Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I have a keylogger/RAT


  • This topic is locked This topic is locked
10 replies to this topic

#1 jp09

jp09

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 16 October 2012 - 04:18 PM

Recently my email and website passwords have been changing all of the sudden, not by me ofcourse. Just yesterday, I was watching a youtube video and my mouse started moving around in circles and it WAS NOT ME.

I am 100% certain that I have a RAT or something that gives control of my computer.

Please help me find what it is and remove it. Thanks


Here is my DDS log


DDS (Ver_2012-10-14.05) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by James at 16:46:06 on 2012-10-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3063.180 [GMT -4:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgfws.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\ThermalController.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\James\AppData\Local\Akamai\netsession_win.exe
C:\Users\James\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Alienware\Command Center\RemotingServiceController.exe
C:\Program Files\Alienware\Command Center\DoorController.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Windows\system32\conhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2AdvTool.exe
C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe
C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Java\jre7\bin\javaw.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
uURLSearchHooks: FCToolbarURLSearchHook Class: {8b85c843-7f6f-32b4-e50d-ac334058fe0c} - C:\Program Files (x86)\SocialRibbons\Helper.dll
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: {a8864317-e18b-4292-99d9-e6e65ab905d3} - <orphaned>
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: SocialRibbons: {4BE60886-F6AA-4714-8109-EA6D8247DD57} - C:\Program Files (x86)\SocialRibbons\Toolbar.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mRun: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] "C:\Windows\UpdReg.EXE"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
StartupFolder: C:\Users\James\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\James\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: UseOEMBackground = dword:1
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{1ADB8665-88BC-4DE8-9D66-D606609FCE9E} : DHCPNameServer = 10.177.0.34 10.184.83.140
TCP: Interfaces\{22EB4794-63A2-442D-A5C0-460E702475A3} : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{23B97642-4E69-4F6F-A603-B28CD945A28F} : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{9ACB6085-2D90-414C-B208-25C6E4626944} : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{CDB58336-2D6D-4E6D-B30B-C26490FDDB02} : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{CDB58336-2D6D-4E6D-B30B-C26490FDDB02}\2484E413933303 : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{CDB58336-2D6D-4E6D-B30B-C26490FDDB02}\C696E6B6379737 : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{DE81A4CB-E56B-4387-9642-0EC6B0562539} : DHCPNameServer = 65.32.5.111 65.32.5.112
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"
x64-Run: [Thermal Controller] "C:\Program Files\Alienware\Command Center\ThermalController.exe" /auto
x64-Run: [RunDLLEntry_THXCfg] "C:\Windows\System32\RunDLL32.exe" C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry_EptMon] "C:\Windows\System32\RunDLL32.exe" C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\sqarf29a.default\
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\npjpi170_05.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\James\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\James\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - Ext: QuickStores-Toolbar: quickstores@quickstores.de - C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Window Shopper - Powered by Superfish: superfish@superfish.com - C:\ProgramDataMozilla\Extensions\superfish@superfish.com
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - C:\Program Files (x86)\AVG\AVG10\Firefox4
FF - Ext: AVG Security Toolbar em:version=7.005.030.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.enabled - 1
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2011-3-16 37456]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-7-12 57696]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2011-1-7 304720]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-3-1 41552]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2011-4-5 377936]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2008-10-1 26624]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2010-12-8 27136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-12-8 7451648]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-12-8 268288]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-10-17 93712]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2011-5-27 118864]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2011-2-10 29264]
R3 AWOPFilterDriver;AWOPFilterDriver;C:\Windows\System32\drivers\AWOPFilterDriver.sys [2010-12-8 19464]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2011-12-22 41280]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-8 239616]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;C:\Windows\System32\drivers\WN111v2w7x.sys [2010-4-27 783360]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-4-1 341856]
S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2009-10-7 4184672]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50a64.sys [2011-12-22 43328]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2010-12-8 43008]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2010-12-8 24064]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2011-8-19 30720]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2010-12-8 43008]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
.
=============== Created Last 30 ================
.
2012-10-13 21:59:50 -------- d-----w- C:\Users\James\.zionscape
2012-10-13 21:58:39 -------- d-----w- C:\Users\James\.eximinus
2012-10-10 23:13:34 -------- d-----w- C:\Users\James\AppData\Local\{56770F6E-4851-45C6-AC93-AACCCB38D0EE}
2012-10-09 22:16:14 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-09 22:16:14 1462784 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-09 22:16:14 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-09 22:16:14 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-09 22:16:14 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-09 22:16:13 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-09 22:16:05 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-09 17:38:07 10220472 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-10-05 23:37:49 -------- d-----w- C:\Users\James\AppData\Local\{A560EBB4-4A97-4DDE-AD49-A86B19E65AB6}
2012-09-30 01:32:39 -------- d-----w- C:\Users\James\AppData\Local\Desura
2012-09-30 01:31:32 -------- d-----w- C:\Program Files (x86)\Common Files\Desura
2012-09-30 01:29:40 -------- d-----w- C:\ProgramData\Desura
2012-09-30 01:29:25 -------- d-----w- C:\Program Files (x86)\Desura
2012-09-30 01:11:37 -------- d-----w- C:\Users\James\AppData\Local\{7DE99D96-926E-471D-9128-AF9A3566153E}
2012-09-29 17:09:05 -------- d-----w- C:\Users\James\AppData\Local\{9E63DB7B-C5CD-4394-9A06-ABE443EDBED2}
2012-09-21 01:18:59 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-21 01:18:59 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-21 01:08:51 -------- d-----w- C:\Users\James\AppData\Local\{34511F64-FAD0-4FAC-94E3-F0BFAC06714F}
.
==================== Find3M ====================
.
2012-10-09 17:38:11 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 17:38:11 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-30 18:11:29 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:18:33 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18:33 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:28 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 17:10:47 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-18 15:43:05 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-18 15:43:05 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-18 15:43:05 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-18 15:42:31 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-18 15:40:26 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-18 15:37:49 425984 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-18 15:34:13 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-18 11:22:55 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-18 11:19:45 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-18 11:19:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-18 11:17:56 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-18 11:17:56 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-18 09:12:09 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-18 09:12:09 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-18 09:07:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 09:07:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 09:07:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 09:07:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:53:01 714752 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:54:04 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
.
============= FINISH: 16:47:19.57 ===============

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,790 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:54 PM

Posted 18 October 2012 - 09:09 AM

Greetings jp09 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. If you would allow me to call you by your first name I would prefer to do that. :thumbup2:


===================================================


Ground Rules:

  • First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided. I will post back as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,790 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:54 PM

Posted 18 October 2012 - 09:31 AM

Hi jp09,

Thank you for your patience. I have some things I would like you to do but I must first advise you of the following.


===================================================


BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please let me know if you have already noticed evedences of financial institution irregularities.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


===================================================


P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.


===================================================


Run TDSSKiller by Kaspersky on Vista/7

--------------------

  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.


    Posted Image

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.


    Posted Image

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!


    Posted Image

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis. Please submit these results with your next reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    Posted Image
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    Posted Image
  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


adwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Search
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • AdwCleaner log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 jp09

jp09
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 18 October 2012 - 05:30 PM

adwcleaner log:

# AdwCleaner v2.005 - Logfile created 10/18/2012 at 18:26:29
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : James - JAMES-PC
# Boot Mode : Normal
# Running from : C:\Users\James\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : vToolbarUpdater11.2.0

***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\.autoreg
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
File Found : C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
File Found : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\sqarf29a.default\searchplugins\Askcom.xml
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\ConduitEngine
Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
Folder Found : C:\Program Files (x86)\uTorrentControl2
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\Users\James\AppData\Local\AVG Secure Search
Folder Found : C:\Users\James\AppData\Local\Conduit
Folder Found : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Found : C:\Users\James\AppData\Local\OpenCandy
Folder Found : C:\Users\James\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\James\AppData\LocalLow\Conduit
Folder Found : C:\Users\James\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\James\AppData\LocalLow\Mp3Tube Toolbar
Folder Found : C:\Users\James\AppData\LocalLow\PriceGong
Folder Found : C:\Users\James\AppData\LocalLow\uTorrentControl2
Folder Found : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\sqarf29a.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
Folder Found : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\sqarf29a.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
Folder Found : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\sqarf29a.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
Folder Found : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\sqarf29a.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Found : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\sqarf29a.default\extensions\engine@conduit.com
Folder Found : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\sqarf29a.default\extensions\plugin@yontoo.com
Folder Found : C:\Users\James\AppData\Roaming\OpenCandy
Folder Found : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\Mp3Tube
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Zugo
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000100293.FCTB000100293Pos
Key Found : HKLM\SOFTWARE\Classes\FCTB000100293.FCTB000100293Pos.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000100293.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\FCTB000100293.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000100293.JSOptionsImpl
Key Found : HKLM\SOFTWARE\Classes\FCTB000100293.JSOptionsImpl.1
Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2680363
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\FCTB000100293
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\uTorrentControl2
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1737A0A9-B309-4494-BF56-07EDCE8527C2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53CA02EB-2B4A-440D-996A-82BB5C22779C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKU\S-1-5-21-102017714-3801567779-3421019330-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-102017714-3801567779-3421019330-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.27 (en-US)

