352 ================ Scan services =============================
17:35:57.0304 3352 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:35:57.0320 3352 1394ohci - ok
17:35:57.0351 3352 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:35:57.0367 3352 ACPI - ok
17:35:57.0382 3352 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:35:57.0382 3352 AcpiPmi - ok
17:35:57.0538 3352 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:35:57.0538 3352 AdobeARMservice - ok
17:35:57.0647 3352 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:35:57.0663 3352 AdobeFlashPlayerUpdateSvc - ok
17:35:57.0725 3352 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:35:57.0741 3352 adp94xx - ok
17:35:57.0757 3352 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:35:57.0772 3352 adpahci - ok
17:35:57.0788 3352 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:35:57.0788 3352 adpu320 - ok
17:35:57.0819 3352 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:35:57.0819 3352 AeLookupSvc - ok
17:35:57.0866 3352 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
17:35:57.0866 3352 AFD - ok
17:35:57.0928 3352 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
17:35:57.0928 3352 agp440 - ok
17:35:57.0944 3352 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
17:35:57.0959 3352 aic78xx - ok
17:35:57.0991 3352 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
17:35:57.0991 3352 ALG - ok
17:35:58.0006 3352 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
17:35:58.0006 3352 aliide - ok
17:35:58.0037 3352 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:35:58.0053 3352 amdagp - ok
17:35:58.0084 3352 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
17:35:58.0084 3352 amdide - ok
17:35:58.0115 3352 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:35:58.0115 3352 AmdK8 - ok
17:35:58.0131 3352 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
17:35:58.0131 3352 AmdPPM - ok
17:35:58.0162 3352 [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:35:58.0162 3352 amdsata - ok
17:35:58.0178 3352 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:35:58.0178 3352 amdsbs - ok
17:35:58.0209 3352 [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:35:58.0209 3352 amdxata - ok
17:35:58.0240 3352 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
17:35:58.0240 3352 AppID - ok
17:35:58.0271 3352 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:35:58.0271 3352 AppIDSvc - ok
17:35:58.0303 3352 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
17:35:58.0303 3352 Appinfo - ok
17:35:58.0349 3352 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
17:35:58.0349 3352 AppMgmt - ok
17:35:58.0396 3352 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
17:35:58.0412 3352 arc - ok
17:35:58.0427 3352 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:35:58.0427 3352 arcsas - ok
17:35:58.0505 3352 [ 367A8C68B7BCD9C9A6C1170371B2A733 ] Aswebr C:\Windows\system32\DRIVERS\aswebr.sys
17:35:58.0521 3352 Aswebr - ok
17:35:58.0537 3352 [ 367A8C68B7BCD9C9A6C1170371B2A733 ] AswebrMP C:\Windows\system32\DRIVERS\aswebr.sys
17:35:58.0537 3352 AswebrMP - ok
17:35:58.0568 3352 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:35:58.0568 3352 AsyncMac - ok
17:35:58.0583 3352 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
17:35:58.0583 3352 atapi - ok
17:35:58.0646 3352 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:35:58.0661 3352 AudioEndpointBuilder - ok
17:35:58.0677 3352 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:35:58.0693 3352 Audiosrv - ok
17:35:59.0364 3352 [ 1D7D0D5D33D8B1507EC5FBFE332E5657 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
17:35:59.0598 3352 AVGIDSAgent - ok
17:35:59.0660 3352 [ 9E42E8B6BB7FD68F840003A9FC8F24C8 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
17:35:59.0676 3352 AVGIDSDriver - ok
17:35:59.0722 3352 [ CB77A9743A033E33F8409D235C683D99 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
17:35:59.0738 3352 AVGIDSHX - ok
17:35:59.0785 3352 [ 240F106B07CD9B522E2CD9E621618367 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
17:35:59.0785 3352 AVGIDSShim - ok
17:35:59.0832 3352 [ 7023142C545896D3538C9D36DDC57406 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
17:35:59.0832 3352 Avgldx86 - ok
17:35:59.0863 3352 [ 87E88A36279C8E5869270CC87F5BB7CD ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
17:35:59.0878 3352 Avglogx - ok
17:35:59.0910 3352 [ DACC0743F5313045D5CCA23F8A7CDF68 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
17:35:59.0910 3352 Avgmfx86 - ok
17:35:59.0941 3352 [ B8392B63D795A3DE866793220D3559EF ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
17:35:59.0941 3352 Avgrkx86 - ok
17:36:00.0003 3352 [ 69A4DF4CD2A15AACC0E8D2005D6A04BA ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
17:36:00.0003 3352 Avgtdix - ok
17:36:00.0066 3352 [ 6F76908F065C3C151C4BFCA7DFD86979 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
17:36:00.0081 3352 avgtp - ok
17:36:00.0159 3352 [ 42F11F37CC06D9AB6528AF2E215B8799 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
17:36:00.0190 3352 avgwd - ok
17:36:00.0222 3352 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:36:00.0237 3352 AxInstSV - ok
17:36:00.0300 3352 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
17:36:00.0315 3352 b06bdrv - ok
17:36:00.0346 3352 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
17:36:00.0362 3352 b57nd60x - ok
17:36:00.0393 3352 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
17:36:00.0409 3352 BDESVC - ok
17:36:00.0424 3352 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
17:36:00.0424 3352 Beep - ok
17:36:00.0487 3352 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
17:36:00.0502 3352 BFE - ok
17:36:00.0534 3352 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
17:36:00.0549 3352 BITS - ok
17:36:00.0612 3352 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:36:00.0627 3352 blbdrive - ok
