Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan horse Patched_c.lzi on system32 services [Solved]

Started by numbers001 , Jul 21 2012 02:37 PM

  • This topic is locked This topic is locked

#1
numbers001
Posted 21 July 2012 - 02:37 PM

numbers001

    Member

  • Member
  • PipPip
  • 18 posts
i really need someone to help me to remove this virus. I ran avg and found it but it just continues to pop up, and mwam, which didn't help either. I would truly appreciate any help i can get to fix this problem.

my OTL log is as follows:

OTL logfile created on: 7/21/2012 5:18:10 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\RicoT\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 49.91% Memory free
8.03 Gb Paging File | 5.83 Gb Available in Paging File | 72.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.72 Gb Total Space | 58.25 Gb Free Space | 12.90% Space Free | Partition Type: NTFS
Drive D: | 14.04 Gb Total Space | 2.13 Gb Free Space | 15.19% Space Free | Partition Type: NTFS

Computer Name: TAKUN | User Name: RicoT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/21 16:26:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\RicoT\Desktop\OTL.exe
PRC - [2012/07/14 11:20:25 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/14 11:20:16 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/14 15:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\RicoT\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/01/14 19:16:16 | 000,345,600 | ---- | M] (Pharos Systems International) -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
PRC - [2009/05/08 17:32:38 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2008/12/25 13:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/25 13:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/12/23 17:18:20 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/11/28 18:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/26 17:13:08 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/11/26 17:13:08 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/14 11:20:27 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/14 11:20:16 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/06/14 15:20:15 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2008/12/25 13:41:24 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008/11/26 17:13:08 | 000,263,560 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll
MOD - [2008/11/26 17:13:08 | 000,124,288 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll
MOD - [2008/11/26 17:13:08 | 000,038,184 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll
MOD - [2008/11/26 17:13:06 | 000,349,480 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/01/28 06:15:24 | 000,290,304 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_7477fb4c\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/11/17 12:22:44 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 16:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV - [2012/07/14 12:06:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/14 11:20:25 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/10 14:53:43 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/14 15:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/14 19:16:16 | 000,345,600 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/23 17:18:20 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/26 17:13:08 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2008/11/26 17:13:08 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2010/10/03 23:17:54 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/30 14:55:02 | 001,451,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/28 06:16:06 | 000,473,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/12/30 05:18:40 | 000,068,608 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/12/02 14:01:42 | 000,068,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/11/10 13:26:30 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/10/28 01:33:30 | 008,039,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/09/21 22:49:58 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/09/18 10:08:04 | 000,260,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/03/27 12:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 12:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/01/20 19:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 19:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/06/18 17:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 18:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2008/11/28 18:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/08/09 19:10:21] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7EEAD0DA-121E-498E-B773-B8F0B4C4AAB1}
IE:64bit: - HKLM\..\SearchScopes\{7EEAD0DA-121E-498E-B773-B8F0B4C4AAB1}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{B226DAE9-F4F6-41AA-9CD0-4000E7E09068}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKLM\..\SearchScopes\{7EEAD0DA-121E-498E-B773-B8F0B4C4AAB1}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3045275
IE - HKLM\..\SearchScopes\{B226DAE9-F4F6-41AA-9CD0-4000E7E09068}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...015&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 94 A0 B8 F1 C6 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.mystart.com?pr=oovoo2_2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {656461ef-40f6-4115-9ff1-bced9812ccbb} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKCU\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}: "URL" = http://www.bing.com/...015&form=ZGAIDF
IE - HKCU\..\SearchScopes\{7EEAD0DA-121E-498E-B773-B8F0B4C4AAB1}: "URL" = http://www.bing.com/...ferrer:source?}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-07-14 11:20:29&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3045275
IE - HKCU\..\SearchScopes\{B226DAE9-F4F6-41AA-9CD0-4000E7E09068}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..keyword.URL: "http://isearch.avg.c...0:29&sap=ku&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local,127.0.0.1:9421,localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\RicoT\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\RicoT\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\RicoT\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\RicoT\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\RicoT\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010/12/18 11:59:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010/12/18 11:59:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/17 14:56:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/14 11:17:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/14 11:20:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/10 10:46:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/03/14 15:59:03 | 000,000,000 | ---D | M]

[2010/01/11 02:56:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RicoT\AppData\Roaming\Mozilla\Extensions
[2012/07/11 21:55:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RicoT\AppData\Roaming\Mozilla\Firefox\Profiles\f7r9ya4f.default\extensions
[2012/07/10 10:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/14 11:17:18 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/07/14 11:20:48 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12
[2012/06/14 15:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/14 11:20:10 | 000,003,748 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/14 15:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 15:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Updater For ooVoo Toolbar) - {442AE524-EBA5-4b17-82F3-888D68BC999A} - C:\Program Files (x86)\oovootb\auxi\oovooAu.dll (Visicom Media)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files (x86)\oovootb\oovoodx.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files (x86)\oovootb\oovoodx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [DLKAStatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\DLKAMUI.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SecureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe (SecureW2 B.V.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\RicoT\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4617A293-0170-44D5-9098-F380139BDCB3}: DhcpNameServer = 10.128.128.128
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{965BF14D-6ED4-4B6F-B6FC-9E534000ADAD}: DhcpNameServer = 167.206.245.129 167.206.245.130
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\RicoT\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\RicoT\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1a039d57-3166-11e0-89cf-81ff7a224289}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\{606ef2e3-cf7f-11df-8f57-c062f90ec071}\Shell - "" = AutoRun
O33 - MountPoints2\{606ef2e3-cf7f-11df-8f57-c062f90ec071}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{d558650c-4e56-11e0-a58c-f43c5f300556}\Shell - "" = AutoRun
O33 - MountPoints2\{d558650c-4e56-11e0-a58c-f43c5f300556}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{ec3c1f6d-38bd-11e0-8587-cd9eaf4019cb}\Shell - "" = AutoRun
O33 - MountPoints2\{ec3c1f6d-38bd-11e0-8587-cd9eaf4019cb}\Shell\AutoRun\command - "" = H:\LaunchU3.exe
O33 - MountPoints2\{ff6d89f7-b45b-11df-9136-00235ab9243b}\Shell - "" = AutoRun
O33 - MountPoints2\{ff6d89f7-b45b-11df-9136-00235ab9243b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/21 16:27:58 | 000,000,000 | ---D | C] -- C:\Users\RicoT\Desktop\solution 1
[2012/07/21 16:27:24 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\RicoT\Desktop\aswMBR.exe
[2012/07/21 16:26:53 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\RicoT\Desktop\OTL.exe
[2012/07/21 15:52:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/21 15:51:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/07/21 13:35:03 | 000,000,000 | ---D | C] -- C:\Users\RicoT\AppData\Roaming\Malwarebytes
[2012/07/21 13:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/21 13:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/21 13:34:44 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/21 13:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/21 12:14:38 | 000,000,000 | ---D | C] -- C:\Users\RicoT\Desktop\MiniRegTool64