Profile name : default
File : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\sqarf29a.default\prefs.js

Found : user_pref("browser.search..selectedEngineURL", "hxxp://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&cl[...]
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("keyword.URL", "hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=");
Found : user_pref("quickstores.toolbar.affid", "2017");
Found : user_pref("quickstores.toolbar.guid", "{2CAC8C91-D1D8-BC45-6163-BB849C71D96B}");

-\\ Google Chrome v22.0.1229.94

File : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.54] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Found [l.57] : keyword = "isearch.avg.com",
Found [l.60] : search_url = "hxxp://isearch.avg.com/search?cid={1155BC12-2638-4621-A582-ADAE797A1B3D}&mid=2c4e6d684f8047d69b1ad15b5197f850-f56c060d1481754fc97fff3a04dbb6d6830f2df4&lang=us&ds=AVG&pr=pa&d=2011-12-10 08:22:46&v=11.1.0.12&sap=dsp&q={searchTerms}",

*************************

AdwCleaner[R1].txt - [13286 octets] - [18/10/2012 18:25:59]
AdwCleaner[R2].txt - [13236 octets] - [18/10/2012 18:26:29]

########## EOF - C:\AdwCleaner[R2].txt - [13297 octets] ##########





aswMBR log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-18 16:33:04
-----------------------------
16:33:04.462 OS Version: Windows x64 6.1.7600
16:33:04.462 Number of processors: 4 586 0x2505
16:33:04.463 ComputerName: JAMES-PC UserName: James
16:33:05.906 Initialize success
16:35:24.353 AVAST engine defs: 12101801
16:35:45.226 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:35:45.229 Disk 0 Vendor: SAMSUNG_ 1AJ1 Size: 953869MB BusType: 3
16:35:45.240 Disk 0 MBR read successfully
16:35:45.242 Disk 0 MBR scan
16:35:45.245 Disk 0 Windows 7 default MBR code
16:35:45.247 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
16:35:45.259 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 9118 MB offset 208896
16:35:45.269 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 944648 MB offset 18882560
16:35:45.293 Disk 0 scanning C:\Windows\system32\drivers
16:35:59.207 Service scanning
16:36:23.042 Modules scanning
16:36:23.048 Disk 0 trace - called modules:
16:36:23.069 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:36:23.074 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003304060]
16:36:23.077 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003264050]
16:36:23.907 AVAST engine scan C:\Windows
16:36:26.293 AVAST engine scan C:\Windows\system32
16:40:30.513 AVAST engine scan C:\Windows\system32\drivers
16:40:41.293 AVAST engine scan C:\Users\James
17:06:12.344 File: C:\Users\James\Downloads\anyname1\anyname.exe **INFECTED** Win32:Malware-gen
17:19:19.381 AVAST engine scan C:\ProgramData
17:20:55.491 Scan finished successfully
18:24:59.519 Disk 0 MBR has been saved successfully to "C:\Users\James\Desktop\MBR.dat"
18:24:59.523 The log file has been saved successfully to "C:\Users\James\Desktop\aswMBR.txt"



tdskiller log:

18:28:01.0510 3700 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
18:28:01.0893 3700 ============================================================
18:28:01.0893 3700 Current date / time: 2012/10/18 18:28:01.0893
18:28:01.0893 3700 SystemInfo:
18:28:01.0893 3700
18:28:01.0893 3700 OS Version: 6.1.7600 ServicePack: 0.0
18:28:01.0893 3700 Product type: Workstation
18:28:01.0893 3700 ComputerName: JAMES-PC
18:28:01.0893 3700 UserName: James
18:28:01.0893 3700 Windows directory: C:\Windows
18:28:01.0893 3700 System windows directory: C:\Windows
18:28:01.0893 3700 Running under WOW64
18:28:01.0893 3700 Processor architecture: Intel x64
18:28:01.0893 3700 Number of processors: 4
18:28:01.0893 3700 Page size: 0x1000
18:28:01.0893 3700 Boot type: Normal boot
18:28:01.0893 3700 ============================================================
18:28:02.0358 3700 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:28:02.0362 3700 ============================================================
18:28:02.0362 3700 \Device\Harddisk0\DR0:
18:28:02.0362 3700 MBR partitions:
18:28:02.0362 3700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0x11CF000
18:28:02.0362 3700 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1202000, BlocksNum 0x73504000
18:28:02.0362 3700 ============================================================
18:28:02.0425 3700 C: <-> \Device\Harddisk0\DR0\Partition2
18:28:02.0425 3700 ============================================================
18:28:02.0425 3700 Initialize success
18:28:02.0425 3700 ============================================================
18:28:09.0409 8304 ============================================================
18:28:09.0409 8304 Scan started
18:28:09.0409 8304 Mode: Manual;
18:28:09.0409 8304 ============================================================
18:28:09.0545 8304 ================ Scan system memory ========================
18:28:09.0545 8304 System memory - ok
18:28:09.0545 8304 ================ Scan services =============================
18:28:09.0710 8304 [ 969C91060CBB5D17CB8440B5F78B4C51 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
18:28:09.0721 8304 1394ohci - ok
18:28:09.0778 8304 A74.sys - ok
18:28:09.0809 8304 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
18:28:09.0814 8304 ACPI - ok
18:28:09.0832 8304 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
18:28:09.0834 8304 AcpiPmi - ok
18:28:09.0972 8304 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:28:09.0973 8304 AdobeARMservice - ok
18:28:10.0083 8304 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:28:10.0086 8304 AdobeFlashPlayerUpdateSvc - ok
18:28:10.0099 8304 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:28:10.0106 8304 adp94xx - ok
18:28:10.0112 8304 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:28:10.0117 8304 adpahci - ok
18:28:10.0137 8304 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:28:10.0141 8304 adpu320 - ok
18:28:10.0165 8304 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:28:10.0166 8304 AeLookupSvc - ok
18:28:10.0208 8304 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
18:28:10.0214 8304 AFD - ok
18:28:10.0230 8304 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
18:28:10.0233 8304 agp440 - ok
18:28:10.0363 8304 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll
18:28:10.0363 8304 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
18:28:10.0368 8304 Akamai ( HiddenFile.Multi.Generic ) - warning
18:28:10.0368 8304 Akamai - detected HiddenFile.Multi.Generic (1)
18:28:10.0381 8304 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:28:10.0384 8304 ALG - ok
18:28:10.0432 8304 [ CE91B46DA6D4199655FDF330373920D7 ] AlienFusionService C:\Program Files\Alienware\Command Center\AlienFusionService.exe
18:28:10.0432 8304 AlienFusionService - ok
18:28:10.0477 8304 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
18:28:10.0479 8304 aliide - ok
18:28:10.0509 8304 [ EE048EF96EE7F7FDF1DCE45C9EBBF19A ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:28:10.0512 8304 AMD External Events Utility - ok
18:28:10.0542 8304 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
18:28:10.0544 8304 amdide - ok
18:28:10.0574 8304 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:28:10.0577 8304 AmdK8 - ok
18:28:10.0762 8304 [ 8D8D3E85EFD9DD9718F879A49F9180A4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:28:10.0830 8304 amdkmdag - ok
18:28:10.0851 8304 [ B5EC8AEF50FE15B294EBC6AA3BDA1BE6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:28:10.0855 8304 amdkmdap - ok
18:28:10.0872 8304 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:28:10.0874 8304 AmdPPM - ok
18:28:10.0901 8304 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:28:10.0903 8304 amdsata - ok
18:28:10.0941 8304 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:28:10.0945 8304 amdsbs - ok
18:28:10.0964 8304 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:28:10.0966 8304 amdxata - ok
18:28:10.0990 8304 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
18:28:10.0992 8304 AppID - ok
18:28:11.0029 8304 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:28:11.0030 8304 AppIDSvc - ok
18:28:11.0061 8304 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
18:28:11.0062 8304 Appinfo - ok
18:28:11.0135 8304 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:28:11.0136 8304 Apple Mobile Device - ok
18:28:11.0163 8304 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:28:11.0165 8304 arc - ok
18:28:11.0184 8304 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:28:11.0188 8304 arcsas - ok
18:28:11.0307 8304 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:28:11.0315 8304 aspnet_state - ok
18:28:11.0339 8304 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:28:11.0341 8304 AsyncMac - ok
18:28:11.0386 8304 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
18:28:11.0388 8304 atapi - ok
18:28:11.0411 8304 [ 230CF51113CD4B830B3BFD09B0D4C066 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
18:28:11.0414 8304 AtiHDAudioService - ok
18:28:11.0445 8304 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:28:11.0453 8304 AudioEndpointBuilder - ok
18:28:11.0461 8304 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:28:11.0464 8304 AudioSrv - ok
18:28:11.0567 8304 [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
18:28:11.0570 8304 AVG Security Toolbar Service - ok
18:28:11.0662 8304 [ 705417FD6C165CCF926ACA943B478D68 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys
18:28:11.0664 8304 Avgfwfd - ok
18:28:11.0742 8304 [ 2F0C5AE2352F22B587EDC2829C971262 ] avgfws C:\Program Files (x86)\AVG\AVG10\avgfws.exe
18:28:11.0767 8304 avgfws - ok
18:28:11.0908 8304 [ 7A0F6A3E0E41425B9BA54616B482668A ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
18:28:11.0973 8304 AVGIDSAgent - ok
18:28:11.0998 8304 [ E6671E90D38C88764412E07C9D9B3D63 ] AVGIDSDriver C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
18:28:12.0010 8304 AVGIDSDriver - ok
18:28:12.0036 8304 [ 1553B388E0F0462C25AD8F30C3C29E83 ] AVGIDSEH C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
18:28:12.0038 8304 AVGIDSEH - ok
18:28:12.0063 8304 [ DCA426A66739E75F51A72160DFB945AD ] AVGIDSFilter C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
18:28:12.0065 8304 AVGIDSFilter - ok
18:28:12.0131 8304 [ FF7383388A7D2283DAE5831ABC2B0720 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
18:28:12.0135 8304 Avgldx64 - ok
18:28:12.0198 8304 [ 997D002827D3E3DCBBB25BF46DB161AB ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
18:28:12.0201 8304 Avgmfx64 - ok
18:28:12.0265 8304 [ BCCFE3374C887075CDE2AC8FDB1CB2F8 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
18:28:12.0267 8304 Avgrkx64 - ok
18:28:12.0313 8304 [ 0D49ADCEBE243B79366EA523B647519A ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
18:28:12.0318 8304 Avgtdia - ok
18:28:12.0342 8304 [ FC2BC51120A945F7C70376495E4E7737 ] avgwd C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
18:28:12.0345 8304 avgwd - ok
18:28:12.0382 8304 [ 5B64B0D162AABDE795B3F7A7234F2FE1 ] AWOPFilterDriver C:\Windows\system32\drivers\AWOPFilterDriver.sys
18:28:12.0384 8304 AWOPFilterDriver - ok
18:28:12.0439 8304 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:28:12.0442 8304 AxInstSV - ok
18:28:12.0502 8304 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:28:12.0508 8304 b06bdrv - ok
18:28:12.0542 8304 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:28:12.0546 8304 b57nd60a - ok
18:28:12.0598 8304 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:28:12.0601 8304 BDESVC - ok
18:28:12.0625 8304 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:28:12.0627 8304 Beep - ok
18:28:12.0721 8304 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
18:28:12.0728 8304 BFE - ok
18:28:12.0776 8304 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
18:28:12.0785 8304 BITS - ok
18:28:12.0825 8304 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:28:12.0828 8304 blbdrive - ok
18:28:12.0889 8304 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:28:12.0894 8304 Bonjour Service - ok
18:28:12.0922 8304 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:28:12.0924 8304 bowser - ok
18:28:12.0943 8304 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:28:12.0944 8304 BrFiltLo - ok
18:28:12.0975 8304 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:28:12.0977 8304 BrFiltUp - ok
18:28:13.0013 8304 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
18:28:13.0015 8304 Browser - ok
18:28:13.0044 8304 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:28:13.0048 8304 Brserid - ok
18:28:13.0070 8304 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:28:13.0071 8304 BrSerWdm - ok
18:28:13.0088 8304 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:28:13.0090 8304 BrUsbMdm - ok
18:28:13.0093 8304 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:28:13.0095 8304 BrUsbSer - ok
18:28:13.0118 8304 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:28:13.0121 8304 BTHMODEM - ok
18:28:13.0154 8304 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:28:13.0157 8304 bthserv - ok
18:28:13.0189 8304 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:28:13.0192 8304 cdfs - ok
18:28:13.0214 8304 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:28:13.0217 8304 cdrom - ok
18:28:13.0266 8304 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
18:28:13.0267 8304 CertPropSvc - ok
18:28:13.0372 8304 [ 213B6EC3DE19E35373A1906397588429 ] CGVPNCliSrvc C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
18:28:13.0395 8304 CGVPNCliSrvc - ok
18:28:13.0415 8304 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:28:13.0417 8304 circlass - ok
18:28:13.0447 8304 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:28:13.0452 8304 CLFS - ok
18:28:13.0497 8304 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:28:13.0511 8304 clr_optimization_v2.0.50727_32 - ok
18:28:13.0558 8304 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:28:13.0560 8304 clr_optimization_v2.0.50727_64 - ok
18:28:13.0642 8304 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:28:13.0645 8304 clr_optimization_v4.0.30319_32 - ok
18:28:13.0667 8304 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:28:13.0670 8304 clr_optimization_v4.0.30319_64 - ok
18:28:13.0695 8304 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:28:13.0698 8304 CmBatt - ok
18:28:13.0724 8304 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
18:28:13.0726 8304 cmdide - ok
18:28:13.0767 8304 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
18:28:13.0773 8304 CNG - ok
18:28:13.0805 8304 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:28:13.0807 8304 Compbatt - ok
18:28:13.0836 8304 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:28:13.0838 8304 CompositeBus - ok
18:28:13.0852 8304 COMSysApp - ok
18:28:13.0880 8304 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:28:13.0882 8304 crcdisk - ok
18:28:13.0917 8304 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:28:13.0920 8304 CryptSvc - ok
18:28:13.0957 8304 DAC3EF.sys - ok
18:28:13.0998 8304 [ 76E02DB615A03801D698199A2BC4A06A ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
18:28:14.0000 8304 dc3d - ok
18:28:14.0030 8304 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:28:14.0036 8304 DcomLaunch - ok
18:28:14.0064 8304 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:28:14.0067 8304 defragsvc - ok
18:28:14.0123 8304 [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe
18:28:14.0126 8304 Desura Install Service - ok
18:28:14.0159 8304 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:28:14.0179 8304 DfsC - ok
18:28:14.0208 8304 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
18:28:14.0211 8304 Dhcp - ok
18:28:14.0238 8304 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:28:14.0240 8304 discache - ok
18:28:14.0283 8304 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:28:14.0294 8304 Disk - ok