17:36:00.0705 3352 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:36:00.0721 3352 bowser - ok
17:36:00.0752 3352 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
17:36:00.0768 3352 BrFiltLo - ok
17:36:00.0799 3352 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
17:36:00.0799 3352 BrFiltUp - ok
17:36:00.0861 3352 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:36:00.0861 3352 BridgeMP - ok
17:36:00.0908 3352 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll
17:36:00.0908 3352 Browser - ok
17:36:00.0939 3352 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:36:00.0955 3352 Brserid - ok
17:36:01.0002 3352 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:36:01.0002 3352 BrSerWdm - ok
17:36:01.0064 3352 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:36:01.0064 3352 BrUsbMdm - ok
17:36:01.0080 3352 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:36:01.0080 3352 BrUsbSer - ok
17:36:01.0095 3352 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:36:01.0111 3352 BTHMODEM - ok
17:36:01.0142 3352 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
17:36:01.0142 3352 bthserv - ok
17:36:01.0298 3352 catchme - ok
17:36:01.0360 3352 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:36:01.0360 3352 cdfs - ok
17:36:01.0407 3352 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:36:01.0423 3352 cdrom - ok
17:36:01.0454 3352 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
17:36:01.0470 3352 CertPropSvc - ok
17:36:01.0485 3352 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
17:36:01.0485 3352 circlass - ok
17:36:01.0516 3352 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
17:36:01.0548 3352 CLFS - ok
17:36:01.0626 3352 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:36:01.0641 3352 clr_optimization_v2.0.50727_32 - ok
17:36:01.0672 3352 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:36:01.0672 3352 CmBatt - ok
17:36:01.0688 3352 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:36:01.0704 3352 cmdide - ok
17:36:01.0750 3352 [ 6427525D76F61D0C519B008D3680E8E7 ] CNG C:\Windows\system32\Drivers\cng.sys
17:36:01.0750 3352 CNG - ok
17:36:01.0782 3352 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:36:01.0782 3352 Compbatt - ok
17:36:01.0813 3352 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:36:01.0813 3352 CompositeBus - ok
17:36:01.0828 3352 COMSysApp - ok
17:36:01.0860 3352 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:36:01.0860 3352 crcdisk - ok
17:36:01.0906 3352 [ A585BEBF7D054BD9618EDA0922D5484A ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:36:01.0906 3352 CryptSvc - ok
17:36:01.0969 3352 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
17:36:01.0984 3352 CSC - ok
17:36:02.0047 3352 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
17:36:02.0062 3352 CscService - ok
17:36:02.0172 3352 [ FFC5377AA2C1A3F5B18F359F661E76C8 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
17:36:02.0172 3352 ctxusbm - ok
17:36:02.0234 3352 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
17:36:02.0250 3352 DcomLaunch - ok
17:36:02.0343 3352 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
17:36:02.0374 3352 defragsvc - ok
17:36:02.0421 3352 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:36:02.0437 3352 DfsC - ok
17:36:02.0484 3352 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:36:02.0499 3352 Dhcp - ok
17:36:02.0515 3352 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
17:36:02.0515 3352 discache - ok
17:36:02.0577 3352 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
17:36:02.0577 3352 Disk - ok
17:36:02.0608 3352 dlbt_device - ok
17:36:02.0655 3352 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
17:36:02.0655 3352 dmvsc - ok
17:36:02.0686 3352 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:36:02.0686 3352 Dnscache - ok
17:36:02.0749 3352 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
17:36:02.0749 3352 dot3svc - ok
17:36:02.0827 3352 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
17:36:02.0842 3352 DPS - ok
17:36:02.0889 3352 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:36:02.0889 3352 drmkaud - ok
17:36:02.0967 3352 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:36:02.0983 3352 DXGKrnl - ok
17:36:03.0061 3352 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
17:36:03.0061 3352 EapHost - ok
17:36:03.0404 3352 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
17:36:03.0560 3352 ebdrv - ok
17:36:03.0607 3352 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
17:36:03.0622 3352 EFS - ok
17:36:03.0778 3352 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:36:03.0794 3352 ehRecvr - ok
17:36:03.0810 3352 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
17:36:03.0810 3352 ehSched - ok
17:36:03.0872 3352 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:36:03.0888 3352 elxstor - ok
17:36:03.0903 3352 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:36:03.0919 3352 ErrDev - ok
17:36:03.0997 3352 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
17:36:04.0012 3352 EventSystem - ok
17:36:04.0059 3352 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
17:36:04.0075 3352 exfat - ok
17:36:04.0106 3352 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:36:04.0106 3352 fastfat - ok
17:36:04.0168 3352 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
17:36:04.0200 3352 Fax - ok
17:36:04.0231 3352 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
17:36:04.0246 3352 fdc - ok
17:36:04.0293 3352 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
17:36:04.0293 3352 fdPHost - ok
17:36:04.0324 3352 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
17:36:04.0324 3352 FDResPub - ok
17:36:04.0340 3352 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:36:04.0356 3352 FileInfo - ok
17:36:04.0371 3352 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:36:04.0371 3352 Filetrace - ok