[2012/07/17 14:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/17 14:52:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/07/14 11:35:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2012/07/14 11:33:01 | 000,000,000 | ---D | C] -- C:\Users\RicoT\AppData\Local\Macromedia
[2012/07/14 11:20:56 | 000,000,000 | ---D | C] -- C:\Users\RicoT\AppData\Local\AVG Secure Search
[2012/07/14 11:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/07/14 11:20:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/07/14 11:20:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/07/14 11:16:32 | 000,000,000 | ---D | C] -- C:\Users\RicoT\AppData\Roaming\AVG2012
[2012/07/14 11:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/07/10 10:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/07/10 10:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/07/06 18:40:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DownloadXCtrl.com
[2012/06/27 15:37:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[53 C:\Users\RicoT\Documents\*.tmp files -> C:\Users\RicoT\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/21 17:18:12 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2158484571-1096016247-2215530952-1000UA.job
[2012/07/21 17:06:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/21 17:02:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/21 16:27:38 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\RicoT\Desktop\aswMBR.exe
[2012/07/21 16:26:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\RicoT\Desktop\OTL.exe
[2012/07/21 16:12:13 | 000,006,080 | ---- | M] () -- C:\Users\RicoT\AppData\Local\d3d9caps.dat
[2012/07/21 16:11:44 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/21 16:11:44 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/21 16:11:24 | 4193,210,368 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/21 16:10:11 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/07/21 15:01:22 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\Registry Optimizer_DEFAULT.job
[2012/07/21 13:34:47 | 000,000,932 | ---- | M] () -- C:\Users\RicoT\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/21 13:34:47 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/21 09:57:42 | 101,889,530 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/21 09:54:47 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2158484571-1096016247-2215530952-1000Core.job
[2012/07/19 18:20:19 | 000,002,597 | ---- | M] () -- C:\Users\RicoT\Desktop\Microsoft Word 2010.lnk
[2012/07/18 15:13:14 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\Registry Optimizer_UPDATES.job
[2012/07/17 20:19:21 | 000,470,040 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/17 14:56:56 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/17 14:52:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/07/17 14:52:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/07/16 13:33:40 | 000,755,048 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/16 13:33:40 | 000,640,214 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/16 13:33:40 | 000,118,434 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/16 10:06:27 | 000,002,018 | ---- | M] () -- C:\Users\RicoT\Desktop\Kindle.lnk
[2012/07/14 11:35:18 | 000,001,672 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/07/14 11:02:09 | 000,000,816 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/10 14:24:12 | 000,054,497 | ---- | M] () -- C:\Users\RicoT\Documents\Safari Bookmarks.html
[2012/07/10 10:46:41 | 000,000,872 | ---- | M] () -- C:\Users\RicoT\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/10 10:46:41 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/09 06:05:50 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRicoT.job
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[53 C:\Users\RicoT\Documents\*.tmp files -> C:\Users\RicoT\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/21 16:13:53 | 000,022,528 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\800000cb.@
[2012/07/21 13:34:47 | 000,000,932 | ---- | C] () -- C:\Users\RicoT\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/21 13:34:47 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/21 12:00:39 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@
[2012/07/21 12:00:38 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000001.@
[2012/07/21 11:57:31 | 4193,210,368 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/17 14:52:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/07/17 14:52:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/07/14 11:35:17 | 000,001,672 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/07/14 11:30:30 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/14 11:20:58 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/10 14:24:12 | 000,054,497 | ---- | C] () -- C:\Users\RicoT\Documents\Safari Bookmarks.html
[2012/07/10 10:46:41 | 000,000,872 | ---- | C] () -- C:\Users\RicoT\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/10 10:46:41 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/10 10:46:41 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/22 18:34:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/09 16:38:28 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
[2011/02/09 16:38:28 | 000,002,048 | -HS- | C] () -- C:\Users\RicoT\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
[2010/10/22 19:05:59 | 000,000,732 | ---- | C] () -- C:\Users\RicoT\AppData\Local\d3d9caps64.dat
[2009/11/12 13:12:18 | 000,034,304 | ---- | C] () -- C:\Users\RicoT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/26 09:20:09 | 000,006,080 | ---- | C] () -- C:\Users\RicoT\AppData\Local\d3d9caps.dat
[2009/08/31 20:20:43 | 000,004,642 | ---- | C] () -- C:\Users\RicoT\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2011/12/15 14:46:43 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\.anki
[2009/08/28 19:24:46 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\acccore
[2010/01/14 22:17:34 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\Amazon
[2012/07/14 11:16:32 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\AVG2012
[2010/03/15 17:29:10 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\Bioshock
[2010/03/14 22:28:49 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\Bioshock2
[2012/06/07 15:48:49 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\BitTorrent
[2010/10/03 23:46:01 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\DAEMON Tools Lite
[2009/09/04 20:42:29 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\funkitron
[2009/08/29 18:06:37 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\Gamelab
[2012/01/31 19:48:49 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\Image-Line
[2009/08/30 12:05:25 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\iWin
[2010/12/18 11:59:16 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\Local
[2009/08/29 22:50:53 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\Ludia
[2012/06/24 21:42:35 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\Nico Mak Computing
[2010/01/06 00:58:40 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\NVD
[2011/09/05 17:23:38 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\Octoshape
[2010/06/10 16:19:44 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\ooVoo Details
[2010/06/10 16:19:01 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\oovooinstaller
[2010/01/02 14:51:14 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\OpenOffice.org
[2009/10/03 21:13:26 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\PlayFirst
[2011/05/24 01:03:19 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\Propellerhead Software
[2010/07/02 21:45:24 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\SecondLife
[2010/10/03 23:38:42 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\SoftGrid Client
[2009/09/04 21:35:01 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\SPORE Creature Creator
[2009/09/26 13:51:46 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\Sports Interactive
[2009/08/31 20:20:56 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\Template
[2010/02/06 22:41:00 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\TP
[2012/05/25 12:46:01 | 000,000,000 | ---D | M] -- C:\Users\RicoT\AppData\Roaming\Windows Live Writer
[2012/07/21 15:01:22 | 000,000,296 | ---- | M] () -- C:\Windows\Tasks\Registry Optimizer_DEFAULT.job
[2012/07/18 15:13:14 | 000,000,304 | ---- | M] () -- C:\Windows\Tasks\Registry Optimizer_UPDATES.job
[2012/07/21 16:10:11 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/05/07 20:39:47 | 000,013,824 | ---- | M] ()(C:\Users\RicoT\Documents\??????.docx) -- C:\Users\RicoT\Documents\日本の世の中.docx
[2012/05/07 19:34:26 | 000,013,824 | ---- | C] ()(C:\Users\RicoT\Documents\??????.docx) -- C:\Users\RicoT\Documents\日本の世の中.docx
[2012/04/25 20:48:03 | 000,012,842 | ---- | M] ()(C:\Users\RicoT\Documents\??.docx) -- C:\Users\RicoT\Documents\利利.docx
[2012/04/25 20:48:02 | 000,012,842 | ---- | C] ()(C:\Users\RicoT\Documents\??.docx) -- C:\Users\RicoT\Documents\利利.docx
[2012/04/09 19:44:51 | 000,013,788 | ---- | M] ()(C:\Users\RicoT\Documents\??.docx) -- C:\Users\RicoT\Documents\さく.docx
[2012/04/09 18:39:36 | 000,013,788 | ---- | C] ()(C:\Users\RicoT\Documents\??.docx) -- C:\Users\RicoT\Documents\さく.docx
[2012/03/19 15:46:29 | 000,013,593 | ---- | M] ()(C:\Users\RicoT\Documents\?????.docx) -- C:\Users\RicoT\Documents\リコタベラ.docx
[2012/03/19 15:36:49 | 000,013,593 | ---- | C] ()(C:\Users\RicoT\Documents\?????.docx) -- C:\Users\RicoT\Documents\リコタベラ.docx
[2012/02/20 20:35:15 | 000,013,496 | ---- | M] ()(C:\Users\RicoT\Documents\?.docx) -- C:\Users\RicoT\Documents\り.docx
[2012/02/20 20:18:49 | 000,013,496 | ---- | C] ()(C:\Users\RicoT\Documents\?.docx) -- C:\Users\RicoT\Documents\り.docx
[2012/02/01 18:23:24 | 000,015,003 | ---- | M] ()(C:\Users\RicoT\Documents\??.docx) -- C:\Users\RicoT\Documents\作文.docx
[2012/02/01 18:02:24 | 000,015,003 | ---- | C] ()(C:\Users\RicoT\Documents\??.docx) -- C:\Users\RicoT\Documents\作文.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 20 bytes -> C:\Windows\SysWow64\-INV:BOOTRUN
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >

Edited by numbers001, 21 July 2012 - 03:27 PM.

  • 0

Advertisements

#2
maliprog
Posted 25 July 2012 - 12:13 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello numbers001 and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL


    :Files
    C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
    C:\Users\RicoT\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
numbers001
Posted 25 July 2012 - 08:17 AM

numbers001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
the otl log was:

========== OTL ==========
========== FILES ==========
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U folder moved successfully.
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L folder moved successfully.
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} folder moved successfully.
C:\Users\RicoT\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U folder moved successfully.
C:\Users\RicoT\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L folder moved successfully.
C:\Users\RicoT\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\RicoT\Desktop\cmd.bat deleted successfully.
C:\Users\RicoT\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.54.0 log created on 07252012_070907


thank you for the help

Edited by numbers001, 25 July 2012 - 08:17 AM.

  • 0

#4
numbers001
Posted 25 July 2012 - 09:53 AM

numbers001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
this is the log for combofix, i think there was an error with avg 2011, i removed it a long time ago, the same with windows defender.

ComboFix 12-07-26.03 - RicoT 07/25/2012 7:46.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2409 [GMT -7:00]
Running from: c:\users\RicoT\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\RicoT\AppData\Roaming\Local
c:\users\RicoT\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\RicoT\AppData\Roaming\Local\Temp\DDM\Settings\bbyfbjcugoes.avi.ddr
c:\users\RicoT\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
c:\users\RicoT\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\RicoT\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\bbyfbjcugoes.avi.ddp
c:\users\RicoT\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
c:\users\RicoT\Documents\~WRD1982.tmp
c:\users\RicoT\Documents\~WRL0001.tmp
c:\users\RicoT\Documents\~WRL0002.tmp
c:\users\RicoT\Documents\~WRL0003.tmp
c:\users\RicoT\Documents\~WRL0004.tmp
c:\users\RicoT\Documents\~WRL0005.tmp
c:\users\RicoT\Documents\~WRL0006.tmp
c:\users\RicoT\Documents\~WRL0007.tmp
c:\users\RicoT\Documents\~WRL0008.tmp
c:\users\RicoT\Documents\~WRL0009.tmp
c:\users\RicoT\Documents\~WRL0010.tmp
c:\users\RicoT\Documents\~WRL0011.tmp
c:\users\RicoT\Documents\~WRL0012.tmp
c:\users\RicoT\Documents\~WRL0027.tmp
c:\users\RicoT\Documents\~WRL0139.tmp
c:\users\RicoT\Documents\~WRL0210.tmp
c:\users\RicoT\Documents\~WRL0395.tmp
c:\users\RicoT\Documents\~WRL0398.tmp
c:\users\RicoT\Documents\~WRL0488.tmp
c:\users\RicoT\Documents\~WRL0648.tmp
c:\users\RicoT\Documents\~WRL0692.tmp
c:\users\RicoT\Documents\~WRL0752.tmp
c:\users\RicoT\Documents\~WRL0858.tmp
c:\users\RicoT\Documents\~WRL0881.tmp
c:\users\RicoT\Documents\~WRL1011.tmp
c:\users\RicoT\Documents\~WRL1167.tmp
c:\users\RicoT\Documents\~WRL1373.tmp
c:\users\RicoT\Documents\~WRL1482.tmp
c:\users\RicoT\Documents\~WRL1505.tmp
c:\users\RicoT\Documents\~WRL1508.tmp
c:\users\RicoT\Documents\~WRL1551.tmp
c:\users\RicoT\Documents\~WRL1612.tmp
c:\users\RicoT\Documents\~WRL2029.tmp
c:\users\RicoT\Documents\~WRL2046.tmp
c:\users\RicoT\Documents\~WRL2259.tmp
c:\users\RicoT\Documents\~WRL2262.tmp
c:\users\RicoT\Documents\~WRL2526.tmp
c:\users\RicoT\Documents\~WRL2529.tmp
c:\users\RicoT\Documents\~WRL2558.tmp
c:\users\RicoT\Documents\~WRL2783.tmp
c:\users\RicoT\Documents\~WRL2896.tmp
c:\users\RicoT\Documents\~WRL2909.tmp
c:\users\RicoT\Documents\~WRL2912.tmp
c:\users\RicoT\Documents\~WRL2963.tmp
c:\users\RicoT\Documents\~WRL3016.tmp
c:\users\RicoT\Documents\~WRL3427.tmp
c:\users\RicoT\Documents\~WRL3758.tmp
c:\users\RicoT\Documents\~WRL3783.tmp
c:\users\RicoT\Documents\~WRL3786.tmp
c:\users\RicoT\Documents\~WRL3815.tmp
c:\users\RicoT\Documents\~WRL3915.tmp
c:\users\RicoT\Documents\~WRL3989.tmp
c:\users\RicoT\Documents\~WRL4068.tmp
.
c:\windows\system32\Services.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 15:35 . 2012-07-25 15:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-25 14:09 . 2012-07-25 14:09 -------- d-----w- C:\_OTL
2012-07-21 22:52 . 2012-07-21 22:52 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-21 22:51 . 2012-07-21 22:51 -------- d-----w- c:\program files (x86)\Oracle
2012-07-21 22:50 . 2012-07-06 05:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-21 20:35 . 2012-07-21 20:35 -------- d-----w- c:\users\RicoT\AppData\Roaming\Malwarebytes
2012-07-21 20:34 . 2012-07-21 20:34 -------- d-----w- c:\programdata\Malwarebytes
2012-07-21 20:34 . 2012-07-21 20:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-21 20:34 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-17 21:52 . 2012-07-17 21:52 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-14 18:33 . 2012-07-14 18:33 -------- d-----w- c:\users\RicoT\AppData\Local\Macromedia
2012-07-14 18:30 . 2012-07-14 19:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-14 18:20 . 2012-07-14 18:20 -------- d-----w- c:\users\RicoT\AppData\Local\AVG Secure Search
2012-07-14 18:20 . 2012-07-16 02:20 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-14 18:20 . 2012-07-14 18:20 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-14 18:20 . 2012-07-18 22:13 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-14 18:16 . 2012-07-14 18:16 -------- d-----w- c:\users\RicoT\AppData\Roaming\AVG2012
2012-07-14 18:12 . 2012-07-14 18:40 -------- d-----w- c:\programdata\AVG2012
2012-07-07 01:40 . 2012-07-07 01:40 -------- d-----w- c:\program files (x86)\DownloadXCtrl.com
2012-06-27 22:37 . 2012-06-27 22:37 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-14 19:06 . 2011-10-30 19:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-06 05:06 . 2010-05-09 00:05 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-11 . BC81150939BD52DBC7A08C245F1FB229 . 384512 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{442AE524-EBA5-4b17-82F3-888D68BC999A}]
2009-11-24 19:27 252416 ----a-w- c:\program files (x86)\oovootb\auxi\oovooAu.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-14 18:20 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]
2009-11-24 21:35 87512 ----a-w- c:\program files (x86)\oovootb\oovoodx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"= "c:\program files (x86)\oovootb\oovoodx.dll" [2009-11-24 87512]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-14 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{a1fb2f9a-d35e-11dd-8935-e46a56d89593}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Akamai NetSession Interface"="c:\users\RicoT\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-29 1148200]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-05-09 206120]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-01-13 210216]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"SecureW2 Tray"="c:\program files (x86)\SecureW2\sw2_tray.exe" [2011-11-04 287112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-14 1107552]
"HF_G_Jul"="c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 250056]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe [2008-11-17 88576]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 18:15 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 19:06]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2158484571-1096016247-2215530952-1000Core.job
- c:\users\RicoT\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-16 01:52]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2158484571-1096016247-2215530952-1000UA.job
- c:\users\RicoT\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-16 01:52]
.
2012-07-09 c:\windows\Tasks\HPCeeScheduleForRicoT.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-03-06 19:34]
.
2012-07-21 c:\windows\Tasks\Registry Optimizer_DEFAULT.job
- c:\program files (x86)\WinZip Registry Optimizer\Winzipro.exe [2012-05-05 17:33]
.
2012-07-18 c:\windows\Tasks\Registry Optimizer_UPDATES.job
- c:\program files (x86)\WinZip Registry Optimizer\Winzipro.exe [2012-05-05 17:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-11 153624]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-11 225816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-11 200216]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-09-18 1552680]
"DLKAStatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\DLKAMUI.exe" [2009-09-06 1679360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=Z015&form=ZGAPHP
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\RicoT\AppData\Roaming\Mozilla\Firefox\Profiles\f7r9ya4f.default\
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5ad1ebbf-39dd-47cd-acfc-bdee20da46f9%7D&mid=6e79c1b9e2e0c2420d14437cffc22c01-e7ff64913adadd6bd39b8781d96e94ee7e305c72&ds=AVG&v=11.1.0.12&lang=en&pr=fr&d=2012-07-14%2011%3A20%3A29&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{656461ef-40f6-4115-9ff1-bced9812ccbb} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2158484571-1096016247-2215530952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2158484571-1096016247-2215530952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2158484571-1096016247-2215530952-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:31,d0,4c,47,42,75,c6,e6,3c,bf,ae,44,4a,f5,84,50,85,8b,ff,e7,a5,47,bb,
ef,68,24,de,25,ff,95,16,43,6d,b8,ea,f2,c8,7c,84,4f,4b,b3,14,06,5c,ec,c5,bd,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\progra~2\PHAROS~1\Core\CTskMstr.exe
c:\program files (x86)\SMINST\BLService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
c:\program files (x86)\Viewpoint\Common\ViewpointService.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
c:\program files (x86)\AVG\AVG2012\avgidsagent.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-07-25 08:48:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-25 15:48
.
Pre-Run: 62,966,747,136 bytes free
Post-Run: 62,691,975,168 bytes free
.
- - End Of File - - F4097E638797B6DA81B45DCE1669A855

what should i do after this?
should i reactivate all the protection?

Edited by numbers001, 25 July 2012 - 11:27 AM.

  • 0

#5
maliprog
Posted 25 July 2012 - 01:24 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
You can enable your protection again. One of your system file is infected and we need to find replacement for it.

Run OTL again

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Press button named None Posted Image
  • Under the Custom Scan/Fixes box paste this in

    /md5start
services.*
/md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.txt. This file is also saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it here to me

  • 0

#6
numbers001
Posted 25 July 2012 - 02:27 PM

numbers001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
here it is, also what do i do with combofix?

OTL logfile created on: 7/25/2012 1:03:06 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\RicoT\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 61.91% Memory free
7.98 Gb Paging File | 6.19 Gb Available in Paging File | 77.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.72 Gb Total Space | 57.98 Gb Free Space | 12.84% Space Free | Partition Type: NTFS
Drive D: | 14.04 Gb Total Space | 2.13 Gb Free Space | 15.19% Space Free | Partition Type: NTFS

Computer Name: TAKUN | User Name: RicoT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: SERVICES >
[2006/09/18 14:37:24 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\services

< MD5 for: SERVICES.CFG >
[2012/04/03 22:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2008/01/20 19:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 00:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009/04/11 00:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=BC81150939BD52DBC7A08C245F1FB229 -- C:\Windows\SysNative\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2008/01/20 19:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 08:13:31 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\SysWOW64\en-US\services.exe.mui
[2006/11/02 08:13:31 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
[2006/11/02 08:13:56 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=F514B57C09E143F1E14415A9E9ADD695 -- C:\Windows\SysNative\en-US\services.exe.mui
[2006/11/02 08:13:56 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=F514B57C09E143F1E14415A9E9ADD695 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c3e5209ee1678e23\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/01/20 20:20:59 | 000,001,688 | ---- | M] () MD5=EFDD08F4E5E26430885F26F0C35B8C62 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 20:20:59 | 000,001,688 | ---- | M] () MD5=EFDD08F4E5E26430885F26F0C35B8C62 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 14:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2006/09/18 14:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysWOW64\wbem\services.mof
[2006/09/18 14:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.mof
[2006/09/18 14:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.mof
[2006/09/18 14:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 14:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 08:13:51 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2006/09/18 14:29:41 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2006/11/02 08:14:00 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2006/09/18 14:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2006/11/02 08:13:51 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_fe26f08ab7d12816\services.msc
[2006/09/18 14:29:41 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_2b827e27fe185619\services.msc
[2006/11/02 08:14:00 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 14:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SERVICES.RDB >
[2010/05/21 00:08:00 | 000,262,144 | ---- | M] () MD5=00D8C85E07B0D69A27816B54E56EF85B -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
[2010/05/21 00:01:50 | 005,505,024 | ---- | M] () MD5=20999743CA8D1F7132B0BFCE952F2295 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb

< End of report >
  • 0

#7
maliprog
Posted 25 July 2012 - 02:34 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Nice. We found clean replacement.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

FCopy::
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe | c:\windows\system32\Services.exe


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#8
numbers001
Posted 25 July 2012 - 03:04 PM

numbers001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
here it is:

ComboFix 12-07-26.03 - RicoT 07/25/2012 13:50:49.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2522 [GMT -7:00]
Running from: c:\users\RicoT\Desktop\ComboFix.exe
Command switches used :: c:\users\RicoT\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --> c:\windows\system32\Services.exe
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 21:00 . 2012-07-25 21:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-25 20:47 . 2012-07-25 20:47 -------- d-----w- C:\32788R22FWJFW
2012-07-25 15:53 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-25 15:53 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-25 15:53 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-25 15:53 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-25 14:09 . 2012-07-25 14:09 -------- d-----w- C:\_OTL
2012-07-21 22:52 . 2012-07-21 22:52 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-21 22:51 . 2012-07-21 22:51 -------- d-----w- c:\program files (x86)\Oracle
2012-07-21 22:50 . 2012-07-06 05:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-21 20:35 . 2012-07-21 20:35 -------- d-----w- c:\users\RicoT\AppData\Roaming\Malwarebytes
2012-07-21 20:34 . 2012-07-21 20:34 -------- d-----w- c:\programdata\Malwarebytes
2012-07-21 20:34 . 2012-07-21 20:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-21 20:34 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-17 21:52 . 2012-07-17 21:52 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-14 18:33 . 2012-07-14 18:33 -------- d-----w- c:\users\RicoT\AppData\Local\Macromedia
2012-07-14 18:30 . 2012-07-14 19:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-14 18:20 . 2012-07-14 18:20 -------- d-----w- c:\users\RicoT\AppData\Local\AVG Secure Search
2012-07-14 18:20 . 2012-07-16 02:20 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-14 18:20 . 2012-07-14 18:20 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-14 18:20 . 2012-07-18 22:13 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-14 18:16 . 2012-07-14 18:16 -------- d-----w- c:\users\RicoT\AppData\Roaming\AVG2012
2012-07-14 18:12 . 2012-07-14 18:40 -------- d-----w- c:\programdata\AVG2012
2012-07-07 01:40 . 2012-07-07 01:40 -------- d-----w- c:\program files (x86)\DownloadXCtrl.com
2012-06-27 22:37 . 2012-06-27 22:37 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-14 19:06 . 2011-10-30 19:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-06 05:06 . 2010-05-09 00:05 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-25_15.37.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-07-25 20:39 73080 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-08-29 01:35 . 2012-07-25 20:39 28398 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2158484571-1096016247-2215530952-1000_UserData.bin
+ 2012-06-02 22:19 . 2012-06-02 22:19 79232 c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
- 2009-12-01 01:17 . 2012-07-25 15:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-01 01:17 . 2012-07-25 20:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-01 01:17 . 2012-07-25 15:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-01 01:17 . 2012-07-25 20:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-25 15:36 . 2012-07-25 15:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-25 20:36 . 2012-07-25 20:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-25 15:36 . 2012-07-25 15:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-25 20:36 . 2012-07-25 20:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 15:45 . 2012-07-25 20:39 126950 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 12:46 . 2012-07-16 20:33 640214 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-07-25 15:42 640214 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-07-16 20:33 118434 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2012-07-25 15:42 118434 c:\windows\system32\perfc009.dat
+ 2009-08-10 01:30 . 2012-07-25 20:38 491520 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-10 01:30 . 2012-07-25 14:13 491520 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-24 17:06 . 2012-07-25 15:35 434228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-24 17:06 . 2012-07-25 20:30 434228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-12-10 04:13 . 2012-07-25 15:35 434996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2158484571-1096016247-2215530952-1000-8192.dat
+ 2011-12-10 04:13 . 2012-07-25 20:30 434996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2158484571-1096016247-2215530952-1000-8192.dat
+ 2009-08-10 01:30 . 2012-07-25 20:38 7979008 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-10 01:30 . 2012-07-25 14:13 7979008 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-10 01:30 . 2012-07-25 14:13 3407872 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-10 01:30 . 2012-07-25 20:38 3407872 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 12:33 . 2012-06-13 18:42 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2006-11-02 12:33 . 2012-07-25 15:55 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{442AE524-EBA5-4b17-82F3-888D68BC999A}]
2009-11-24 19:27 252416 ----a-w- c:\program files (x86)\oovootb\auxi\oovooAu.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-14 18:20 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]
2009-11-24 21:35 87512 ----a-w- c:\program files (x86)\oovootb\oovoodx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"= "c:\program files (x86)\oovootb\oovoodx.dll" [2009-11-24 87512]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-14 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{a1fb2f9a-d35e-11dd-8935-e46a56d89593}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Akamai NetSession Interface"="c:\users\RicoT\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-29 1148200]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-05-09 206120]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-01-13 210216]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"SecureW2 Tray"="c:\program files (x86)\SecureW2\sw2_tray.exe" [2011-11-04 287112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-14 1107552]
"HF_G_Jul"="c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 250056]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe [2008-11-17 88576]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 18:15 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 19:06]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2158484571-1096016247-2215530952-1000Core.job
- c:\users\RicoT\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-16 01:52]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2158484571-1096016247-2215530952-1000UA.job
- c:\users\RicoT\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-16 01:52]
.
2012-07-09 c:\windows\Tasks\HPCeeScheduleForRicoT.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-03-06 19:34]
.
2012-07-25 c:\windows\Tasks\Registry Optimizer_DEFAULT.job
- c:\program files (x86)\WinZip Registry Optimizer\Winzipro.exe [2012-05-05 17:33]
.
2012-07-18 c:\windows\Tasks\Registry Optimizer_UPDATES.job
- c:\program files (x86)\WinZip Registry Optimizer\Winzipro.exe [2012-05-05 17:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-11 153624]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-11 225816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-11 200216]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-09-18 1552680]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"DLKAStatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\DLKAMUI.exe" [2009-09-06 1679360]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=Z015&form=ZGAPHP
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\RicoT\AppData\Roaming\Mozilla\Firefox\Profiles\f7r9ya4f.default\
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5ad1ebbf-39dd-47cd-acfc-bdee20da46f9%7D&mid=6e79c1b9e2e0c2420d14437cffc22c01-e7ff64913adadd6bd39b8781d96e94ee7e305c72&ds=AVG&v=11.1.0.12&lang=en&pr=fr&d=2012-07-14%2011%3A20%3A29&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2158484571-1096016247-2215530952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2158484571-1096016247-2215530952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2158484571-1096016247-2215530952-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:31,d0,4c,47,42,75,c6,e6,3c,bf,ae,44,4a,f5,84,50,85,8b,ff,e7,a5,47,bb,
ef,68,24,de,25,ff,95,16,43,6d,b8,ea,f2,c8,7c,84,4f,4b,b3,14,06,5c,ec,c5,bd,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
Completion time: 2012-07-25 14:03:02
ComboFix-quarantined-files.txt 2012-07-25 21:03
ComboFix2.txt 2012-07-25 15:48
.
Pre-Run: 62,224,814,080 bytes free
Post-Run: 62,169,882,624 bytes free
.
- - End Of File - - C980BF39DC435E5E0BA0F2C022213DE8
  • 0

#9
maliprog
Posted 25 July 2012 - 03:13 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#10
numbers001
Posted 25 July 2012 - 03:31 PM

numbers001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I restarted the computer and it is not loading windows, after the scan which found nothing, and it has stayed on a black background for some time now. because of that, i did a system restore, and ended up right here i was in the process.

here's the log:

14:25:13.0398 4352 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:25:13.0679 4352 ============================================================
14:25:13.0679 4352 Current date / time: 2012/07/25 14:25:13.0679
14:25:13.0679 4352 SystemInfo:
14:25:13.0679 4352
14:25:13.0679 4352 OS Version: 6.0.6002 ServicePack: 2.0
14:25:13.0679 4352 Product type: Workstation
14:25:13.0679 4352 ComputerName: TAKUN
14:25:13.0679 4352 UserName: RicoT
14:25:13.0679 4352 Windows directory: C:\Windows
14:25:13.0679 4352 System windows directory: C:\Windows
14:25:13.0679 4352 Running under WOW64
14:25:13.0679 4352 Processor architecture: Intel x64
14:25:13.0679 4352 Number of processors: 2
14:25:13.0679 4352 Page size: 0x1000
14:25:13.0679 4352 Boot type: Normal boot
14:25:13.0679 4352 ============================================================
14:25:15.0270 4352 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:25:15.0286 4352 ============================================================
14:25:15.0286 4352 \Device\Harddisk0\DR0:
14:25:15.0286 4352 MBR partitions:
14:25:15.0286 4352 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3876F800
14:25:15.0286 4352 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x38770000, BlocksNum 0x1C14800
14:25:15.0286 4352 ============================================================
14:25:15.0301 4352 C: <-> \Device\Harddisk0\DR0\Partition0
14:25:15.0364 4352 D: <-> \Device\Harddisk0\DR0\Partition1
14:25:15.0364 4352 ============================================================
14:25:15.0364 4352 Initialize success
14:25:15.0364 4352 ============================================================
14:25:42.0586 4388 ============================================================
14:25:42.0586 4388 Scan started
14:25:42.0586 4388 Mode: Manual; SigCheck; TDLFS;
14:25:42.0586 4388 ============================================================
14:25:43.0397 4388 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
14:25:43.0537 4388 Accelerometer - ok
14:25:43.0615 4388 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
14:25:43.0646 4388 ACPI - ok
14:25:43.0818 4388 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:25:43.0834 4388 AdobeARMservice - ok
14:25:44.0068 4388 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:25:44.0083 4388 AdobeFlashPlayerUpdateSvc - ok
14:25:44.0177 4388 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
14:25:44.0208 4388 adp94xx - ok
14:25:44.0317 4388 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
14:25:44.0333 4388 adpahci - ok
14:25:44.0380 4388 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
14:25:44.0395 4388 adpu160m - ok
14:25:44.0426 4388 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
14:25:44.0458 4388 adpu320 - ok
14:25:44.0504 4388 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
14:25:44.0551 4388 AeLookupSvc - ok
14:25:44.0692 4388 AESTFilters (9cac9e19d71e4af99920fcc3eca0e3f1) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe
14:25:44.0723 4388 AESTFilters - ok
14:25:44.0816 4388 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
14:25:44.0894 4388 AFD - ok
14:25:44.0988 4388 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
14:25:45.0004 4388 agp440 - ok
14:25:45.0066 4388 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
14:25:45.0082 4388 aic78xx - ok
14:25:45.0503 4388 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
14:25:45.0503 4388 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
14:25:45.0518 4388 Akamai ( HiddenFile.Multi.Generic ) - warning
14:25:45.0518 4388 Akamai - detected HiddenFile.Multi.Generic (1)
14:25:45.0674 4388 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
14:25:45.0799 4388 ALG - ok
14:25:45.0908 4388 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
14:25:45.0924 4388 aliide - ok
14:25:45.0940 4388 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
14:25:45.0955 4388 amdide - ok
14:25:46.0002 4388 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
14:25:46.0080 4388 AmdK8 - ok
14:25:46.0142 4388 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
14:25:46.0174 4388 Appinfo - ok
14:25:46.0267 4388 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:25:46.0283 4388 Apple Mobile Device - ok
14:25:46.0345 4388 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
14:25:46.0361 4388 arc - ok
14:25:46.0454 4388 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
14:25:46.0470 4388 arcsas - ok
14:25:46.0657 4388 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:25:46.0673 4388 aspnet_state - ok
14:25:46.0720 4388 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
14:25:46.0782 4388 AsyncMac - ok
14:25:46.0798 4388 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
14:25:46.0829 4388 atapi - ok
14:25:46.0969 4388 athr (8aab1125385d6c2f0d2795d143118383) C:\Windows\system32\DRIVERS\athrx.sys
14:25:47.0063 4388 athr - ok
14:25:47.0266 4388 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
14:25:47.0344 4388 AudioEndpointBuilder - ok
14:25:47.0344 4388 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
14:25:47.0422 4388 AudioSrv - ok
14:25:47.0968 4388 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
14:25:48.0451 4388 AVGIDSAgent - ok
14:25:48.0701 4388 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
14:25:48.0748 4388 AVGIDSDriver - ok
14:25:48.0779 4388 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
14:25:48.0794 4388 AVGIDSFilter - ok
14:25:48.0857 4388 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
14:25:48.0872 4388 AVGIDSHA - ok
14:25:48.0919 4388 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
14:25:48.0935 4388 Avgldx64 - ok
14:25:48.0982 4388 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
14:25:48.0997 4388 Avgmfx64 - ok
14:25:49.0044 4388 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
14:25:49.0060 4388 Avgrkx64 - ok
14:25:49.0091 4388 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
14:25:49.0153 4388 Avgtdia - ok
14:25:49.0403 4388 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
14:25:49.0418 4388 avgwd - ok
14:25:49.0450 4388 Beep - ok
14:25:49.0512 4388 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
14:25:49.0574 4388 BFE - ok
14:25:49.0668 4388 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
14:25:49.0730 4388 blbdrive - ok
14:25:49.0840 4388 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:25:49.0902 4388 Bonjour Service - ok
14:25:49.0980 4388 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
14:25:50.0042 4388 bowser - ok
14:25:50.0105 4388 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
14:25:50.0167 4388 BrFiltLo - ok
14:25:50.0198 4388 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
14:25:50.0245 4388 BrFiltUp - ok
14:25:50.0323 4388 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
14:25:50.0417 4388 Browser - ok
14:25:50.0495 4388 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
14:25:50.0713 4388 Brserid - ok
14:25:50.0744 4388 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
14:25:50.0854 4388 BrSerWdm - ok
14:25:50.0885 4388 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
14:25:50.0994 4388 BrUsbMdm - ok
14:25:51.0025 4388 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
14:25:51.0134 4388 BrUsbSer - ok
14:25:51.0212 4388 BthEnum (471ff09330a53177bbe9fd6ddf8a8259) C:\Windows\system32\DRIVERS\BthEnum.sys
14:25:51.0259 4388 BthEnum - ok
14:25:51.0306 4388 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
14:25:51.0415 4388 BTHMODEM - ok
14:25:51.0478 4388 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
14:25:51.0556 4388 BthPan - ok
14:25:51.0665 4388 BTHPORT (7d104f22c04a76f0d2f96f789ac07fcb) C:\Windows\system32\Drivers\BTHport.sys
14:25:51.0758 4388 BTHPORT - ok
14:25:51.0821 4388 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll
14:25:51.0883 4388 BthServ - ok
14:25:51.0899 4388 BTHUSB (d9324f0c142267961ce900bfc3798bb1) C:\Windows\system32\Drivers\BTHUSB.sys
14:25:51.0914 4388 BTHUSB - ok
14:25:51.0914 4388 catchme - ok
14:25:51.0977 4388 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
14:25:52.0039 4388 cdfs - ok
14:25:52.0102 4388 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
14:25:52.0148 4388 cdrom - ok
14:25:52.0211 4388 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
14:25:52.0258 4388 CertPropSvc - ok
14:25:52.0304 4388 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
14:25:52.0398 4388 circlass - ok
14:25:52.0460 4388 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
14:25:52.0507 4388 CLFS - ok
14:25:52.0648 4388 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:25:52.0663 4388 clr_optimization_v2.0.50727_32 - ok
14:25:52.0757 4388 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:25:52.0772 4388 clr_optimization_v2.0.50727_64 - ok
14:25:52.0913 4388 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:25:52.0928 4388 clr_optimization_v4.0.30319_32 - ok
14:25:52.0991 4388 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:25:53.0006 4388 clr_optimization_v4.0.30319_64 - ok
14:25:53.0069 4388 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
14:25:53.0116 4388 CmBatt - ok
14:25:53.0131 4388 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
14:25:53.0147 4388 cmdide - ok
14:25:53.0318 4388 Com4QLBEx (2f27104f5d6ed63fdac38cacb9d19dfd) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
14:25:53.0334 4388 Com4QLBEx - ok
14:25:53.0381 4388 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
14:25:53.0396 4388 Compbatt - ok
14:25:53.0396 4388 COMSysApp - ok
14:25:53.0412 4388 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
14:25:53.0428 4388 crcdisk - ok
14:25:53.0506 4388 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
14:25:53.0552 4388 CryptSvc - ok
14:25:53.0677 4388 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
14:25:53.0802 4388 DcomLaunch - ok
14:25:53.0880 4388 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
14:25:53.0942 4388 DfsC - ok
14:25:54.0208 4388 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
14:25:54.0395 4388 DFSR - ok
14:25:54.0660 4388 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
14:25:54.0722 4388 Dhcp - ok
14:25:54.0800 4388 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
14:25:54.0832 4388 disk - ok
14:25:54.0910 4388 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
14:25:54.0925 4388 Dnscache - ok
14:25:54.0988 4388 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
14:25:55.0034 4388 dot3svc - ok
14:25:55.0097 4388 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
14:25:55.0159 4388 DPS - ok
14:25:55.0206 4388 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
14:25:55.0253 4388 drmkaud - ok
14:25:55.0346 4388 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
14:25:55.0393 4388 DXGKrnl - ok
14:25:55.0471 4388 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
14:25:55.0534 4388 E1G60 - ok
14:25:55.0565 4388 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
14:25:55.0627 4388 EapHost - ok
14:25:55.0690 4388 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
14:25:55.0721 4388 Ecache - ok
14:25:55.0799 4388 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
14:25:55.0846 4388 ehRecvr - ok
14:25:55.0861 4388 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
14:25:55.0892 4388 ehSched - ok
14:25:55.0939 4388 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
14:25:55.0970 4388 ehstart - ok
14:25:56.0017 4388 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
14:25:56.0048 4388 elxstor - ok
14:25:56.0111 4388 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
14:25:56.0220 4388 EMDMgmt - ok
14:25:56.0298 4388 enecir (cd0c80e5e9a9bf8dd145f43713d77993) C:\Windows\system32\DRIVERS\enecir.sys
14:25:56.0360 4388 enecir - ok
14:25:56.0392 4388 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
14:25:56.0470 4388 ErrDev - ok
14:25:56.0548 4388 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
14:25:56.0594 4388 EventSystem - ok
14:25:56.0657 4388 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
14:25:56.0719 4388 exfat - ok
14:25:56.0750 4388 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
14:25:56.0797 4388 fastfat - ok
14:25:56.0860 4388 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
14:25:56.0938 4388 fdc - ok
14:25:56.0969 4388 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
14:25:57.0016 4388 fdPHost - ok