18:28:14.0306 8304 DNIMp50a64 - ok
18:28:14.0351 8304 DNISp50a64 - ok
18:28:14.0403 8304 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:28:14.0405 8304 Dnscache - ok
18:28:14.0434 8304 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
18:28:14.0438 8304 dot3svc - ok
18:28:14.0450 8304 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
18:28:14.0453 8304 DPS - ok
18:28:14.0483 8304 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:28:14.0485 8304 drmkaud - ok
18:28:14.0493 8304 dump_wmimmc - ok
18:28:14.0537 8304 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:28:14.0546 8304 DXGKrnl - ok
18:28:14.0576 8304 EagleX64 - ok
18:28:14.0580 8304 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:28:14.0582 8304 EapHost - ok
18:28:14.0627 8304 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:28:14.0658 8304 ebdrv - ok
18:28:14.0694 8304 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
18:28:14.0695 8304 EFS - ok
18:28:14.0770 8304 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:28:14.0788 8304 ehRecvr - ok
18:28:14.0812 8304 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:28:14.0815 8304 ehSched - ok
18:28:14.0839 8304 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:28:14.0845 8304 elxstor - ok
18:28:14.0870 8304 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
18:28:14.0872 8304 ErrDev - ok
18:28:14.0921 8304 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:28:14.0925 8304 EventSystem - ok
18:28:14.0941 8304 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:28:14.0944 8304 exfat - ok
18:28:14.0968 8304 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:28:14.0971 8304 fastfat - ok
18:28:15.0011 8304 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
18:28:15.0018 8304 Fax - ok
18:28:15.0039 8304 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:28:15.0042 8304 fdc - ok
18:28:15.0075 8304 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:28:15.0077 8304 fdPHost - ok
18:28:15.0102 8304 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:28:15.0104 8304 FDResPub - ok
18:28:15.0133 8304 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:28:15.0135 8304 FileInfo - ok
18:28:15.0162 8304 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:28:15.0164 8304 Filetrace - ok
18:28:15.0218 8304 [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:28:15.0228 8304 FLEXnet Licensing Service - ok
18:28:15.0305 8304 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
18:28:15.0327 8304 FLEXnet Licensing Service 64 - ok
18:28:15.0340 8304 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:28:15.0342 8304 flpydisk - ok
18:28:15.0358 8304 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:28:15.0362 8304 FltMgr - ok
18:28:15.0401 8304 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
18:28:15.0411 8304 FontCache - ok
18:28:15.0452 8304 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:28:15.0453 8304 FontCache3.0.0.0 - ok
18:28:15.0477 8304 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:28:15.0479 8304 FsDepends - ok
18:28:15.0510 8304 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:28:15.0512 8304 Fs_Rec - ok
18:28:15.0545 8304 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:28:15.0548 8304 fvevol - ok
18:28:15.0572 8304 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:28:15.0575 8304 gagp30kx - ok
18:28:15.0608 8304 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:28:15.0610 8304 GEARAspiWDM - ok
18:28:15.0631 8304 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
18:28:15.0638 8304 gpsvc - ok
18:28:15.0678 8304 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
18:28:15.0680 8304 hamachi - ok
18:28:15.0689 8304 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:28:15.0691 8304 hcw85cir - ok
18:28:15.0718 8304 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:28:15.0720 8304 HDAudBus - ok
18:28:15.0732 8304 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:28:15.0734 8304 HidBatt - ok
18:28:15.0748 8304 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:28:15.0751 8304 HidBth - ok
18:28:15.0765 8304 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:28:15.0768 8304 HidIr - ok
18:28:15.0783 8304 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:28:15.0785 8304 hidserv - ok
18:28:15.0819 8304 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:28:15.0822 8304 HidUsb - ok
18:28:15.0851 8304 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:28:15.0853 8304 hkmsvc - ok
18:28:15.0860 8304 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:28:15.0865 8304 HomeGroupListener - ok
18:28:15.0898 8304 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:28:15.0902 8304 HomeGroupProvider - ok
18:28:15.0917 8304 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
18:28:15.0920 8304 HpSAMD - ok
18:28:15.0949 8304 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:28:15.0957 8304 HTTP - ok
18:28:15.0985 8304 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:28:15.0986 8304 hwpolicy - ok
18:28:16.0003 8304 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:28:16.0005 8304 i8042prt - ok
18:28:16.0055 8304 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:28:16.0058 8304 iaStor - ok
18:28:16.0146 8304 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
18:28:16.0147 8304 IAStorDataMgrSvc - ok
18:28:16.0178 8304 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:28:16.0184 8304 iaStorV - ok
18:28:16.0255 8304 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:28:16.0258 8304 IDriverT - ok
18:28:16.0300 8304 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:28:16.0309 8304 idsvc - ok
18:28:16.0332 8304 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:28:16.0334 8304 iirsp - ok
18:28:16.0388 8304 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
18:28:16.0396 8304 IKEEXT - ok
18:28:16.0471 8304 [ 697C927E0DE2ABAF1A5F455033F687CD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:28:16.0492 8304 IntcAzAudAddService - ok
18:28:16.0514 8304 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
18:28:16.0516 8304 intelide - ok
18:28:16.0546 8304 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:28:16.0549 8304 intelppm - ok
18:28:16.0561 8304 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:28:16.0563 8304 IPBusEnum - ok
18:28:16.0584 8304 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:28:16.0586 8304 IpFilterDriver - ok
18:28:16.0602 8304 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:28:16.0608 8304 iphlpsvc - ok
18:28:16.0617 8304 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:28:16.0620 8304 IPMIDRV - ok
18:28:16.0629 8304 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:28:16.0632 8304 IPNAT - ok
18:28:16.0722 8304 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:28:16.0731 8304 iPod Service - ok
18:28:16.0751 8304 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:28:16.0753 8304 IRENUM - ok
18:28:16.0768 8304 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
18:28:16.0770 8304 isapnp - ok
18:28:16.0795 8304 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:28:16.0799 8304 iScsiPrt - ok
18:28:16.0810 8304 [ A577F5DB30F70ECA9708C07C2EACBD9D ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
18:28:16.0813 8304 JRAID - ok
18:28:16.0883 8304 [ 78D233D835A8876035AC559AFE02B940 ] jswpsapi C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe
18:28:16.0891 8304 jswpsapi - ok
18:28:16.0916 8304 [ 5BE640E88814B77A9E84B4549B5DCC2C ] JSWPSLWF C:\Windows\system32\DRIVERS\jswpslwfx.sys
18:28:16.0919 8304 JSWPSLWF - ok
18:28:16.0934 8304 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:28:16.0937 8304 kbdclass - ok
18:28:16.0974 8304 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:28:16.0976 8304 kbdhid - ok
18:28:16.0995 8304 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
18:28:16.0996 8304 KeyIso - ok
18:28:17.0038 8304 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:28:17.0040 8304 KSecDD - ok
18:28:17.0077 8304 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:28:17.0080 8304 KSecPkg - ok
18:28:17.0090 8304 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:28:17.0091 8304 ksthunk - ok
18:28:17.0120 8304 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:28:17.0124 8304 KtmRm - ok
18:28:17.0180 8304 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:28:17.0183 8304 LanmanServer - ok
18:28:17.0211 8304 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:28:17.0214 8304 LanmanWorkstation - ok
18:28:17.0241 8304 [ 1B669AF5811AE2F69024F34203BAD2A2 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:28:17.0243 8304 LHidFilt - ok
18:28:17.0279 8304 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:28:17.0281 8304 lltdio - ok
18:28:17.0313 8304 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:28:17.0317 8304 lltdsvc - ok
18:28:17.0321 8304 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:28:17.0322 8304 lmhosts - ok
18:28:17.0348 8304 [ 79F3696E25B289A6B2B7EA931C7BEC00 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:28:17.0351 8304 LMouFilt - ok
18:28:17.0379 8304 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:28:17.0382 8304 LSI_FC - ok
18:28:17.0389 8304 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:28:17.0392 8304 LSI_SAS - ok
18:28:17.0405 8304 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:28:17.0407 8304 LSI_SAS2 - ok
18:28:17.0423 8304 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:28:17.0426 8304 LSI_SCSI - ok
18:28:17.0441 8304 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:28:17.0444 8304 luafv - ok
18:28:17.0496 8304 [ EF586B959F747E74C76603FF16AE417B ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
18:28:17.0511 8304 LVRS64 - ok
18:28:17.0599 8304 [ EDF73BFA1BD24D74D1D64DC0ED28A7CD ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
18:28:17.0646 8304 LVUVC64 - ok
18:28:17.0669 8304 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:28:17.0672 8304 Mcx2Svc - ok
18:28:17.0683 8304 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:28:17.0685 8304 megasas - ok
18:28:17.0702 8304 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:28:17.0706 8304 MegaSR - ok
18:28:17.0860 8304 [ 0AF89452A8CE3928168F4E5B2208C68B ] mi-raysat_3dsmax2012_64 C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
18:28:17.0861 8304 mi-raysat_3dsmax2012_64 - ok
18:28:17.0888 8304 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:28:17.0890 8304 MMCSS - ok
18:28:17.0909 8304 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:28:17.0912 8304 Modem - ok
18:28:17.0950 8304 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:28:17.0956 8304 monitor - ok
18:28:17.0972 8304 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:28:17.0974 8304 mouclass - ok
18:28:17.0997 8304 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:28:17.0999 8304 mouhid - ok
18:28:18.0021 8304 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:28:18.0023 8304 mountmgr - ok
18:28:18.0054 8304 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
18:28:18.0057 8304 mpio - ok
18:28:18.0067 8304 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:28:18.0069 8304 mpsdrv - ok
18:28:18.0091 8304 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:28:18.0099 8304 MpsSvc - ok
18:28:18.0116 8304 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:28:18.0119 8304 MRxDAV - ok
18:28:18.0143 8304 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:28:18.0146 8304 mrxsmb - ok
18:28:18.0178 8304 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:28:18.0181 8304 mrxsmb10 - ok
18:28:18.0191 8304 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:28:18.0194 8304 mrxsmb20 - ok
18:28:18.0214 8304 [ BCCF16D5FB1109162380E3E28DC9E4E5 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
18:28:18.0216 8304 msahci - ok
18:28:18.0241 8304 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
18:28:18.0245 8304 msdsm - ok
18:28:18.0260 8304 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:28:18.0263 8304 MSDTC - ok
18:28:18.0273 8304 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:28:18.0275 8304 Msfs - ok
18:28:18.0298 8304 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:28:18.0300 8304 mshidkmdf - ok
18:28:18.0303 8304 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
18:28:18.0305 8304 msisadrv - ok
18:28:18.0329 8304 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:28:18.0333 8304 MSiSCSI - ok
18:28:18.0336 8304 msiserver - ok
18:28:18.0352 8304 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:28:18.0354 8304 MSKSSRV - ok
18:28:18.0369 8304 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:28:18.0371 8304 MSPCLOCK - ok
18:28:18.0384 8304 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:28:18.0385 8304 MSPQM - ok
18:28:18.0402 8304 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:28:18.0407 8304 MsRPC - ok