17:36:04.0387 3352 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
17:36:04.0402 3352 flpydisk - ok
17:36:04.0434 3352 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:36:04.0434 3352 FltMgr - ok
17:36:04.0496 3352 [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache C:\Windows\system32\FntCache.dll
17:36:04.0527 3352 FontCache - ok
17:36:04.0605 3352 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:36:04.0621 3352 FontCache3.0.0.0 - ok
17:36:04.0652 3352 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:36:04.0652 3352 FsDepends - ok
17:36:04.0699 3352 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:36:04.0746 3352 Fs_Rec - ok
17:36:04.0792 3352 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:36:04.0792 3352 fvevol - ok
17:36:04.0824 3352 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:36:04.0839 3352 gagp30kx - ok
17:36:04.0964 3352 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
17:36:04.0980 3352 gpsvc - ok
17:36:05.0042 3352 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:36:05.0042 3352 hcw85cir - ok
17:36:05.0120 3352 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:36:05.0136 3352 HdAudAddService - ok
17:36:05.0198 3352 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:36:05.0198 3352 HDAudBus - ok
17:36:05.0214 3352 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
17:36:05.0214 3352 HidBatt - ok
17:36:05.0229 3352 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:36:05.0245 3352 HidBth - ok
17:36:05.0276 3352 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
17:36:05.0276 3352 HidIr - ok
17:36:05.0307 3352 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
17:36:05.0323 3352 hidserv - ok
17:36:05.0338 3352 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:36:05.0354 3352 HidUsb - ok
17:36:05.0385 3352 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:36:05.0385 3352 hkmsvc - ok
17:36:05.0416 3352 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:36:05.0432 3352 HomeGroupListener - ok
17:36:05.0463 3352 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:36:05.0479 3352 HomeGroupProvider - ok
17:36:05.0541 3352 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:36:05.0541 3352 HpSAMD - ok
17:36:05.0572 3352 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:36:05.0588 3352 HTTP - ok
17:36:05.0604 3352 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:36:05.0604 3352 hwpolicy - ok
17:36:05.0713 3352 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:36:05.0728 3352 i8042prt - ok
17:36:05.0791 3352 [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:36:05.0806 3352 iaStorV - ok
17:36:05.0978 3352 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:36:05.0994 3352 idsvc - ok
17:36:06.0586 3352 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
17:36:06.0774 3352 igfx - ok
17:36:06.0820 3352 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:36:06.0852 3352 iirsp - ok
17:36:06.0914 3352 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
17:36:06.0930 3352 IKEEXT - ok
17:36:06.0961 3352 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
17:36:06.0961 3352 intelide - ok
17:36:06.0992 3352 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:36:07.0008 3352 intelppm - ok
17:36:07.0023 3352 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:36:07.0039 3352 IPBusEnum - ok
17:36:07.0054 3352 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:36:07.0070 3352 IpFilterDriver - ok
17:36:07.0132 3352 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:36:07.0148 3352 iphlpsvc - ok
17:36:07.0164 3352 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:36:07.0164 3352 IPMIDRV - ok
17:36:07.0195 3352 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:36:07.0195 3352 IPNAT - ok
17:36:07.0226 3352 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:36:07.0226 3352 IRENUM - ok
17:36:07.0242 3352 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:36:07.0242 3352 isapnp - ok
17:36:07.0273 3352 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:36:07.0288 3352 iScsiPrt - ok
17:36:07.0320 3352 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:36:07.0320 3352 kbdclass - ok
17:36:07.0351 3352 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:36:07.0351 3352 kbdhid - ok
17:36:07.0366 3352 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
17:36:07.0366 3352 KeyIso - ok
17:36:07.0429 3352 [ F4647BB23DB9038A7536CF6B68F4207F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:36:07.0429 3352 KSecDD - ok
17:36:07.0476 3352 [ E73CAE53BBB72BA26918492C6B4C229D ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:36:07.0476 3352 KSecPkg - ok
17:36:07.0522 3352 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
17:36:07.0538 3352 KtmRm - ok
17:36:07.0600 3352 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
17:36:07.0600 3352 LanmanServer - ok
17:36:07.0663 3352 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:36:07.0663 3352 LanmanWorkstation - ok
17:36:07.0725 3352 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:36:07.0725 3352 lltdio - ok
17:36:07.0803 3352 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:36:07.0819 3352 lltdsvc - ok
17:36:07.0834 3352 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
17:36:07.0850 3352 lmhosts - ok
17:36:07.0881 3352 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:36:07.0897 3352 LSI_FC - ok
17:36:07.0912 3352 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:36:07.0912 3352 LSI_SAS - ok
17:36:07.0928 3352 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
17:36:07.0928 3352 LSI_SAS2 - ok
17:36:07.0944 3352 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:36:07.0944 3352 LSI_SCSI - ok
17:36:07.0975 3352 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
17:36:07.0990 3352 luafv - ok
17:36:08.0006 3352 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:36:08.0006 3352 Mcx2Svc - ok