14:25:57.0031 4388 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
14:25:57.0125 4388 FDResPub - ok
14:25:57.0156 4388 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
14:25:57.0172 4388 FileInfo - ok
14:25:57.0203 4388 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
14:25:57.0250 4388 Filetrace - ok
14:25:57.0265 4388 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:25:57.0343 4388 flpydisk - ok
14:25:57.0374 4388 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
14:25:57.0406 4388 FltMgr - ok
14:25:57.0546 4388 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
14:25:57.0671 4388 FontCache - ok
14:25:57.0842 4388 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:25:57.0858 4388 FontCache3.0.0.0 - ok
14:25:57.0983 4388 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
14:25:57.0998 4388 fssfltr - ok
14:25:58.0264 4388 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
14:25:58.0373 4388 fsssvc - ok
14:25:58.0638 4388 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
14:25:58.0685 4388 Fs_Rec - ok
14:25:58.0700 4388 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
14:25:58.0716 4388 gagp30kx - ok
14:25:58.0794 4388 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:25:58.0794 4388 GEARAspiWDM - ok
14:25:58.0919 4388 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
14:25:59.0012 4388 gpsvc - ok
14:25:59.0090 4388 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
14:25:59.0184 4388 HdAudAddService - ok
14:25:59.0340 4388 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:25:59.0402 4388 HDAudBus - ok
14:25:59.0434 4388 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
14:25:59.0527 4388 HidBth - ok
14:25:59.0605 4388 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
14:25:59.0668 4388 HidIr - ok
14:25:59.0730 4388 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
14:25:59.0792 4388 hidserv - ok
14:25:59.0824 4388 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
14:25:59.0886 4388 HidUsb - ok
14:25:59.0917 4388 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
14:25:59.0995 4388 hkmsvc - ok
14:26:00.0167 4388 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
14:26:00.0182 4388 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
14:26:00.0182 4388 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
14:26:00.0245 4388 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
14:26:00.0260 4388 HpCISSs - ok
14:26:00.0307 4388 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
14:26:00.0323 4388 hpdskflt - ok
14:26:00.0370 4388 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
14:26:00.0401 4388 HpqKbFiltr - ok
14:26:00.0494 4388 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
14:26:00.0510 4388 hpqwmiex - ok
14:26:00.0541 4388 hpsrv (6bf024ea61d7894bf4af0b10a90b546e) C:\Windows\system32\Hpservice.exe
14:26:00.0557 4388 hpsrv - ok
14:26:00.0635 4388 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
14:26:00.0728 4388 HTTP - ok
14:26:00.0744 4388 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
14:26:00.0760 4388 i2omp - ok
14:26:00.0869 4388 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
14:26:00.0947 4388 i8042prt - ok
14:26:01.0009 4388 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
14:26:01.0040 4388 iaStorV - ok
14:26:01.0165 4388 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:26:01.0181 4388 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:26:01.0181 4388 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:26:01.0384 4388 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:26:01.0446 4388 idsvc - ok
14:26:02.0054 4388 igfx (7b0a679638e9380c0d8d42c7d43f8169) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:26:02.0444 4388 igfx - ok
14:26:02.0647 4388 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
14:26:02.0663 4388 iirsp - ok
14:26:02.0725 4388 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
14:26:02.0819 4388 IKEEXT - ok
14:26:02.0881 4388 IntcHdmiAddService (be1cb000c655396c9def09aee3ea2d67) C:\Windows\system32\drivers\IntcHdmi.sys
14:26:02.0928 4388 IntcHdmiAddService - ok
14:26:02.0975 4388 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
14:26:02.0990 4388 intelide - ok
14:26:03.0022 4388 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
14:26:03.0115 4388 intelppm - ok
14:26:03.0131 4388 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
14:26:03.0178 4388 IPBusEnum - ok
14:26:03.0224 4388 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:26:03.0256 4388 IpFilterDriver - ok
14:26:03.0302 4388 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
14:26:03.0349 4388 iphlpsvc - ok
14:26:03.0349 4388 IpInIp - ok
14:26:03.0396 4388 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
14:26:03.0474 4388 IPMIDRV - ok
14:26:03.0521 4388 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
14:26:03.0599 4388 IPNAT - ok
14:26:03.0739 4388 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files (x86)\iPod\bin\iPodService.exe
14:26:03.0802 4388 iPod Service - ok
14:26:03.0848 4388 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
14:26:03.0911 4388 IRENUM - ok
14:26:03.0958 4388 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
14:26:03.0973 4388 isapnp - ok
14:26:04.0020 4388 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
14:26:04.0051 4388 iScsiPrt - ok
14:26:04.0067 4388 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
14:26:04.0082 4388 iteatapi - ok
14:26:04.0129 4388 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
14:26:04.0145 4388 iteraid - ok
14:26:04.0207 4388 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
14:26:04.0223 4388 kbdclass - ok
14:26:04.0285 4388 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
14:26:04.0363 4388 kbdhid - ok
14:26:04.0410 4388 KeyIso (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
14:26:04.0426 4388 KeyIso - ok
14:26:04.0472 4388 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
14:26:04.0519 4388 KSecDD - ok
14:26:04.0582 4388 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
14:26:04.0660 4388 ksthunk - ok
14:26:04.0738 4388 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
14:26:04.0862 4388 KtmRm - ok
14:26:04.0909 4388 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
14:26:04.0940 4388 LanmanServer - ok
14:26:05.0018 4388 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
14:26:05.0065 4388 LanmanWorkstation - ok
14:26:05.0206 4388 LightScribeService (ac2e68e3421af857b8d438414e7ae31c) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:26:05.0221 4388 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:26:05.0221 4388 LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:26:05.0237 4388 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
14:26:05.0299 4388 lltdio - ok
14:26:05.0346 4388 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
14:26:05.0440 4388 lltdsvc - ok
14:26:05.0455 4388 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
14:26:05.0518 4388 lmhosts - ok
14:26:05.0564 4388 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
14:26:05.0580 4388 LSI_FC - ok
14:26:05.0596 4388 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
14:26:05.0611 4388 LSI_SAS - ok
14:26:05.0642 4388 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
14:26:05.0658 4388 LSI_SCSI - ok
14:26:05.0705 4388 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
14:26:05.0767 4388 luafv - ok
14:26:05.0814 4388 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
14:26:05.0845 4388 MBAMProtector - ok
14:26:05.0923 4388 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:26:05.0986 4388 MBAMService - ok
14:26:06.0048 4388 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
14:26:06.0095 4388 Mcx2Svc - ok
14:26:06.0173 4388 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
14:26:06.0188 4388 megasas - ok
14:26:06.0266 4388 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
14:26:06.0298 4388 MegaSR - ok
14:26:06.0344 4388 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
14:26:06.0422 4388 MMCSS - ok
14:26:06.0454 4388 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
14:26:06.0547 4388 Modem - ok
14:26:06.0594 4388 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
14:26:06.0656 4388 monitor - ok
14:26:06.0688 4388 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
14:26:06.0703 4388 mouclass - ok
14:26:06.0750 4388 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
14:26:06.0812 4388 mouhid - ok
14:26:06.0844 4388 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
14:26:06.0859 4388 MountMgr - ok
14:26:06.0968 4388 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:26:06.0984 4388 MozillaMaintenance - ok
14:26:07.0031 4388 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
14:26:07.0046 4388 mpio - ok
14:26:07.0078 4388 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
14:26:07.0140 4388 mpsdrv - ok
14:26:07.0202 4388 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
14:26:07.0296 4388 MpsSvc - ok
14:26:07.0343 4388 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
14:26:07.0358 4388 Mraid35x - ok
14:26:07.0405 4388 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
14:26:07.0436 4388 MRxDAV - ok
14:26:07.0468 4388 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:26:07.0514 4388 mrxsmb - ok
14:26:07.0546 4388 mrxsmb10 (6dc9461915a551c2a625986f5fb3b851) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:26:07.0608 4388 mrxsmb10 - ok
14:26:07.0655 4388 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:26:07.0686 4388 mrxsmb20 - ok
14:26:07.0748 4388 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
14:26:07.0764 4388 msahci - ok
14:26:07.0826 4388 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
14:26:07.0842 4388 msdsm - ok
14:26:07.0904 4388 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
14:26:07.0982 4388 MSDTC - ok
14:26:08.0045 4388 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
14:26:08.0092 4388 Msfs - ok
14:26:08.0154 4388 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
14:26:08.0170 4388 msisadrv - ok
14:26:08.0201 4388 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
14:26:08.0263 4388 MSiSCSI - ok
14:26:08.0263 4388 msiserver - ok
14:26:08.0326 4388 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
14:26:08.0404 4388 MSKSSRV - ok
14:26:08.0435 4388 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
14:26:08.0513 4388 MSPCLOCK - ok
14:26:08.0544 4388 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
14:26:08.0622 4388 MSPQM - ok
14:26:08.0684 4388 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
14:26:08.0700 4388 MsRPC - ok
14:26:08.0747 4388 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
14:26:08.0762 4388 mssmbios - ok
14:26:08.0825 4388 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
14:26:08.0903 4388 MSTEE - ok
14:26:08.0950 4388 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
14:26:08.0965 4388 Mup - ok
14:26:09.0028 4388 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
14:26:09.0106 4388 napagent - ok
14:26:09.0168 4388 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
14:26:09.0230 4388 NativeWifiP - ok
14:26:09.0308 4388 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
14:26:09.0371 4388 NDIS - ok
14:26:09.0433 4388 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
14:26:09.0511 4388 NdisTapi - ok
14:26:09.0527 4388 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
14:26:09.0589 4388 Ndisuio - ok
14:26:09.0652 4388 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
14:26:09.0698 4388 NdisWan - ok
14:26:09.0761 4388 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
14:26:09.0823 4388 NDProxy - ok
14:26:09.0839 4388 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
14:26:09.0901 4388 NetBIOS - ok
14:26:09.0948 4388 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
14:26:10.0010 4388 netbt - ok
14:26:10.0057 4388 Netlogon (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
14:26:10.0073 4388 Netlogon - ok
14:26:10.0135 4388 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
14:26:10.0229 4388 Netman - ok
14:26:10.0400 4388 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:26:10.0416 4388 NetMsmqActivator - ok
14:26:10.0416 4388 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:26:10.0432 4388 NetPipeActivator - ok
14:26:10.0478 4388 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