18:28:18.0417 8304 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:28:18.0419 8304 mssmbios - ok
18:28:18.0494 8304 MSSQL$SQLEXPRESS - ok
18:28:18.0559 8304 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
18:28:18.0561 8304 MSSQLServerADHelper100 - ok
18:28:18.0570 8304 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:28:18.0572 8304 MSTEE - ok
18:28:18.0677 8304 [ CB4A082AF58D1A0969F931816D5CFB05 ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
18:28:18.0760 8304 msvsmon90 - ok
18:28:18.0771 8304 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:28:18.0773 8304 MTConfig - ok
18:28:18.0785 8304 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:28:18.0787 8304 Mup - ok
18:28:18.0818 8304 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
18:28:18.0823 8304 napagent - ok
18:28:18.0851 8304 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:28:18.0855 8304 NativeWifiP - ok
18:28:18.0874 8304 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
18:28:18.0884 8304 NDIS - ok
18:28:18.0897 8304 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:28:18.0900 8304 NdisCap - ok
18:28:18.0924 8304 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:28:18.0926 8304 NdisTapi - ok
18:28:18.0933 8304 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:28:18.0936 8304 Ndisuio - ok
18:28:18.0946 8304 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:28:18.0949 8304 NdisWan - ok
18:28:18.0958 8304 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:28:18.0960 8304 NDProxy - ok
18:28:19.0047 8304 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
18:28:19.0055 8304 Nero BackItUp Scheduler 4.0 - ok
18:28:19.0082 8304 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
18:28:19.0084 8304 Netaapl - ok
18:28:19.0093 8304 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:28:19.0094 8304 NetBIOS - ok
18:28:19.0109 8304 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:28:19.0113 8304 NetBT - ok
18:28:19.0117 8304 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
18:28:19.0118 8304 Netlogon - ok
18:28:19.0160 8304 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:28:19.0165 8304 Netman - ok
18:28:19.0219 8304 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:28:19.0229 8304 NetMsmqActivator - ok
18:28:19.0232 8304 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:28:19.0234 8304 NetPipeActivator - ok
18:28:19.0267 8304 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:28:19.0272 8304 netprofm - ok
18:28:19.0276 8304 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:28:19.0277 8304 NetTcpActivator - ok
18:28:19.0280 8304 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:28:19.0281 8304 NetTcpPortSharing - ok
18:28:19.0303 8304 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:28:19.0305 8304 nfrd960 - ok
18:28:19.0322 8304 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:28:19.0326 8304 NlaSvc - ok
18:28:19.0336 8304 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:28:19.0338 8304 Npfs - ok
18:28:19.0360 8304 npggsvc - ok
18:28:19.0364 8304 NPPTNT2 - ok
18:28:19.0387 8304 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:28:19.0388 8304 nsi - ok
18:28:19.0396 8304 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:28:19.0398 8304 nsiproxy - ok
18:28:19.0436 8304 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:28:19.0451 8304 Ntfs - ok
18:28:19.0466 8304 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:28:19.0468 8304 Null - ok
18:28:19.0481 8304 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:28:19.0485 8304 nvraid - ok
18:28:19.0512 8304 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:28:19.0515 8304 nvstor - ok
18:28:19.0534 8304 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
18:28:19.0538 8304 nv_agp - ok
18:28:19.0555 8304 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:28:19.0558 8304 ohci1394 - ok
18:28:19.0594 8304 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:28:19.0600 8304 p2pimsvc - ok
18:28:19.0616 8304 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:28:19.0622 8304 p2psvc - ok
18:28:19.0646 8304 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:28:19.0648 8304 Parport - ok
18:28:19.0675 8304 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:28:19.0678 8304 partmgr - ok
18:28:19.0706 8304 [ 304E6AC43613A9C43896C4300009442B ] PCAMp50a64 C:\Windows\system32\Drivers\PCAMp50a64.sys
18:28:19.0708 8304 PCAMp50a64 - ok
18:28:19.0736 8304 [ 18B6869E23937175144E6F1D3CB85FC2 ] PCASp50a64 C:\Windows\system32\Drivers\PCASp50a64.sys
18:28:19.0739 8304 PCASp50a64 - ok
18:28:19.0759 8304 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:28:19.0762 8304 PcaSvc - ok
18:28:19.0784 8304 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
18:28:19.0787 8304 pci - ok
18:28:19.0803 8304 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
18:28:19.0805 8304 pciide - ok
18:28:19.0814 8304 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:28:19.0818 8304 pcmcia - ok
18:28:19.0833 8304 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:28:19.0835 8304 pcw - ok
18:28:19.0853 8304 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:28:19.0861 8304 PEAUTH - ok
18:28:19.0928 8304 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:28:19.0930 8304 PerfHost - ok
18:28:19.0965 8304 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
18:28:19.0979 8304 pla - ok
18:28:20.0011 8304 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:28:20.0016 8304 PlugPlay - ok
18:28:20.0043 8304 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:28:20.0046 8304 PNRPAutoReg - ok
18:28:20.0052 8304 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:28:20.0054 8304 PNRPsvc - ok
18:28:20.0084 8304 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:28:20.0089 8304 PolicyAgent - ok
18:28:20.0127 8304 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:28:20.0130 8304 Power - ok
18:28:20.0165 8304 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:28:20.0168 8304 PptpMiniport - ok
18:28:20.0190 8304 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:28:20.0191 8304 Processor - ok
18:28:20.0206 8304 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
18:28:20.0209 8304 ProfSvc - ok
18:28:20.0225 8304 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:28:20.0226 8304 ProtectedStorage - ok
18:28:20.0244 8304 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:28:20.0246 8304 Psched - ok
18:28:20.0258 8304 pwipf6 - ok
18:28:20.0290 8304 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:28:20.0305 8304 ql2300 - ok
18:28:20.0313 8304 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:28:20.0316 8304 ql40xx - ok
18:28:20.0347 8304 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:28:20.0351 8304 QWAVE - ok
18:28:20.0357 8304 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:28:20.0360 8304 QWAVEdrv - ok
18:28:20.0369 8304 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:28:20.0370 8304 RasAcd - ok
18:28:20.0392 8304 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:28:20.0395 8304 RasAgileVpn - ok
18:28:20.0403 8304 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:28:20.0406 8304 RasAuto - ok
18:28:20.0415 8304 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:28:20.0418 8304 Rasl2tp - ok
18:28:20.0449 8304 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
18:28:20.0454 8304 RasMan - ok
18:28:20.0463 8304 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:28:20.0465 8304 RasPppoe - ok
18:28:20.0469 8304 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:28:20.0472 8304 RasSstp - ok
18:28:20.0485 8304 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:28:20.0489 8304 rdbss - ok
18:28:20.0498 8304 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:28:20.0500 8304 rdpbus - ok
18:28:20.0513 8304 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:28:20.0515 8304 RDPCDD - ok
18:28:20.0539 8304 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:28:20.0541 8304 RDPENCDD - ok
18:28:20.0553 8304 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:28:20.0555 8304 RDPREFMP - ok
18:28:20.0584 8304 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:28:20.0598 8304 RDPWD - ok
18:28:20.0615 8304 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:28:20.0618 8304 rdyboost - ok
18:28:20.0647 8304 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:28:20.0650 8304 RemoteAccess - ok
18:28:20.0660 8304 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:28:20.0664 8304 RemoteRegistry - ok
18:28:20.0675 8304 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:28:20.0677 8304 RpcEptMapper - ok
18:28:20.0686 8304 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:28:20.0687 8304 RpcLocator - ok
18:28:20.0746 8304 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
18:28:20.0749 8304 RpcSs - ok
18:28:20.0785 8304 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
18:28:20.0789 8304 RsFx0103 - ok
18:28:20.0811 8304 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:28:20.0813 8304 rspndr - ok
18:28:20.0848 8304 [ 5BFF00B29F7CC14AF67760C0E868109F ] RT2500USB C:\Windows\system32\DRIVERS\rt2500usb.sys
18:28:20.0861 8304 RT2500USB - ok
18:28:20.0898 8304 [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:28:20.0902 8304 RTL8167 - ok
18:28:20.0940 8304 [ 2B38C905492F36FE42B59DA52D6B4EB7 ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
18:28:20.0942 8304 RtNdPt60 - ok
18:28:20.0953 8304 [ AA16624FD736D02E1F7BB1B86D535EE3 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam60.sys
18:28:20.0955 8304 RTTEAMPT - ok
18:28:20.0962 8304 [ 8B6B42D782202363A562F82B0E13B1C0 ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan60.sys
18:28:20.0964 8304 RTVLANPT - ok
18:28:20.0979 8304 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
18:28:20.0980 8304 SamSs - ok
18:28:20.0996 8304 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
18:28:20.0998 8304 sbp2port - ok
18:28:21.0012 8304 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:28:21.0017 8304 SCardSvr - ok
18:28:21.0029 8304 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:28:21.0032 8304 scfilter - ok
18:28:21.0066 8304 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
18:28:21.0077 8304 Schedule - ok
18:28:21.0099 8304 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:28:21.0100 8304 SCPolicySvc - ok
18:28:21.0115 8304 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:28:21.0119 8304 SDRSVC - ok
18:28:21.0135 8304 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:28:21.0137 8304 secdrv - ok
18:28:21.0148 8304 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
18:28:21.0150 8304 seclogon - ok
18:28:21.0162 8304 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:28:21.0164 8304 SENS - ok
18:28:21.0176 8304 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:28:21.0179 8304 SensrSvc - ok
18:28:21.0189 8304 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:28:21.0190 8304 Serenum - ok
18:28:21.0202 8304 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:28:21.0205 8304 Serial - ok
18:28:21.0217 8304 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:28:21.0219 8304 sermouse - ok
18:28:21.0235 8304 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
18:28:21.0237 8304 SessionEnv - ok
18:28:21.0251 8304 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
18:28:21.0253 8304 sffdisk - ok
18:28:21.0259 8304 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:28:21.0260 8304 sffp_mmc - ok
18:28:21.0270 8304 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
18:28:21.0272 8304 sffp_sd - ok
18:28:21.0280 8304 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:28:21.0282 8304 sfloppy - ok
18:28:21.0306 8304 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:28:21.0311 8304 SharedAccess - ok
18:28:21.0323 8304 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:28:21.0328 8304 ShellHWDetection - ok
18:28:21.0350 8304 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:28:21.0352 8304 SiSRaid2 - ok
18:28:21.0367 8304 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:28:21.0370 8304 SiSRaid4 - ok
18:28:21.0421 8304 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:28:21.0424 8304 SkypeUpdate - ok
18:28:21.0444 8304 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:28:21.0447 8304 Smb - ok
18:28:21.0477 8304 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:28:21.0480 8304 SNMPTRAP - ok
18:28:21.0491 8304 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:28:21.0493 8304 spldr - ok
18:28:21.0529 8304 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
18:28:21.0535 8304 Spooler - ok
18:28:21.0600 8304 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
18:28:21.0632 8304 sppsvc - ok
18:28:21.0647 8304 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:28:21.0650 8304 sppuinotify - ok
18:28:21.0751 8304 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
18:28:21.0756 8304 SQLAgent$SQLEXPRESS - ok
18:28:21.0782 8304 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:28:21.0787 8304 SQLBrowser - ok
18:28:21.0824 8304 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:28:21.0827 8304 SQLWriter - ok
18:28:21.0856 8304 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:28:21.0862 8304 srv - ok
18:28:21.0894 8304 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:28:21.0900 8304 srv2 - ok
18:28:21.0937 8304 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:28:21.0946 8304 srvnet - ok
18:28:21.0971 8304 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:28:21.0975 8304 SSDPSRV - ok
18:28:21.0991 8304 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:28:21.0995 8304 SstpSvc - ok
18:28:22.0010 8304 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:28:22.0011 8304 stexstor - ok
18:28:22.0039 8304 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
18:28:22.0046 8304 stisvc - ok
18:28:22.0062 8304 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:28:22.0064 8304 swenum - ok
18:28:22.0089 8304 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:28:22.0097 8304 swprv - ok
18:28:22.0134 8304 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
18:28:22.0151 8304 SysMain - ok
18:28:22.0169 8304 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:28:22.0173 8304 TabletInputService - ok
18:28:22.0215 8304 [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
18:28:22.0217 8304 tap0901 - ok
18:28:22.0254 8304 [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
18:28:22.0255 8304 taphss - ok
18:28:22.0266 8304 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
18:28:22.0271 8304 TapiSrv - ok
18:28:22.0296 8304 [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD ] tapoas C:\Windows\system32\DRIVERS\tapoas.sys
18:28:22.0298 8304 tapoas - ok
18:28:22.0313 8304 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:28:22.0316 8304 TBS - ok
18:28:22.0364 8304 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:28:22.0381 8304 Tcpip - ok
18:28:22.0412 8304 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:28:22.0420 8304 TCPIP6 - ok
18:28:22.0432 8304 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:28:22.0435 8304 tcpipreg - ok
18:28:22.0456 8304 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:28:22.0458 8304 TDPIPE - ok
18:28:22.0483 8304 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:28:22.0485 8304 TDTCP - ok
18:28:22.0495 8304 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:28:22.0498 8304 tdx - ok
18:28:22.0526 8304 [ AA16624FD736D02E1F7BB1B86D535EE3 ] TEAM C:\Windows\system32\DRIVERS\RtTeam60.sys
18:28:22.0527 8304 TEAM - ok
18:28:22.0626 8304 [ 74FC70AE64A7B7DABEC9697CE0A1F4FA ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
18:28:22.0652 8304 TeamViewer7 - ok
18:28:22.0661 8304 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:28:22.0663 8304 TermDD - ok
18:28:22.0742 8304 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
18:28:22.0749 8304 TermService - ok
18:28:22.0757 8304 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:28:22.0759 8304 Themes - ok
18:28:22.0781 8304 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:28:22.0782 8304 THREADORDER - ok
18:28:22.0796 8304 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:28:22.0798 8304 TrkWks - ok
18:28:22.0834 8304 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:28:22.0837 8304 TrustedInstaller - ok
18:28:22.0842 8304 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:28:22.0844 8304 tssecsrv - ok
18:28:22.0872 8304 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:28:22.0875 8304 tunnel - ok
18:28:22.0889 8304 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:28:22.0892 8304 uagp35 - ok
18:28:22.0916 8304 [ 31BA4A33AFAB6A69EA092B18017F737F ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:28:22.0931 8304 udfs - ok
18:28:22.0942 8304 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:28:22.0946 8304 UI0Detect - ok
18:28:22.0968 8304 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
18:28:22.0970 8304 uliagpkx - ok
18:28:22.0989 8304 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:28:22.0991 8304 umbus - ok
18:28:23.0009 8304 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:28:23.0011 8304 UmPass - ok
18:28:23.0083 8304 [ 8B802B483CBDE06F62DBC04DC7AFAF8E ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
18:28:23.0088 8304 UMVPFSrv - ok
18:28:23.0103 8304 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:28:23.0107 8304 upnphost - ok
18:28:23.0144 8304 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:28:23.0164 8304 USBAAPL64 - ok
18:28:23.0206 8304 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:28:23.0209 8304 usbaudio - ok
18:28:23.0225 8304 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:28:23.0238 8304 usbccgp - ok
18:28:23.0260 8304 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
18:28:23.0262 8304 usbcir - ok
18:28:23.0277 8304 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:28:23.0278 8304 usbehci - ok
18:28:23.0301 8304 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:28:23.0305 8304 usbhub - ok
18:28:23.0323 8304 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:28:23.0324 8304 usbohci - ok
18:28:23.0352 8304 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:28:23.0364 8304 usbprint - ok
18:28:23.0387 8304 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:28:23.0390 8304 USBSTOR - ok
18:28:23.0402 8304 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:28:23.0405 8304 usbuhci - ok
18:28:23.0418 8304 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:28:23.0420 8304 UxSms - ok
18:28:23.0429 8304 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
18:28:23.0430 8304 VaultSvc - ok
18:28:23.0448 8304 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
18:28:23.0450 8304 vdrvroot - ok
18:28:23.0482 8304 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
18:28:23.0490 8304 vds - ok
18:28:23.0498 8304 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:28:23.0500 8304 vga - ok
18:28:23.0511 8304 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:28:23.0514 8304 VgaSave - ok
18:28:23.0528 8304 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
18:28:23.0531 8304 vhdmp - ok
18:28:23.0559 8304 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
18:28:23.0561 8304 viaide - ok
18:28:23.0570 8304 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
18:28:23.0573 8304 volmgr - ok
18:28:23.0588 8304 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:28:23.0593 8304 volmgrx - ok
18:28:23.0623 8304 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
18:28:23.0627 8304 volsnap - ok
18:28:23.0656 8304 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:28:23.0660 8304 vsmraid - ok
18:28:23.0691 8304 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
18:28:23.0707 8304 VSS - ok
18:28:23.0808 8304 [ 8ED347BAD8D1FB7C40B593BFB01786D2 ] vToolbarUpdater11.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
18:28:23.0817 8304 vToolbarUpdater11.2.0 - ok
18:28:23.0828 8304 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:28:23.0830 8304 vwifibus - ok
18:28:23.0860 8304 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:28:23.0863 8304 vwififlt - ok
18:28:23.0888 8304 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:28:23.0893 8304 W32Time - ok
18:28:23.0915 8304 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:28:23.0918 8304 WacomPen - ok
18:28:23.0946 8304 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:28:23.0948 8304 WANARP - ok
18:28:23.0952 8304 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:28:23.0953 8304 Wanarpv6 - ok
18:28:23.0998 8304 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:28:24.0010 8304 WatAdminSvc - ok
18:28:24.0039 8304 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
18:28:24.0054 8304 wbengine - ok
18:28:24.0071 8304 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:28:24.0076 8304 WbioSrvc - ok
18:28:24.0113 8304 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:28:24.0118 8304 wcncsvc - ok
18:28:24.0129 8304 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:28:24.0133 8304 WcsPlugInService - ok
18:28:24.0143 8304 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:28:24.0146 8304 Wd - ok
18:28:24.0165 8304 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:28:24.0171 8304 Wdf01000 - ok
18:28:24.0180 8304 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:28:24.0182 8304 WdiServiceHost - ok
18:28:24.0185 8304 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:28:24.0187 8304 WdiSystemHost - ok
18:28:24.0221 8304 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
18:28:24.0226 8304 WebClient - ok
18:28:24.0253 8304 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:28:24.0258 8304 Wecsvc - ok
18:28:24.0285 8304 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:28:24.0287 8304 wercplsupport - ok
18:28:24.0305 8304 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:28:24.0308 8304 WerSvc - ok
18:28:24.0318 8304 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:28:24.0319 8304 WfpLwf - ok
18:28:24.0324 8304 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:28:24.0326 8304 WIMMount - ok
18:28:24.0350 8304 WinDefend - ok
18:28:24.0364 8304 WinHttpAutoProxySvc - ok
18:28:24.0409 8304 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:28:24.0412 8304 Winmgmt - ok
18:28:24.0462 8304 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
18:28:24.0481 8304 WinRM - ok
18:28:24.0516 8304 [ 4D52C872018AF7E18D078978DCC3F6F2 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:28:24.0519 8304 WinUsb - ok
18:28:24.0541 8304 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:28:24.0549 8304 Wlansvc - ok
18:28:24.0668 8304 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:28:24.0687 8304 wlidsvc - ok
18:28:24.0699 8304 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:28:24.0702 8304 WmiAcpi - ok
18:28:24.0714 8304 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:28:24.0752 8304 wmiApSrv - ok
18:28:24.0755 8304 WMPNetworkSvc - ok
18:28:24.0821 8304 [ 6BF703695177639B50BC89B83371FCE7 ] WN111v2 C:\Windows\system32\DRIVERS\WN111v2w7x.sys
18:28:24.0828 8304 WN111v2 - ok
18:28:24.0838 8304 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:28:24.0841 8304 WPCSvc - ok
18:28:24.0856 8304 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:28:24.0858 8304 WPDBusEnum - ok
18:28:24.0873 8304 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:28:24.0875 8304 ws2ifsl - ok
18:28:24.0905 8304 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
18:28:24.0907 8304 wscsvc - ok
18:28:24.0910 8304 WSearch - ok
18:28:24.0964 8304 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:28:24.0987 8304 wuauserv - ok
18:28:25.0009 8304 [ C63907207B837A5C05CF6D1606AA0008 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:28:25.0012 8304 WudfPf - ok
18:28:25.0024 8304 [ D885A873D733020F8B9B9FF4B1666158 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:28:25.0028 8304 WUDFRd - ok
18:28:25.0041 8304 [ 27B9BEE5AAC00139E3A3AF5D6227A0DC ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:28:25.0043 8304 wudfsvc - ok
18:28:25.0059 8304 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:28:25.0064 8304 WwanSvc - ok
18:28:25.0093 8304 ================ Scan global ===============================
18:28:25.0112 8304 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:28:25.0148 8304 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
18:28:25.0155 8304 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
18:28:25.0177 8304 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:28:25.0209 8304 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:28:25.0213 8304 [Global] - ok
18:28:25.0214 8304 ================ Scan MBR ==================================
18:28:25.0227 8304 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:28:25.0507 8304 \Device\Harddisk0\DR0 - ok
18:28:25.0507 8304 ================ Scan VBR ==================================
18:28:25.0509 8304 [ 9115724E5C57808ED529B8B6E7316E61 ] \Device\Harddisk0\DR0\Partition1
18:28:25.0510 8304 \Device\Harddisk0\DR0\Partition1 - ok
18:28:25.0521 8304 [ 22A1434D98DF0CDB86655B0EC3541F89 ] \Device\Harddisk0\DR0\Partition2
18:28:25.0523 8304 \Device\Harddisk0\DR0\Partition2 - ok
18:28:25.0523 8304 ============================================================
18:28:25.0523 8304 Scan finished
18:28:25.0523 8304 ============================================================
18:28:25.0531 5184 Detected object count: 1
18:28:25.0531 5184 Actual detected object count: 1
18:28:59.0848 5184 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
18:28:59.0848 5184 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
18:29:01.0254 8652 Deinitialize success







Nothing serious was found. I don't believe that it detected it.

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,790 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:54 PM

Posted 18 October 2012 - 07:01 PM

Hi jp09,

Thank you for the information. Please do this for me.


===================================================


adwCleaner by Xplode - Delete Adware

-------------------

  • Close all open programs and internet browser
  • Double click on adwcleaner.exe
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
  • Check to see if you are still receiving redirects

===================================================


Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

  • Please download ComboFix from one of these locations:

    BleepingComputer

    ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.

    Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.

    • Check your computer clock. If it is still running then so is ComboFix
    • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
    • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
    Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • AdwCleaner results
  • Combofix.txt
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 jp09

jp09
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 19 October 2012 - 03:57 PM

adwcleaner log:

# AdwCleaner v2.005 - Logfile created 10/19/2012 at 16:02:10
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : James - JAMES-PC
# Boot Mode : Normal
# Running from : C:\Users\James\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : vToolbarUpdater11.2.0

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
File Deleted : C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
File Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\sqarf29a.default\searchplugins\Askcom.xml
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
Folder Deleted : C:\Program Files (x86)\uTorrentControl2
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\James\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\James\AppData\Local\Conduit
Folder Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Deleted : C:\Users\James\AppData\Local\OpenCandy
Folder Deleted : C:\Users\James\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\James\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\James\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\James\AppData\LocalLow\Mp3Tube Toolbar
Folder Deleted : C:\Users\James\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\James\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\sqarf29a.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\sqarf29a.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\sqarf29a.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\sqarf29a.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\sqarf29a.default\extensions\engine@conduit.com
Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\sqarf29a.default\extensions\plugin@yontoo.com
Folder Deleted : C:\Users\James\AppData\Roaming\OpenCandy
Folder Deleted : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\Mp3Tube
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100293.FCTB000100293Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100293.FCTB000100293Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100293.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100293.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100293.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100293.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2680363
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\FCTB000100293
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\uTorrentControl2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1737A0A9-B309-4494-BF56-07EDCE8527C2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53CA02EB-2B4A-440D-996A-82BB5C22779C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.27 (en-US)

Profile name : default
File : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\sqarf29a.default\prefs.js

C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\sqarf29a.default\user.js ... Deleted !

Deleted : user_pref("browser.search..selectedEngineURL", "hxxp://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&cl[...]
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("keyword.URL", "hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=");
Deleted : user_pref("quickstores.toolbar.affid", "2017");
Deleted : user_pref("quickstores.toolbar.guid", "{2CAC8C91-D1D8-BC45-6163-BB849C71D96B}");

-\\ Google Chrome v22.0.1229.94

File : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.54] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Deleted [l.57] : keyword = "isearch.avg.com",
Deleted [l.60] : search_url = "hxxp://isearch.avg.com/search?cid={1155BC12-2638-4621-A582-ADAE797A1B3D}&mid=2c4e6d684f8047d69b1ad15b5197f850-f56c060d1481754fc97fff3a04dbb6d6830f2df4&lang=us&ds=AVG&pr=pa&d=2011-12-10 08:22:46&v=11.1.0.12&sap=dsp&q={searchTerms}",

*************************

AdwCleaner[R1].txt - [13286 octets] - [18/10/2012 18:25:59]
AdwCleaner[R2].txt - [13347 octets] - [18/10/2012 18:26:29]
AdwCleaner[S1].txt - [13387 octets] - [19/10/2012 16:02:10]

########## EOF - C:\AdwCleaner[S1].txt - [13448 octets] ##########




ComboFix Log:

ComboFix 12-10-19.01 - James 10/19/2012 16:12:36.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3063.1411 [GMT -4:00]
Running from: c:\users\James\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\James\War_Rock_20110307_G1.exe
c:\windows\SysWow64\FlashPlayerInstaller.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-19 to 2012-10-19 )))))))))))))))))))))))))))))))
.
.
2012-10-19 20:21 . 2012-10-19 20:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-10-19 20:21 . 2012-10-19 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-19 20:21 . 2012-10-19 20:21 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-18 20:29 . 2012-10-18 20:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-13 21:59 . 2012-10-13 21:59 -------- d-----w- c:\users\James\.zionscape
2012-10-13 21:58 . 2012-10-13 22:00 -------- d-----w- c:\users\James\.eximinus
2012-10-09 22:16 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-09 22:16 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll
2012-10-09 22:16 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-09 22:16 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-09 22:16 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-09 22:16 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-09 22:16 . 2012-08-31 18:02 1656688 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-09-30 01:32 . 2012-09-30 01:32 -------- d-----w- c:\users\James\AppData\Local\Desura
2012-09-30 01:31 . 2012-09-30 01:31 -------- d-----w- c:\program files (x86)\Common Files\Desura
2012-09-30 01:29 . 2012-09-30 01:29 -------- d-----w- c:\programdata\Desura
2012-09-30 01:29 . 2012-09-30 01:32 -------- d-----w- c:\program files (x86)\Desura
2012-09-21 07:01 . 2012-09-21 07:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-21 01:18 . 2012-08-02 17:55 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-21 01:18 . 2012-08-02 17:05 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 06:23 . 2012-06-08 03:58 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 17:38 . 2012-06-06 04:55 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 17:38 . 2011-05-19 23:34 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-18 11:19 . 2012-10-09 22:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8b85c843-7f6f-32b4-e50d-ac334058fe0c}"= "c:\program files (x86)\SocialRibbons\Helper.dll" [2011-08-04 361472]
.
[HKEY_CLASSES_ROOT\clsid\{8b85c843-7f6f-32b4-e50d-ac334058fe0c}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{B69DFC46-FEC3-8554-D59C-5E816221D09A}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{4BE60886-F6AA-4714-8109-EA6D8247DD57}]
2011-08-04 15:22 1567744 ----a-w- c:\program files (x86)\SocialRibbons\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\James\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\James\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\James\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\James\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WN111v2\WN111v2.exe [2009-10-10 1728512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R1 pwipf6;Privacyware Filter Driver;c:\windows\system32\DRIVERS\pwipf6.sys [x]
R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-04 14648]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2012-04-26 2438696]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 51600]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-09-30 131912]
R3 DNIMp50a64;DNIMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50a64.sys [x]
R3 DNISp50a64;DNISp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50a64.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-15 1431888]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WN111v2\jswpsapi.exe [2008-02-29 942080]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-04-01 341856]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-04-01 4184672]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-29 43328]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-11-05 43008]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2009-11-05 24064]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 30720]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-11-05 43008]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-25 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2010-07-12 57696]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-04-05 377936]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-10-01 26624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-04 203264]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG10\avgfws.exe [2011-03-09 2708024]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-11-05 27136]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-04 7451648]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-04 268288]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 118864]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
S3 AWOPFilterDriver;AWOPFilterDriver;c:\windows\system32\drivers\AWOPFilterDriver.sys [2010-12-08 19464]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-29 41280]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-10-28 239616]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2w7x.sys [2010-04-28 783360]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 17:38]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-102017714-3801567779-3421019330-1000Core.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-20 19:57]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-102017714-3801567779-3421019330-1000UA.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-20 19:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\James\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-03 10038304]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-04 61256]
"Thermal Controller"="c:\program files\Alienware\Command Center\ThermalController.exe" [2010-05-04 167736]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\sqarf29a.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-{a8864317-e18b-4292-99d9-e6e65ab905d3} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
Wow6432Node-HKLM-Run-HF_G_Jul - c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{4BE60886-F6AA-4714-8109-EA6D8247DD57}"=hex:51,66,7a,6c,4c,1d,38,12,e8,0b,f5,
4f,98,b8,7a,02,fe,1f,a9,2d,87,19,99,43
"{74F475FA-6C75-43BD-AAB9-ECDA6184F600}"=hex:51,66,7a,6c,4c,1d,38,12,94,76,e7,
70,47,22,d3,06,d5,af,af,9a,64,da,b2,14
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b0,e5,ce,18,5d,26,cd,01
.
[HKEY_USERS\S-1-5-21-102017714-3801567779-3421019330-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-102017714-3801567779-3421019330-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-102017714-3801567779-3421019330-1000\Software\SecuROM\License information*]
"datasecu"=hex:4b,63,3e,0d,aa,92,a6,d8,d4,b7,cd,98,bd,c7,6b,57,01,60,f8,4a,02,
b3,23,6e,f1,bf,14,68,ea,ab,91,bd,2b,47,e7,6d,65,21,24,6e,35,93,82,46,25,96,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-19 16:23:46
ComboFix-quarantined-files.txt 2012-10-19 20:23
ComboFix2.txt 2012-09-15 01:17
.
Pre-Run: 813,127,999,488 bytes free
Post-Run: 814,291,025,920 bytes free
.
- - End Of File - - 2FF699A6DD98772CD91CC7C63BE01F44


My pc has been running fine even with the virus, but nothing has happened yet.

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,790 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:54 PM

Posted 19 October 2012 - 05:30 PM

Hi jp09,

I would like to check a file. Please do this for me.


===================================================


Virustotal Online Virus Scanner

--------------------

  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file, double click on it so the file name is populated, then click Scan it!

    C:\Users\James\Downloads\anyname1\anyname.exe
  • Once completed, highlight the information in the address bar and copy then paste the link in your reply


    Posted Image

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • VirusTotal link

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 jp09

jp09
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 19 October 2012 - 11:10 PM

https://www.virustotal.com/file/761923f926994dac1b199625c5b7c08b792e673d80c2ac86702c0ed8d3f67c04/analysis/1350706011/

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,790 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:54 PM

Posted 20 October 2012 - 07:58 AM

Hi jp09,

That file is infected so I would like you to do the following to delete it.


===================================================


Running Combofix Script

-------------------

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text below into the Notepad document

    http://www.bleepingcomputer.com/forums/topic472074.html/page__view__findpost__p__2870667
    
    Collect::
    C:\Users\James\Downloads\anyname1\anyname.exe
    
    

  • Save this on your desktop as CFScript.txt.


    Posted Image

  • Referring to the picture above, drag CFScript.txt into ComboFix.exe
  • Click OK on the Submit files for further analysis pop up window
  • When finished, it will create a log for you at C:\ComboFix.txt. Please copy/paste the information in your next reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Combofix.txt
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,790 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:54 PM

Posted 24 October 2012 - 03:08 PM

Hi jp09,


===================================================


3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,790 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:54 PM

Posted 27 October 2012 - 07:02 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users