17:36:08.0037 3352 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
17:36:08.0037 3352 megasas - ok
17:36:08.0053 3352 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
17:36:08.0053 3352 MegaSR - ok
17:36:08.0131 3352 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:36:08.0146 3352 Microsoft Office Groove Audit Service - ok
17:36:08.0178 3352 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
17:36:08.0193 3352 MMCSS - ok
17:36:08.0209 3352 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
17:36:08.0209 3352 Modem - ok
17:36:08.0240 3352 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:36:08.0240 3352 monitor - ok
17:36:08.0271 3352 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:36:08.0271 3352 mouclass - ok
17:36:08.0318 3352 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\drivers\mouhid.sys
17:36:08.0318 3352 mouhid - ok
17:36:08.0334 3352 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:36:08.0349 3352 mountmgr - ok
17:36:08.0349 3352 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
17:36:08.0365 3352 mpio - ok
17:36:08.0380 3352 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:36:08.0380 3352 mpsdrv - ok
17:36:08.0427 3352 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:36:08.0443 3352 MpsSvc - ok
17:36:08.0443 3352 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:36:08.0458 3352 MRxDAV - ok
17:36:08.0490 3352 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:36:08.0490 3352 mrxsmb - ok
17:36:08.0552 3352 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:36:08.0568 3352 mrxsmb10 - ok
17:36:08.0599 3352 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:36:08.0599 3352 mrxsmb20 - ok
17:36:08.0646 3352 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
17:36:08.0646 3352 msahci - ok
17:36:08.0677 3352 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:36:08.0708 3352 msdsm - ok
17:36:08.0786 3352 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
17:36:08.0802 3352 MSDTC - ok
17:36:08.0833 3352 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:36:08.0848 3352 Msfs - ok
17:36:08.0880 3352 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:36:08.0880 3352 mshidkmdf - ok
17:36:08.0895 3352 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:36:08.0895 3352 msisadrv - ok
17:36:08.0942 3352 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:36:08.0942 3352 MSiSCSI - ok
17:36:08.0942 3352 msiserver - ok
17:36:08.0989 3352 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:36:09.0004 3352 MSKSSRV - ok
17:36:09.0020 3352 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:36:09.0020 3352 MSPCLOCK - ok
17:36:09.0036 3352 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:36:09.0036 3352 MSPQM - ok
17:36:09.0067 3352 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:36:09.0067 3352 MsRPC - ok
17:36:09.0098 3352 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:36:09.0098 3352 mssmbios - ok
17:36:09.0114 3352 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:36:09.0114 3352 MSTEE - ok
17:36:09.0129 3352 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
17:36:09.0129 3352 MTConfig - ok
17:36:09.0145 3352 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
17:36:09.0145 3352 Mup - ok
17:36:09.0207 3352 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
17:36:09.0223 3352 napagent - ok
17:36:09.0285 3352 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:36:09.0285 3352 NativeWifiP - ok
17:36:09.0348 3352 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:36:09.0363 3352 NDIS - ok
17:36:09.0394 3352 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:36:09.0394 3352 NdisCap - ok
17:36:09.0410 3352 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:36:09.0426 3352 NdisTapi - ok
17:36:09.0457 3352 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:36:09.0457 3352 Ndisuio - ok
17:36:09.0472 3352 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:36:09.0472 3352 NdisWan - ok
17:36:09.0488 3352 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:36:09.0488 3352 NDProxy - ok
17:36:09.0504 3352 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:36:09.0504 3352 NetBIOS - ok
17:36:09.0535 3352 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:36:09.0535 3352 NetBT - ok
17:36:09.0550 3352 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
17:36:09.0566 3352 Netlogon - ok
17:36:09.0644 3352 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
17:36:09.0644 3352 Netman - ok
17:36:09.0675 3352 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
17:36:09.0691 3352 netprofm - ok
17:36:09.0722 3352 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:36:09.0722 3352 NetTcpPortSharing - ok
17:36:09.0753 3352 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:36:09.0753 3352 nfrd960 - ok
17:36:09.0769 3352 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:36:09.0784 3352 NlaSvc - ok
17:36:09.0800 3352 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:36:09.0816 3352 Npfs - ok
17:36:09.0847 3352 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
17:36:09.0847 3352 nsi - ok
17:36:09.0878 3352 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:36:09.0894 3352 nsiproxy - ok
17:36:09.0972 3352 [ 33C3093D09017CFE2E219F2472BFF6EB ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:36:09.0972 3352 Ntfs - ok
17:36:10.0003 3352 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
17:36:10.0003 3352 Null - ok
17:36:10.0018 3352 [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:36:10.0034 3352 nvraid - ok
17:36:10.0065 3352 [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:36:10.0065 3352 nvstor - ok
17:36:10.0081 3352 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:36:10.0081 3352 nv_agp - ok
17:36:10.0206 3352 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:36:10.0221 3352 odserv - ok
17:36:10.0237 3352 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:36:10.0237 3352 ohci1394 - ok