14:26:10.0556 4388 netprofm - ok
14:26:10.0572 4388 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:26:10.0588 4388 NetTcpActivator - ok
14:26:10.0588 4388 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:26:10.0603 4388 NetTcpPortSharing - ok
14:26:10.0962 4388 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
14:26:11.0258 4388 NETw3v64 - ok
14:26:11.0492 4388 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
14:26:11.0508 4388 nfrd960 - ok
14:26:11.0570 4388 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
14:26:11.0648 4388 NlaSvc - ok
14:26:11.0695 4388 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
14:26:11.0726 4388 Npfs - ok
14:26:11.0773 4388 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
14:26:11.0836 4388 nsi - ok
14:26:11.0851 4388 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
14:26:11.0914 4388 nsiproxy - ok
14:26:12.0054 4388 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
14:26:12.0179 4388 Ntfs - ok
14:26:12.0413 4388 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
14:26:12.0491 4388 Null - ok
14:26:12.0506 4388 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
14:26:12.0522 4388 nvraid - ok
14:26:12.0569 4388 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
14:26:12.0584 4388 nvstor - ok
14:26:12.0631 4388 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
14:26:12.0647 4388 nv_agp - ok
14:26:12.0662 4388 NwlnkFlt - ok
14:26:12.0662 4388 NwlnkFwd - ok
14:26:12.0709 4388 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
14:26:12.0787 4388 ohci1394 - ok
14:26:12.0881 4388 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:26:12.0896 4388 ose - ok
14:26:13.0349 4388 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:26:13.0489 4388 osppsvc - ok
14:26:13.0708 4388 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
14:26:13.0770 4388 p2pimsvc - ok
14:26:13.0786 4388 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
14:26:13.0848 4388 p2psvc - ok
14:26:13.0988 4388 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
14:26:14.0066 4388 Parport - ok
14:26:14.0113 4388 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
14:26:14.0144 4388 partmgr - ok
14:26:14.0191 4388 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
14:26:14.0222 4388 PcaSvc - ok
14:26:14.0254 4388 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
14:26:14.0285 4388 pci - ok
14:26:14.0316 4388 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys
14:26:14.0332 4388 pciide - ok
14:26:14.0363 4388 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
14:26:14.0394 4388 pcmcia - ok
14:26:14.0472 4388 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
14:26:14.0628 4388 PEAUTH - ok
14:26:14.0768 4388 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
14:26:14.0831 4388 PerfHost - ok
14:26:14.0987 4388 Pharos Systems ComTaskMaster (bd24e98e6546adf6a31a41485483eb6c) C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
14:26:15.0034 4388 Pharos Systems ComTaskMaster ( UnsignedFile.Multi.Generic ) - warning
14:26:15.0034 4388 Pharos Systems ComTaskMaster - detected UnsignedFile.Multi.Generic (1)
14:26:15.0236 4388 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
14:26:15.0314 4388 pla - ok
14:26:15.0361 4388 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
14:26:15.0408 4388 PlugPlay - ok
14:26:15.0486 4388 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
14:26:15.0517 4388 PNRPAutoReg - ok
14:26:15.0533 4388 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
14:26:15.0595 4388 PNRPsvc - ok
14:26:15.0673 4388 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
14:26:15.0767 4388 PolicyAgent - ok
14:26:15.0985 4388 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
14:26:16.0032 4388 PptpMiniport - ok
14:26:16.0063 4388 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
14:26:16.0141 4388 Processor - ok
14:26:16.0188 4388 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
14:26:16.0235 4388 ProfSvc - ok
14:26:16.0297 4388 ProtectedStorage (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
14:26:16.0313 4388 ProtectedStorage - ok
14:26:16.0375 4388 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
14:26:16.0406 4388 PSched - ok
14:26:16.0562 4388 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
14:26:16.0656 4388 ql2300 - ok
14:26:16.0734 4388 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
14:26:16.0750 4388 ql40xx - ok
14:26:16.0828 4388 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
14:26:16.0890 4388 QWAVE - ok
14:26:16.0906 4388 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
14:26:16.0937 4388 QWAVEdrv - ok
14:26:16.0952 4388 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
14:26:16.0999 4388 RasAcd - ok
14:26:17.0030 4388 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
14:26:17.0093 4388 RasAuto - ok
14:26:17.0171 4388 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:26:17.0233 4388 Rasl2tp - ok
14:26:17.0264 4388 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
14:26:17.0327 4388 RasMan - ok
14:26:17.0358 4388 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
14:26:17.0436 4388 RasPppoe - ok
14:26:17.0483 4388 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
14:26:17.0530 4388 RasSstp - ok
14:26:17.0576 4388 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
14:26:17.0639 4388 rdbss - ok
14:26:17.0654 4388 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:26:17.0701 4388 RDPCDD - ok
14:26:17.0764 4388 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
14:26:17.0826 4388 rdpdr - ok
14:26:17.0842 4388 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
14:26:17.0935 4388 RDPENCDD - ok
14:26:17.0982 4388 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
14:26:18.0044 4388 RDPWD - ok
14:26:18.0154 4388 Recovery Service for Windows (2063d6b51fd874e67502b31a9fdba685) C:\Program Files (x86)\SMINST\BLService.exe
14:26:18.0185 4388 Recovery Service for Windows - ok
14:26:18.0232 4388 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
14:26:18.0325 4388 RemoteAccess - ok
14:26:18.0356 4388 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
14:26:18.0419 4388 RemoteRegistry - ok
14:26:18.0481 4388 RFCOMM (72c35598ba591abddc37fce7d26fe1c4) C:\Windows\system32\DRIVERS\rfcomm.sys
14:26:18.0497 4388 RFCOMM - ok
14:26:18.0637 4388 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
14:26:18.0653 4388 RichVideo - ok
14:26:18.0684 4388 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
14:26:18.0715 4388 RpcLocator - ok
14:26:18.0809 4388 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\System32\rpcss.dll
14:26:18.0887 4388 RpcSs - ok
14:26:18.0949 4388 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
14:26:19.0027 4388 rspndr - ok
14:26:19.0090 4388 RTL8169 (390482953c63e81bae52f20386394421) C:\Windows\system32\DRIVERS\Rtlh64.sys
14:26:19.0152 4388 RTL8169 - ok
14:26:19.0183 4388 RTSTOR (ba9306c027a92a7ed685f7c6e2d2b00b) C:\Windows\system32\drivers\RTSTOR64.SYS
14:26:19.0230 4388 RTSTOR - ok
14:26:19.0292 4388 SamSs (40348dcec0712ed42231c5f90a69a690) C:\Windows\system32\lsass.exe
14:26:19.0308 4388 SamSs - ok
14:26:19.0324 4388 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
14:26:19.0339 4388 sbp2port - ok
14:26:19.0402 4388 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
14:26:19.0448 4388 SCardSvr - ok
14:26:19.0558 4388 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
14:26:19.0651 4388 Schedule - ok
14:26:19.0714 4388 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
14:26:19.0745 4388 SCPolicySvc - ok
14:26:19.0792 4388 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
14:26:19.0870 4388 sdbus - ok
14:26:19.0916 4388 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
14:26:19.0948 4388 SDRSVC - ok
14:26:19.0979 4388 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:26:20.0088 4388 secdrv - ok
14:26:20.0104 4388 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
14:26:20.0166 4388 seclogon - ok
14:26:20.0213 4388 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
14:26:20.0306 4388 SENS - ok
14:26:20.0338 4388 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
14:26:20.0416 4388 Serenum - ok
14:26:20.0462 4388 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
14:26:20.0556 4388 Serial - ok
14:26:20.0572 4388 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
14:26:20.0634 4388 sermouse - ok
14:26:20.0712 4388 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
14:26:20.0774 4388 SessionEnv - ok
14:26:20.0821 4388 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
14:26:20.0868 4388 sffdisk - ok
14:26:20.0915 4388 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
14:26:20.0962 4388 sffp_mmc - ok
14:26:20.0977 4388 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
14:26:21.0055 4388 sffp_sd - ok
14:26:21.0086 4388 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
14:26:21.0196 4388 sfloppy - ok
14:26:21.0258 4388 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
14:26:21.0336 4388 SharedAccess - ok
14:26:21.0398 4388 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
14:26:21.0430 4388 ShellHWDetection - ok
14:26:21.0476 4388 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
14:26:21.0492 4388 SiSRaid2 - ok
14:26:21.0508 4388 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
14:26:21.0523 4388 SiSRaid4 - ok
14:26:21.0820 4388 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
14:26:22.0069 4388 slsvc - ok
14:26:22.0225 4388 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
14:26:22.0272 4388 SLUINotify - ok
14:26:22.0350 4388 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
14:26:22.0381 4388 Smb - ok
14:26:22.0444 4388 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
14:26:22.0475 4388 SNMPTRAP - ok
14:26:22.0490 4388 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
14:26:22.0506 4388 spldr - ok
14:26:22.0553 4388 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
14:26:22.0568 4388 Spooler - ok
14:26:22.0678 4388 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
14:26:22.0678 4388 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
14:26:22.0678 4388 sptd ( LockedFile.Multi.Generic ) - warning
14:26:22.0678 4388 sptd - detected LockedFile.Multi.Generic (1)
14:26:22.0740 4388 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
14:26:22.0818 4388 srv - ok
14:26:22.0865 4388 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
14:26:22.0912 4388 srv2 - ok
14:26:22.0943 4388 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
14:26:22.0990 4388 srvnet - ok
14:26:23.0036 4388 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
14:26:23.0099 4388 SSDPSRV - ok
14:26:23.0192 4388 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
14:26:23.0255 4388 SstpSvc - ok
14:26:23.0411 4388 STacSV (60706b595c63b595de05ba1b6ea008f8) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\STacSV64.exe
14:26:23.0426 4388 STacSV - ok
14:26:23.0536 4388 STHDA (aa408ec8f77d3f5e745f5f7e5b133d8e) C:\Windows\system32\DRIVERS\stwrt64.sys
14:26:23.0598 4388 STHDA - ok
14:26:23.0692 4388 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
14:26:23.0723 4388 stisvc - ok
14:26:23.0754 4388 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
14:26:23.0770 4388 swenum - ok
14:26:23.0816 4388 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
14:26:23.0910 4388 swprv - ok
14:26:23.0957 4388 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
14:26:23.0972 4388 Symc8xx - ok
14:26:24.0004 4388 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
14:26:24.0019 4388 Sym_hi - ok
14:26:24.0066 4388 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
14:26:24.0082 4388 Sym_u3 - ok
14:26:24.0160 4388 SynTP (76005f0816efd995ee87329d0f5d1486) C:\Windows\system32\DRIVERS\SynTP.sys
14:26:24.0175 4388 SynTP - ok
14:26:24.0269 4388 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
14:26:24.0362 4388 SysMain - ok
14:26:24.0425 4388 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
14:26:24.0472 4388 TabletInputService - ok
14:26:24.0518 4388 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
14:26:24.0581 4388 TapiSrv - ok
14:26:24.0612 4388 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
14:26:24.0674 4388 TBS - ok
14:26:24.0846 4388 Tcpip (0011810b5211fdacd784de585262ecfe) C:\Windows\system32\drivers\tcpip.sys
14:26:24.0955 4388 Tcpip - ok