17:36:10.0299 3352 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:36:10.0330 3352 ose - ok
17:36:10.0408 3352 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:36:10.0424 3352 p2pimsvc - ok
17:36:10.0455 3352 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
17:36:10.0486 3352 p2psvc - ok
17:36:10.0518 3352 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
17:36:10.0518 3352 Parport - ok
17:36:10.0533 3352 [ BF8F6AF06DA75B336F07E23AEF97D93B ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:36:10.0533 3352 partmgr - ok
17:36:10.0564 3352 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
17:36:10.0564 3352 Parvdm - ok
17:36:10.0596 3352 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:36:10.0611 3352 PcaSvc - ok
17:36:10.0627 3352 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
17:36:10.0627 3352 pci - ok
17:36:10.0642 3352 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
17:36:10.0642 3352 pciide - ok
17:36:10.0674 3352 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:36:10.0689 3352 pcmcia - ok
17:36:10.0720 3352 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
17:36:10.0720 3352 pcw - ok
17:36:10.0798 3352 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:36:10.0814 3352 PEAUTH - ok
17:36:10.0876 3352 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:36:10.0908 3352 PeerDistSvc - ok
17:36:11.0064 3352 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
17:36:11.0095 3352 pla - ok
17:36:11.0157 3352 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:36:11.0173 3352 PlugPlay - ok
17:36:11.0235 3352 [ 379F7A0EC9FBE07629FD3F244D3E3E44 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:36:11.0235 3352 Pml Driver HPZ12 - ok
17:36:11.0251 3352 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:36:11.0251 3352 PNRPAutoReg - ok
17:36:11.0266 3352 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:36:11.0282 3352 PNRPsvc - ok
17:36:11.0376 3352 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:36:11.0391 3352 PolicyAgent - ok
17:36:11.0438 3352 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
17:36:11.0454 3352 Power - ok
17:36:11.0500 3352 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:36:11.0500 3352 PptpMiniport - ok
17:36:11.0516 3352 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
17:36:11.0516 3352 Processor - ok
17:36:11.0578 3352 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\Windows\system32\profsvc.dll
17:36:11.0578 3352 ProfSvc - ok
17:36:11.0610 3352 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:36:11.0610 3352 ProtectedStorage - ok
17:36:11.0656 3352 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:36:11.0656 3352 Psched - ok
17:36:11.0750 3352 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:36:11.0766 3352 ql2300 - ok
17:36:11.0781 3352 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:36:11.0797 3352 ql40xx - ok
17:36:11.0875 3352 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
17:36:11.0875 3352 QWAVE - ok
17:36:11.0922 3352 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:36:11.0937 3352 QWAVEdrv - ok
17:36:11.0953 3352 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:36:11.0953 3352 RasAcd - ok
17:36:11.0984 3352 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:36:12.0000 3352 RasAgileVpn - ok
17:36:12.0031 3352 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
17:36:12.0031 3352 RasAuto - ok
17:36:12.0062 3352 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:36:12.0078 3352 Rasl2tp - ok
17:36:12.0109 3352 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
17:36:12.0109 3352 RasMan - ok
17:36:12.0140 3352 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:36:12.0156 3352 RasPppoe - ok
17:36:12.0187 3352 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:36:12.0187 3352 RasSstp - ok
17:36:12.0234 3352 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:36:12.0234 3352 rdbss - ok
17:36:12.0249 3352 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:36:12.0249 3352 rdpbus - ok
17:36:12.0265 3352 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:36:12.0265 3352 RDPCDD - ok
17:36:12.0312 3352 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:36:12.0312 3352 RDPDR - ok
17:36:12.0343 3352 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:36:12.0343 3352 RDPENCDD - ok
17:36:12.0374 3352 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:36:12.0374 3352 RDPREFMP - ok
17:36:12.0421 3352 [ 244C83332F44589AE98FC347F11B2693 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:36:12.0421 3352 RDPWD - ok
17:36:12.0468 3352 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:36:12.0468 3352 rdyboost - ok
17:36:12.0499 3352 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
17:36:12.0514 3352 RemoteAccess - ok
17:36:12.0561 3352 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:36:12.0561 3352 RemoteRegistry - ok
17:36:12.0624 3352 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:36:12.0639 3352 RpcEptMapper - ok
17:36:12.0670 3352 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
17:36:12.0686 3352 RpcLocator - ok
17:36:12.0702 3352 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
17:36:12.0717 3352 RpcSs - ok
17:36:12.0780 3352 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:36:12.0780 3352 rspndr - ok
17:36:12.0826 3352 [ CA5A4FBFE341F13733955B8AAC98F0B5 ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys
17:36:12.0842 3352 RTL8187B - ok
17:36:12.0873 3352 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:36:12.0873 3352 s3cap - ok
17:36:12.0904 3352 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
17:36:12.0904 3352 SamSs - ok
17:36:12.0951 3352 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:36:12.0951 3352 sbp2port - ok
17:36:12.0998 3352 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:36:13.0014 3352 SCardSvr - ok
17:36:13.0045 3352 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:36:13.0045 3352 scfilter - ok
17:36:13.0092 3352 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
17:36:13.0107 3352 Schedule - ok
17:36:13.0123 3352 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:36:13.0123 3352 SCPolicySvc - ok
17:36:13.0170 3352 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:36:13.0185 3352 SDRSVC - ok
17:36:13.0216 3352 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:36:13.0216 3352 secdrv - ok
17:36:13.0248 3352 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
17:36:13.0248 3352 seclogon - ok
17:36:13.0279 3352 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
17:36:13.0279 3352 SENS - ok
17:36:13.0326 3352 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:36:13.0326 3352 SensrSvc - ok
17:36:13.0341 3352 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
17:36:13.0341 3352 Serenum - ok
17:36:13.0357 3352 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
17:36:13.0372 3352 Serial - ok
17:36:13.0388 3352 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:36:13.0388 3352 sermouse - ok
17:36:13.0435 3352 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
17:36:13.0435 3352 SessionEnv - ok
17:36:13.0466 3352 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:36:13.0466 3352 sffdisk - ok
17:36:13.0497 3352 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:36:13.0497 3352 sffp_mmc - ok
17:36:13.0497 3352 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:36:13.0513 3352 sffp_sd - ok
17:36:13.0513 3352 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:36:13.0513 3352 sfloppy - ok
17:36:13.0622 3352 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:36:13.0638 3352 SharedAccess - ok
17:36:13.0716 3352 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:36:13.0731 3352 ShellHWDetection - ok
17:36:13.0762 3352 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
17:36:13.0762 3352 sisagp - ok
17:36:13.0778 3352 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
17:36:13.0778 3352 SiSRaid2 - ok
17:36:13.0794 3352 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:36:13.0794 3352 SiSRaid4 - ok
17:36:13.0825 3352 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:36:13.0825 3352 Smb - ok
17:36:13.0840 3352 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:36:13.0840 3352 SNMPTRAP - ok
17:36:13.0856 3352 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
17:36:13.0856 3352 spldr - ok
17:36:13.0934 3352 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
17:36:13.0950 3352 Spooler - ok
17:36:14.0246 3352 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
17:36:14.0371 3352 sppsvc - ok
17:36:14.0402 3352 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:36:14.0418 3352 sppuinotify - ok
17:36:14.0480 3352 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:36:14.0496 3352 srv - ok
17:36:14.0527 3352 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:36:14.0542 3352 srv2 - ok
17:36:14.0558 3352 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:36:14.0574 3352 srvnet - ok
17:36:14.0652 3352 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:36:14.0667 3352 SSDPSRV - ok
17:36:14.0698 3352 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:36:14.0698 3352 SstpSvc - ok
17:36:14.0730 3352 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
17:36:14.0745 3352 stexstor - ok
17:36:14.0792 3352 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
17:36:14.0808 3352 StiSvc - ok
17:36:14.0839 3352 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:36:14.0839 3352 storflt - ok
17:36:14.0870 3352 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
17:36:14.0886 3352 StorSvc - ok
17:36:14.0917 3352 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:36:14.0917 3352 storvsc - ok
17:36:14.0948 3352 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:36:14.0948 3352 swenum - ok
17:36:14.0979 3352 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
17:36:15.0010 3352 swprv - ok
17:36:15.0135 3352 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
17:36:15.0166 3352 SysMain - ok
17:36:15.0182 3352 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:36:15.0182 3352 TabletInputService - ok
17:36:15.0213 3352 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
17:36:15.0213 3352 TapiSrv - ok
17:36:15.0244 3352 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
17:36:15.0260 3352 TBS - ok
17:36:15.0400 3352 [ 65D10B191C59C5501A1263FC33F6894B ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:36:15.0416 3352 Tcpip - ok
17:36:15.0541 3352 [ 65D10B191C59C5501A1263FC33F6894B ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:36:15.0556 3352 TCPIP6 - ok
17:36:15.0603 3352 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:36:15.0603 3352 tcpipreg - ok
17:36:15.0619 3352 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:36:15.0634 3352 TDPIPE - ok
17:36:15.0666 3352 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:36:15.0681 3352 TDTCP - ok
17:36:15.0681 3352 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:36:15.0697 3352 tdx - ok
17:36:15.0712 3352 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:36:15.0712 3352 TermDD - ok
17:36:15.0790 3352 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
17:36:15.0790 3352 TermService - ok
17:36:15.0822 3352 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
17:36:15.0822 3352 Themes - ok
17:36:15.0853 3352 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
17:36:15.0853 3352 THREADORDER - ok
17:36:15.0868 3352 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
17:36:15.0884 3352 TrkWks - ok
17:36:15.0931 3352 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:36:15.0931 3352 TrustedInstaller - ok
17:36:15.0962 3352 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:36:15.0978 3352 tssecsrv - ok
17:36:15.0993 3352 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:36:15.0993 3352 TsUsbFlt - ok
17:36:16.0024 3352 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
17:36:16.0024 3352 TsUsbGD - ok
17:36:16.0071 3352 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:36:16.0071 3352 tunnel - ok
17:36:16.0134 3352 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
17:36:16.0134 3352 TVALZ - ok
17:36:16.0149 3352 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:36:16.0149 3352 uagp35 - ok
17:36:16.0196 3352 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:36:16.0212 3352 udfs - ok
17:36:16.0258 3352 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:36:16.0258 3352 UI0Detect - ok
17:36:16.0274 3352 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:36:16.0274 3352 uliagpkx - ok
17:36:16.0305 3352 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:36:16.0305 3352 umbus - ok
17:36:16.0336 3352 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
17:36:16.0336 3352 UmPass - ok
17:36:16.0383 3352 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
17:36:16.0383 3352 UmRdpService - ok
17:36:16.0461 3352 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
17:36:16.0477 3352 upnphost - ok
17:36:16.0492 3352 [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:36:16.0492 3352 usbccgp - ok
17:36:16.0524 3352 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:36:16.0524 3352 usbcir - ok
17:36:16.0539 3352 [ CFBCE999C057D78979A181C9C60F208E ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:36:16.0539 3352 usbehci - ok
17:36:16.0586 3352 [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:36:16.0586 3352 usbhub - ok
17:36:16.0602 3352 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:36:16.0602 3352 usbohci - ok
17:36:16.0648 3352 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:36:16.0648 3352 usbprint - ok
17:36:16.0695 3352 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:36:16.0695 3352 usbscan - ok
17:36:16.0742 3352 [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:36:16.0742 3352 USBSTOR - ok
17:36:16.0758 3352 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:36:16.0758 3352 usbuhci - ok
17:36:16.0804 3352 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
17:36:16.0820 3352 UxSms - ok
17:36:16.0836 3352 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
17:36:16.0836 3352 VaultSvc - ok
17:36:16.0867 3352 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:36:16.0867 3352 vdrvroot - ok
17:36:16.0898 3352 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
17:36:16.0914 3352 vds - ok
17:36:16.0960 3352 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:36:16.0960 3352 vga - ok
17:36:16.0992 3352 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:36:16.0992 3352 VgaSave - ok
17:36:17.0007 3352 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:36:17.0007 3352 vhdmp - ok
17:36:17.0023 3352 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:36:17.0023 3352 viaagp - ok
17:36:17.0038 3352 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
17:36:17.0038 3352 ViaC7 - ok
17:36:17.0070 3352 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
17:36:17.0070 3352 viaide - ok
17:36:17.0116 3352 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:36:17.0132 3352 vmbus - ok
17:36:17.0148 3352 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:36:17.0148 3352 VMBusHID - ok
17:36:17.0163 3352 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:36:17.0163 3352 volmgr - ok
17:36:17.0210 3352 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:36:17.0226 3352 volmgrx - ok
17:36:17.0257 3352 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:36:17.0272 3352 volsnap - ok
17:36:17.0304 3352 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:36:17.0304 3352 vsmraid - ok
17:36:17.0522 3352 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
17:36:17.0553 3352 VSS - ok
17:36:17.0787 3352 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
17:36:17.0787 3352 vToolbarUpdater12.2.6 - ok
17:36:17.0834 3352 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:36:17.0850 3352 vwifibus - ok
17:36:17.0912 3352 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
17:36:17.0928 3352 W32Time - ok
17:36:17.0959 3352 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:36:17.0959 3352 WacomPen - ok
17:36:17.0990 3352 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:36:17.0990 3352 WANARP - ok
17:36:18.0006 3352 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:36:18.0006 3352 Wanarpv6 - ok
17:36:18.0240 3352 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:36:18.0302 3352 WatAdminSvc - ok
17:36:18.0489 3352 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
17:36:18.0505 3352 wbengine - ok
17:36:18.0552 3352 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:36:18.0583 3352 WbioSrvc - ok
17:36:18.0645 3352 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:36:18.0661 3352 wcncsvc - ok
17:36:18.0676 3352 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:36:18.0692 3352 WcsPlugInService - ok
17:36:18.0723 3352 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
17:36:18.0739 3352 Wd - ok
17:36:18.0770 3352 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:36:18.0770 3352 Wdf01000 - ok
17:36:18.0801 3352 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:36:18.0801 3352 WdiServiceHost - ok
17:36:18.0801 3352 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:36:18.0817 3352 WdiSystemHost - ok
17:36:18.0879 3352 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
17:36:18.0879 3352 WebClient - ok
17:36:19.0129 3352 [ 52C18A4B4AC4778B6980CF8284893FB8 ] WebOptimizer C:\Windows\system32\dmwu.exe
17:36:19.0144 3352 WebOptimizer - ok
17:36:19.0207 3352 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:36:19.0222 3352 Wecsvc - ok
17:36:19.0238 3352 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:36:19.0254 3352 wercplsupport - ok
17:36:19.0269 3352 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
17:36:19.0285 3352 WerSvc - ok
17:36:19.0332 3352 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:36:19.0332 3352 WfpLwf - ok
17:36:19.0347 3352 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:36:19.0363 3352 WIMMount - ok
17:36:19.0441 3352 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:36:19.0456 3352 WinDefend - ok
17:36:19.0472 3352 WinHttpAutoProxySvc - ok
17:36:19.0550 3352 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:36:19.0550 3352 Winmgmt - ok
17:36:19.0644 3352 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
17:36:19.0659 3352 WinRM - ok
17:36:19.0753 3352 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:36:19.0753 3352 WinUsb - ok
17:36:19.0909 3352 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:36:19.0956 3352 Wlansvc - ok
17:36:19.0987 3352 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:36:19.0987 3352 WmiAcpi - ok
17:36:20.0018 3352 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:36:20.0034 3352 wmiApSrv - ok
17:36:20.0236 3352 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:36:20.0268 3352 WMPNetworkSvc - ok
17:36:20.0299 3352 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:36:20.0299 3352 WPCSvc - ok
17:36:20.0330 3352 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:36:20.0330 3352 WPDBusEnum - ok
17:36:20.0361 3352 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:36:20.0361 3352 ws2ifsl - ok
17:36:20.0392 3352 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
17:36:20.0408 3352 wscsvc - ok
17:36:20.0408 3352 WSearch - ok
17:36:20.0720 3352 [ 3026418A50C5B4761BEFA632CEDB7406 ] wuauserv C:\Windows\system32\wuaueng.dll
17:36:20.0814 3352 wuauserv - ok
17:36:20.0845 3352 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:36:20.0860 3352 WudfPf - ok
17:36:20.0907 3352 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:36:20.0907 3352 WUDFRd - ok
17:36:20.0938 3352 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:36:20.0970 3352 wudfsvc - ok
17:36:21.0001 3352 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
17:36:21.0016 3352 WwanSvc - ok
17:36:21.0079 3352 [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
17:36:21.0094 3352 yukonw7 - ok
17:36:21.0126 3352 ================ Scan global ===============================
17:36:21.0157 3352 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
17:36:21.0204 3352 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
17:36:21.0219 3352 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
17:36:21.0250 3352 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:36:21.0297 3352 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:36:21.0297 3352 [Global] - ok
17:36:21.0297 3352 ================ Scan MBR ==================================
17:36:21.0313 3352 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:36:21.0984 3352 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:36:21.0984 3352 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:36:21.0984 3352 ================ Scan VBR ==================================
17:36:22.0015 3352 [ 53EADA159581C9192422A920238982FF ] \Device\Harddisk0\DR0\Partition1
17:36:22.0015 3352 \Device\Harddisk0\DR0\Partition1 - ok
17:36:22.0046 3352 [ 530BD481FF6BF03602625D564176437D ] \Device\Harddisk0\DR0\Partition2
17:36:22.0046 3352 \Device\Harddisk0\DR0\Partition2 - ok
17:36:22.0046 3352 ============================================================
17:36:22.0046 3352 Scan finished
17:36:22.0046 3352 ============================================================
17:36:22.0077 2084 Detected object count: 1
17:36:22.0077 2084 Actual detected object count: 1
17:37:04.0774 2084 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:37:04.0774 2084 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:37:21.0139 0656 Deinitialize success

Edited by jackbetal, 06 October 2012 - 11:47 AM.


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:54 AM

Posted 06 October 2012 - 12:45 PM

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 jackbetal

jackbetal
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 06 October 2012 - 01:31 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-06 18:59:31
-----------------------------
18:59:31.899 OS Version: Windows 6.1.7601 Service Pack 1
18:59:31.899 Number of processors: 2 586 0xF0D
18:59:31.899 ComputerName: CLAIRE-PC UserName: Claire
18:59:33.116 Initialize success
19:00:38.817 AVAST engine defs: 12100600
19:02:35.255 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
19:02:35.271 Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC7DP Size: 114473MB BusType: 11
19:02:35.287 Disk 0 MBR read successfully
19:02:35.287 Disk 0 MBR scan
19:02:35.302 Disk 0 Windows 7 default MBR code
19:02:35.318 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:02:35.349 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
19:02:35.365 Disk 0 scanning sectors +234438656
19:02:35.443 Disk 0 scanning C:\Windows\system32\drivers
19:02:46.019 Service scanning
19:03:20.661 Modules scanning
19:03:30.842 Disk 0 trace - called modules:
19:03:30.880 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
19:03:30.898 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8568d030]
19:03:30.913 3 CLASSPNP.SYS[88ba059e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x851e3030]
19:03:31.629 AVAST engine scan C:\Windows
19:03:35.357 AVAST engine scan C:\Windows\system32
19:07:21.956 AVAST engine scan C:\Windows\system32\drivers
19:07:38.429 AVAST engine scan C:\Users\Claire
19:12:30.010 AVAST engine scan C:\ProgramData
19:13:15.874 Scan finished successfully
19:27:49.850 Disk 0 MBR has been saved successfully to "C:\Users\Claire\Desktop\New folder\MBR.dat"
19:27:49.865 The log file has been saved successfully to "C:\Users\Claire\Desktop\New folder\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   560bytes   1 downloads





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users