14:26:25.0330 4388 Tcpip6 (0011810b5211fdacd784de585262ecfe) C:\Windows\system32\DRIVERS\tcpip.sys
14:26:25.0439 4388 Tcpip6 - ok
14:26:25.0642 4388 tcpipreg (ce3ae2ba7a076f0ade9f48c598c1d15d) C:\Windows\system32\drivers\tcpipreg.sys
14:26:25.0673 4388 tcpipreg - ok
14:26:25.0720 4388 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
14:26:25.0813 4388 TDPIPE - ok
14:26:25.0844 4388 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
14:26:25.0938 4388 TDTCP - ok
14:26:25.0985 4388 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
14:26:26.0063 4388 tdx - ok
14:26:26.0125 4388 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
14:26:26.0141 4388 TermDD - ok
14:26:26.0219 4388 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
14:26:26.0328 4388 TermService - ok
14:26:26.0406 4388 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
14:26:26.0422 4388 Themes - ok
14:26:26.0484 4388 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
14:26:26.0531 4388 THREADORDER - ok
14:26:26.0593 4388 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
14:26:26.0656 4388 TrkWks - ok
14:26:26.0749 4388 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
14:26:26.0827 4388 TrustedInstaller - ok
14:26:26.0874 4388 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:26:26.0952 4388 tssecsrv - ok
14:26:26.0999 4388 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
14:26:27.0014 4388 tunmp - ok
14:26:27.0061 4388 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
14:26:27.0108 4388 tunnel - ok
14:26:27.0311 4388 TVCapSvc (1c31169dddc70c1605f703da701eaeea) C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
14:26:27.0326 4388 TVCapSvc - ok
14:26:27.0373 4388 TVSched (290b8c381dbc15d3dbcbd2bdb6b0ba12) C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
14:26:27.0373 4388 TVSched - ok
14:26:27.0436 4388 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
14:26:27.0451 4388 uagp35 - ok
14:26:27.0514 4388 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
14:26:27.0560 4388 udfs - ok
14:26:27.0607 4388 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
14:26:27.0701 4388 UI0Detect - ok
14:26:27.0748 4388 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
14:26:27.0763 4388 uliagpkx - ok
14:26:27.0794 4388 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
14:26:27.0826 4388 uliahci - ok
14:26:27.0841 4388 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
14:26:27.0857 4388 UlSata - ok
14:26:27.0888 4388 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
14:26:27.0919 4388 ulsata2 - ok
14:26:27.0950 4388 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
14:26:27.0997 4388 umbus - ok
14:26:28.0091 4388 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
14:26:28.0153 4388 upnphost - ok
14:26:28.0184 4388 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
14:26:28.0216 4388 USBAAPL64 - ok
14:26:28.0278 4388 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
14:26:28.0356 4388 usbccgp - ok
14:26:28.0403 4388 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
14:26:28.0512 4388 usbcir - ok
14:26:28.0590 4388 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
14:26:28.0668 4388 usbehci - ok
14:26:28.0730 4388 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
14:26:28.0777 4388 usbhub - ok
14:26:28.0824 4388 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
14:26:28.0933 4388 usbohci - ok
14:26:28.0964 4388 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
14:26:29.0042 4388 usbprint - ok
14:26:29.0074 4388 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
14:26:29.0120 4388 usbscan - ok
14:26:29.0167 4388 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:26:29.0214 4388 USBSTOR - ok
14:26:29.0245 4388 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
14:26:29.0292 4388 usbuhci - ok
14:26:29.0370 4388 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
14:26:29.0448 4388 usbvideo - ok
14:26:29.0479 4388 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
14:26:29.0526 4388 UxSms - ok
14:26:29.0573 4388 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
14:26:29.0666 4388 vds - ok
14:26:29.0744 4388 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
14:26:29.0822 4388 vga - ok
14:26:29.0838 4388 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
14:26:29.0900 4388 VgaSave - ok
14:26:29.0932 4388 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
14:26:29.0947 4388 viaide - ok
14:26:30.0072 4388 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
14:26:30.0072 4388 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - warning
14:26:30.0072 4388 Viewpoint Manager Service - detected UnsignedFile.Multi.Generic (1)
14:26:30.0150 4388 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
14:26:30.0166 4388 volmgr - ok
14:26:30.0244 4388 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
14:26:30.0275 4388 volmgrx - ok
14:26:30.0322 4388 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
14:26:30.0337 4388 volsnap - ok
14:26:30.0400 4388 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
14:26:30.0415 4388 vsmraid - ok
14:26:30.0540 4388 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
14:26:30.0696 4388 VSS - ok
14:26:30.0852 4388 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
14:26:30.0914 4388 vToolbarUpdater11.2.0 - ok
14:26:31.0133 4388 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
14:26:31.0211 4388 W32Time - ok
14:26:31.0304 4388 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
14:26:31.0414 4388 WacomPen - ok
14:26:31.0445 4388 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
14:26:31.0492 4388 Wanarp - ok
14:26:31.0492 4388 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
14:26:31.0538 4388 Wanarpv6 - ok
14:26:31.0601 4388 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
14:26:31.0694 4388 wcncsvc - ok
14:26:31.0757 4388 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
14:26:31.0835 4388 WcsPlugInService - ok
14:26:31.0866 4388 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
14:26:31.0882 4388 Wd - ok
14:26:31.0960 4388 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:26:31.0991 4388 Wdf01000 - ok
14:26:32.0022 4388 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
14:26:32.0084 4388 WdiServiceHost - ok
14:26:32.0084 4388 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
14:26:32.0147 4388 WdiSystemHost - ok
14:26:32.0194 4388 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
14:26:32.0225 4388 WebClient - ok
14:26:32.0256 4388 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
14:26:32.0303 4388 Wecsvc - ok
14:26:32.0318 4388 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
14:26:32.0350 4388 wercplsupport - ok
14:26:32.0365 4388 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
14:26:32.0428 4388 WerSvc - ok
14:26:32.0474 4388 WinDefend - ok
14:26:32.0490 4388 WinHttpAutoProxySvc - ok
14:26:32.0630 4388 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
14:26:32.0708 4388 Winmgmt - ok
14:26:32.0864 4388 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
14:26:33.0036 4388 WinRM - ok
14:26:33.0317 4388 WinUSB (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.sys
14:26:33.0364 4388 WinUSB - ok
14:26:33.0442 4388 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
14:26:33.0551 4388 Wlansvc - ok
14:26:33.0691 4388 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:26:33.0707 4388 wlcrasvc - ok
14:26:33.0956 4388 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:26:34.0034 4388 wlidsvc - ok
14:26:34.0222 4388 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:26:34.0268 4388 WmiAcpi - ok
14:26:34.0378 4388 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
14:26:34.0424 4388 wmiApSrv - ok
14:26:34.0456 4388 WMPNetworkSvc - ok
14:26:34.0502 4388 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
14:26:34.0534 4388 WPCSvc - ok
14:26:34.0549 4388 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
14:26:34.0596 4388 WPDBusEnum - ok
14:26:34.0674 4388 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
14:26:34.0690 4388 WpdUsb - ok
14:26:34.0955 4388 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:26:35.0017 4388 WPFFontCache_v0400 - ok
14:26:35.0064 4388 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
14:26:35.0158 4388 ws2ifsl - ok
14:26:35.0189 4388 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
14:26:35.0204 4388 wscsvc - ok
14:26:35.0220 4388 WSearch - ok
14:26:35.0423 4388 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:26:35.0563 4388 wuauserv - ok
14:26:35.0844 4388 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
14:26:35.0906 4388 WudfPf - ok
14:26:35.0938 4388 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:26:35.0969 4388 WUDFRd - ok
14:26:36.0031 4388 wudfsvc (3dcc7bf5afa921b479e622bd999121f3) C:\Windows\System32\WUDFSvc.dll
14:26:36.0078 4388 wudfsvc - ok
14:26:36.0140 4388 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
14:26:36.0250 4388 yukonx64 - ok
14:26:36.0390 4388 {55662437-DA8C-40c0-AADA-2C816A897A49} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
14:26:36.0421 4388 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
14:26:36.0452 4388 MBR (0x1B8) (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0
14:26:37.0404 4388 \Device\Harddisk0\DR0 - ok
14:26:37.0435 4388 Boot (0x1200) (72fc051669022d5046748091154462be) \Device\Harddisk0\DR0\Partition0
14:26:37.0435 4388 \Device\Harddisk0\DR0\Partition0 - ok
14:26:37.0482 4388 Boot (0x1200) (23c4e4b7689898bc753656d3accb134a) \Device\Harddisk0\DR0\Partition1
14:26:37.0482 4388 \Device\Harddisk0\DR0\Partition1 - ok
14:26:37.0482 4388 ============================================================
14:26:37.0482 4388 Scan finished
14:26:37.0482 4388 ============================================================
14:26:37.0498 4772 Detected object count: 7
14:26:37.0498 4772 Actual detected object count: 7
14:38:29.0279 4772 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
14:38:29.0279 4772 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
14:38:29.0279 4772 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:29.0279 4772 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:29.0279 4772 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:29.0279 4772 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:29.0294 4772 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:29.0294 4772 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:29.0294 4772 Pharos Systems ComTaskMaster ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:29.0294 4772 Pharos Systems ComTaskMaster ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:29.0294 4772 sptd ( LockedFile.Multi.Generic ) - skipped by user
14:38:29.0294 4772 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
14:38:29.0294 4772 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:29.0294 4772 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:40:08.0933 2232 Deinitialize success

Edited by numbers001, 25 July 2012 - 05:40 PM.

  • 0

Advertisements

#11
maliprog
Posted 25 July 2012 - 10:55 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
TDSSKiller didn't find or removed anything... strange. How is your system now? What problems you currently have?
  • 0

#12
numbers001
Posted 26 July 2012 - 06:24 AM

numbers001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
the avg resident shield appears, and says that the trojan is still on system 32/services. after that it just shows the files, which shows two files that have the trojan, and both are system 32 services. and says the process name is windows:\system32\svchost.exe

Edited by numbers001, 26 July 2012 - 06:33 AM.

  • 0

#13
maliprog
Posted 26 July 2012 - 06:38 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Thank you for update. This step could take same time to finish (2h - 4h) so please be patient.

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#14
numbers001
Posted 26 July 2012 - 06:52 AM

numbers001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
should i remove my antivirus protection for it?
  • 0

#15
maliprog
Posted 26 July 2012 - 07:04 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
You can only disable your protection. It will finish scan much faster. You don't have to remove your protection from system.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP