Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

dun dun dun Malware Blocked, Trojan Horse Blocked Avast repeats every


  • This topic is locked This topic is locked

#16
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We will try one more time with Combofix this way:

Delete your copy of Combofix.exe from your Dsktop.

Please download ComboFix from one of the following locations to your Desktop:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable Avast 7 for 1 hour. Look here how to do it:

  • Double click on ComboFix.exe and follow the prompts.
  • Accept the disclaimer and allow to update if it asks.

Posted Image

Posted Image
  • When finished, it shall produce a log for you.
  • Please open Windows Explorer and rename the C:\ComboFix.txt to C:\ComboFix-first.txt.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


After restart run Combofix once again.
Post C:\ComboFix-first.txt and C:\ComboFix.txt in your next reply.
  • 0

Advertisements


#17
deanf

deanf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I followed your instructions, disabled AVAST for 1 hour.
Ran COMBOFIX.
System rebooted. When it reboots i must logon with my password as admin.
Bluse screen "Preparing Log Report" from COMBOFIX. "Do not run any programs until COMBOFIX has finished."
There was no indication of program running. Scared!
I waited another 20 minutes (approx). Finally a log created.
I tried to post however when i clicked on IE "Illegal operation attempted on a registry key that has been marked for deletion. OK" "Windows can't open this item. It might have been moved, renamed, or deleted." "Do you want to remove this item. YES/NO"
I x'd out. I thought I would try TASKMANAGER. Same messages as above.
I typed "IE" in search near programs and was able to open internet and email.
I was not able to run COMBOFIX a second time as instructed.
Tried to type C:\combofix-first.txt and answer "Windows cannot find make sure you typed the name correctly."
Most other programs I try to open "Illegal operation attempted on a registry key that has been marked for deletion. OK"
Help???
I feel lucky I figured out how to get this far, opening IE and accessing email to get to the "post"
I am confused. Below is the log.
Hope this is helpful to you.

ComboFix 12-08-05.02 - DJF 08/05/2012 19:31:06.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1732 [GMT -4:00]
Running from: c:\users\DJF\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 23:42 . 2012-08-05 23:42 -------- d-----w- c:\users\Parker\AppData\Local\temp
2012-08-05 23:42 . 2012-08-05 23:42 -------- d-----w- c:\users\Mary Frances\AppData\Local\temp
2012-08-05 23:42 . 2012-08-05 23:42 -------- d-----w- c:\users\Hudson\AppData\Local\temp
2012-08-05 23:42 . 2012-08-05 23:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 01:39 . 2012-08-05 01:39 -------- d-----w- C:\_OTL
2012-08-05 01:31 . 2012-08-05 01:31 -------- d-----w- c:\windows\SysWow64\%APPDATA%
2012-07-30 22:16 . 2012-07-30 22:16 -------- d-----w- c:\program files\CCleaner
2012-07-27 00:12 . 2012-07-27 00:12 -------- d-----w- c:\users\DJF\AppData\Roaming\Malwarebytes
2012-07-27 00:09 . 2012-07-27 00:09 -------- d-----w- c:\programdata\Malwarebytes
2012-07-27 00:09 . 2012-07-27 00:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-27 00:09 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-19 02:13 . 2012-07-19 02:13 -------- d-----w- c:\programdata\McAfee
2012-07-13 11:22 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C9A9239-1C9E-4739-B1A9-83A0762D1124}\mpengine.dll
2012-07-12 07:04 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 12:39 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 12:39 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 12:39 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 12:39 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 12:39 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 12:39 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-11 12:39 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 20:15 . 2012-03-31 01:58 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-04 20:15 . 2011-10-16 16:45 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 07:01 . 2011-10-29 01:00 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 16:21 . 2012-04-06 17:48 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-10-11 02:49 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2011-10-11 02:49 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-10-11 02:49 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2011-10-11 02:49 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2011-10-11 02:49 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2011-10-11 02:48 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2011-10-11 02:48 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2011-10-11 02:49 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-29 00:23 . 2012-05-09 01:54 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-29 00:23 . 2011-10-11 23:29 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-22 21:42 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 21:42 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 21:42 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 21:42 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 21:42 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 21:42 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 21:42 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 21:41 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 21:41 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 04:01 . 2012-06-15 01:25 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-15 01:25 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-15 01:25 981504 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2011-01-19 620136]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\Mary Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\DJF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-5-9 1014112]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-22 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [2010-01-08 23584]
S2 Live Updater Service;Live Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2011-01-31 244624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 20:15]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 02:49]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 02:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://emachines.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Download with Xilisoft Download YouTube Video - c:\program files (x86)\Xilisoft\Download YouTube Video\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: rbc.com
Trusted Zone: rbc.com\remote
Trusted Zone: rbc.com\remote-gcc
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
DPF: {08496B45-6BB1-4F92-A8E6-B9E7978634CB} - hxxps://remote-gcc.rbc.com/nortel_cacheable/TrustSite.cab
DPF: {ACDB1787-986D-434D-9857-2172CDB2108D} - hxxps://remote-occ.rbc.com/nortel_cacheable/punblock.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Citrix\ICA Client\ssonsvr.exe
.
**************************************************************************
.
Completion time: 2012-08-05 20:08:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-06 00:08
ComboFix2.txt 2012-08-04 21:20
.
Pre-Run: 896,962,244,608 bytes free
Post-Run: 896,479,383,552 bytes free
.
- - End Of File - - 2DFD90D2D69ECD3C9A0A36268E3EEFE3
  • 0

#18
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
That's normal. Please reboot your computer one more time.

Proceed with this:

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK button.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
Please copy and paste its contents on your next reply.
  • 0

#19
deanf

deanf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Ran TDSKiller, No Threats Detected, No Cure listed. I rebooted and found the log below.
Does this mean the problem is fixed?? :-)


21:13:02.0342 1448 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:13:02.0732 1448 ============================================================
21:13:02.0732 1448 Current date / time: 2012/08/05 21:13:02.0732
21:13:02.0732 1448 SystemInfo:
21:13:02.0732 1448
21:13:02.0732 1448 OS Version: 6.1.7601 ServicePack: 1.0
21:13:02.0732 1448 Product type: Workstation
21:13:02.0732 1448 ComputerName: DJF-PC
21:13:02.0732 1448 UserName: DJF
21:13:02.0732 1448 Windows directory: C:\Windows
21:13:02.0732 1448 System windows directory: C:\Windows
21:13:02.0732 1448 Running under WOW64
21:13:02.0732 1448 Processor architecture: Intel x64
21:13:02.0732 1448 Number of processors: 2
21:13:02.0732 1448 Page size: 0x1000
21:13:02.0732 1448 Boot type: Normal boot
21:13:02.0732 1448 ============================================================
21:13:05.0182 1448 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:13:05.0182 1448 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:13:05.0197 1448 ============================================================
21:13:05.0197 1448 \Device\Harddisk0\DR0:
21:13:05.0197 1448 MBR partitions:
21:13:05.0197 1448 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2710800, BlocksNum 0x32000
21:13:05.0197 1448 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2742800, BlocksNum 0x71FC3DB0
21:13:05.0197 1448 \Device\Harddisk1\DR1:
21:13:05.0197 1448 MBR partitions:
21:13:05.0197 1448 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x12A18A82
21:13:05.0197 1448 ============================================================
21:13:05.0228 1448 C: <-> \Device\Harddisk0\DR0\Partition1
21:13:05.0228 1448 E: <-> \Device\Harddisk1\DR1\Partition0
21:13:05.0228 1448 ============================================================
21:13:05.0228 1448 Initialize success
21:13:05.0228 1448 ============================================================
21:13:22.0576 3676 ============================================================
21:13:22.0576 3676 Scan started
21:13:22.0576 3676 Mode: Manual; SigCheck; TDLFS;
21:13:22.0576 3676 ============================================================
21:13:25.0883 3676 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:13:25.0992 3676 1394ohci - ok
21:13:26.0023 3676 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:13:26.0039 3676 ACPI - ok
21:13:26.0054 3676 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:13:26.0117 3676 AcpiPmi - ok
21:13:26.0257 3676 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:13:26.0288 3676 AdobeFlashPlayerUpdateSvc - ok
21:13:26.0320 3676 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:13:26.0351 3676 adp94xx - ok
21:13:26.0366 3676 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:13:26.0398 3676 adpahci - ok
21:13:26.0413 3676 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:13:26.0429 3676 adpu320 - ok
21:13:26.0444 3676 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:13:26.0491 3676 AeLookupSvc - ok
21:13:26.0569 3676 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:13:26.0632 3676 AFD - ok
21:13:26.0663 3676 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:13:26.0678 3676 agp440 - ok
21:13:26.0694 3676 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:13:26.0725 3676 ALG - ok
21:13:26.0756 3676 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:13:26.0756 3676 aliide - ok
21:13:26.0772 3676 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:13:26.0788 3676 amdide - ok
21:13:26.0803 3676 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:13:26.0834 3676 AmdK8 - ok
21:13:26.0881 3676 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:13:26.0928 3676 AmdPPM - ok
21:13:26.0975 3676 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:13:26.0990 3676 amdsata - ok
21:13:27.0006 3676 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:13:27.0022 3676 amdsbs - ok
21:13:27.0037 3676 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:13:27.0053 3676 amdxata - ok
21:13:27.0053 3676 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:13:27.0115 3676 AppID - ok
21:13:27.0131 3676 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:13:27.0178 3676 AppIDSvc - ok
21:13:27.0193 3676 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:13:27.0240 3676 Appinfo - ok
21:13:27.0349 3676 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:13:27.0380 3676 Apple Mobile Device - ok
21:13:27.0724 3676 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:13:27.0770 3676 arc - ok
21:13:27.0817 3676 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:13:27.0833 3676 arcsas - ok
21:13:27.0880 3676 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
21:13:27.0895 3676 aswFsBlk - ok
21:13:27.0942 3676 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
21:13:27.0973 3676 aswMonFlt - ok
21:13:28.0004 3676 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys
21:13:28.0020 3676 aswRdr - ok
21:13:28.0160 3676 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
21:13:28.0176 3676 aswSnx - ok
21:13:28.0207 3676 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
21:13:28.0223 3676 aswSP - ok
21:13:28.0285 3676 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys
21:13:28.0316 3676 aswTdi - ok
21:13:28.0410 3676 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:13:28.0472 3676 AsyncMac - ok
21:13:28.0535 3676 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:13:28.0535 3676 atapi - ok
21:13:28.0644 3676 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:13:28.0753 3676 AudioEndpointBuilder - ok
21:13:28.0753 3676 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:13:28.0784 3676 AudioSrv - ok
21:13:28.0862 3676 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:13:28.0878 3676 avast! Antivirus - ok
21:13:28.0940 3676 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:13:29.0018 3676 AxInstSV - ok
21:13:29.0174 3676 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:13:29.0221 3676 b06bdrv - ok
21:13:29.0284 3676 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:13:29.0377 3676 b57nd60a - ok
21:13:29.0549 3676 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:13:29.0564 3676 BBSvc - ok
21:13:29.0596 3676 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:13:29.0627 3676 BDESVC - ok
21:13:29.0705 3676 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:13:29.0798 3676 Beep - ok
21:13:30.0032 3676 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:13:30.0110 3676 BFE - ok
21:13:30.0329 3676 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
21:13:30.0360 3676 blbdrive - ok
21:13:30.0485 3676 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:13:30.0516 3676 Bonjour Service - ok
21:13:30.0672 3676 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:13:30.0734 3676 bowser - ok
21:13:30.0828 3676 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:13:30.0890 3676 BrFiltLo - ok
21:13:30.0937 3676 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:13:30.0984 3676 BrFiltUp - ok
21:13:31.0156 3676 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:13:31.0265 3676 BridgeMP - ok
21:13:31.0280 3676 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:13:31.0468 3676 Browser - ok
21:13:31.0530 3676 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:13:31.0624 3676 Brserid - ok
21:13:31.0655 3676 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:13:31.0686 3676 BrSerWdm - ok
21:13:31.0733 3676 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:13:31.0780 3676 BrUsbMdm - ok
21:13:31.0795 3676 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:13:31.0826 3676 BrUsbSer - ok
21:13:31.0858 3676 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:13:31.0889 3676 BTHMODEM - ok
21:13:31.0951 3676 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:13:31.0998 3676 bthserv - ok
21:13:32.0029 3676 catchme - ok
21:13:32.0060 3676 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:13:32.0092 3676 cdfs - ok
21:13:32.0138 3676 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:13:32.0154 3676 cdrom - ok
21:13:32.0201 3676 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:13:32.0248 3676 CertPropSvc - ok
21:13:32.0279 3676 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:13:32.0294 3676 circlass - ok
21:13:32.0326 3676 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:13:32.0341 3676 CLFS - ok
21:13:32.0388 3676 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:13:32.0404 3676 clr_optimization_v2.0.50727_32 - ok
21:13:32.0435 3676 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:13:32.0450 3676 clr_optimization_v2.0.50727_64 - ok
21:13:32.0528 3676 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:13:32.0544 3676 clr_optimization_v4.0.30319_32 - ok
21:13:32.0575 3676 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:13:32.0575 3676 clr_optimization_v4.0.30319_64 - ok
21:13:32.0606 3676 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
21:13:32.0622 3676 CmBatt - ok
21:13:32.0622 3676 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:13:32.0638 3676 cmdide - ok
21:13:32.0684 3676 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
21:13:32.0731 3676 CNG - ok
21:13:32.0762 3676 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:13:32.0778 3676 Compbatt - ok
21:13:32.0840 3676 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:13:32.0872 3676 CompositeBus - ok
21:13:32.0872 3676 COMSysApp - ok
21:13:32.0903 3676 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:13:32.0918 3676 crcdisk - ok
21:13:32.0965 3676 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
21:13:32.0981 3676 CryptSvc - ok
21:13:33.0152 3676 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:13:33.0168 3676 cvhsvc - ok
21:13:33.0277 3676 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
21:13:33.0324 3676 dc3d - ok
21:13:33.0355 3676 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:13:33.0418 3676 DcomLaunch - ok
21:13:33.0480 3676 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:13:33.0527 3676 defragsvc - ok
21:13:33.0558 3676 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:13:33.0620 3676 DfsC - ok
21:13:33.0667 3676 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:13:33.0730 3676 Dhcp - ok
21:13:33.0730 3676 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:13:33.0776 3676 discache - ok
21:13:33.0823 3676 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:13:33.0854 3676 Disk - ok
21:13:33.0932 3676 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:13:34.0026 3676 Dnscache - ok
21:13:34.0151 3676 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:13:34.0229 3676 dot3svc - ok
21:13:34.0260 3676 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:13:34.0307 3676 DPS - ok
21:13:34.0385 3676 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:13:34.0447 3676 drmkaud - ok
21:13:34.0510 3676 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:13:34.0525 3676 DXGKrnl - ok
21:13:34.0541 3676 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:13:34.0603 3676 EapHost - ok
21:13:34.0822 3676 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:13:34.0931 3676 ebdrv - ok
21:13:35.0071 3676 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:13:35.0149 3676 EFS - ok
21:13:35.0274 3676 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:13:35.0321 3676 ehRecvr - ok
21:13:35.0430 3676 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:13:35.0446 3676 ehSched - ok
21:13:35.0555 3676 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:13:35.0586 3676 elxstor - ok
21:13:35.0602 3676 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:13:35.0633 3676 ErrDev - ok
21:13:35.0711 3676 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:13:35.0804 3676 EventSystem - ok
21:13:35.0945 3676 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:13:35.0992 3676 exfat - ok
21:13:36.0007 3676 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:13:36.0070 3676 fastfat - ok
21:13:36.0132 3676 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:13:36.0179 3676 Fax - ok
21:13:36.0194 3676 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:13:36.0241 3676 fdc - ok
21:13:36.0272 3676 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:13:36.0335 3676 fdPHost - ok
21:13:36.0350 3676 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:13:36.0397 3676 FDResPub - ok
21:13:36.0413 3676 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:13:36.0428 3676 FileInfo - ok
21:13:36.0444 3676 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:13:36.0491 3676 Filetrace - ok
21:13:36.0506 3676 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:13:36.0522 3676 flpydisk - ok
21:13:36.0538 3676 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:13:36.0553 3676 FltMgr - ok
21:13:36.0631 3676 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:13:36.0694 3676 FontCache - ok
21:13:36.0772 3676 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:13:36.0772 3676 FontCache3.0.0.0 - ok
21:13:36.0896 3676 ForceWare Intelligent Application Manager (IAM) (52b58a46beefb238c580b69fd051cb5b) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
21:13:36.0912 3676 ForceWare Intelligent Application Manager (IAM) - ok
21:13:37.0052 3676 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:13:37.0068 3676 FsDepends - ok
21:13:37.0099 3676 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:13:37.0115 3676 Fs_Rec - ok
21:13:37.0130 3676 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:13:37.0146 3676 fvevol - ok
21:13:37.0193 3676 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:13:37.0193 3676 gagp30kx - ok
21:13:37.0286 3676 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
21:13:37.0302 3676 GamesAppService - ok
21:13:37.0396 3676 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:13:37.0411 3676 GEARAspiWDM - ok
21:13:37.0489 3676 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:13:37.0536 3676 gpsvc - ok
21:13:37.0598 3676 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
21:13:37.0598 3676 GREGService - ok
21:13:37.0661 3676 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:13:37.0676 3676 gupdate - ok
21:13:37.0676 3676 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:13:37.0692 3676 gupdatem - ok
21:13:37.0786 3676 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:13:37.0786 3676 gusvc - ok
21:13:37.0817 3676 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:13:37.0848 3676 hcw85cir - ok
21:13:37.0910 3676 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:13:37.0957 3676 HdAudAddService - ok
21:13:38.0004 3676 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:13:38.0051 3676 HDAudBus - ok
21:13:38.0066 3676 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:13:38.0098 3676 HidBatt - ok
21:13:38.0113 3676 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:13:38.0144 3676 HidBth - ok
21:13:38.0191 3676 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:13:38.0222 3676 HidIr - ok
21:13:38.0238 3676 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:13:38.0285 3676 hidserv - ok
21:13:38.0332 3676 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:13:38.0332 3676 HidUsb - ok
21:13:38.0347 3676 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:13:38.0410 3676 hkmsvc - ok
21:13:38.0425 3676 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:13:38.0441 3676 HomeGroupListener - ok
21:13:38.0472 3676 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:13:38.0503 3676 HomeGroupProvider - ok
21:13:38.0519 3676 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:13:38.0534 3676 HpSAMD - ok
21:13:38.0612 3676 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:13:38.0675 3676 HTTP - ok
21:13:38.0675 3676 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:13:38.0690 3676 hwpolicy - ok
21:13:38.0706 3676 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:13:38.0722 3676 i8042prt - ok
21:13:38.0753 3676 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:13:38.0768 3676 iaStorV - ok
21:13:38.0878 3676 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:13:38.0893 3676 idsvc - ok
21:13:38.0924 3676 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:13:38.0940 3676 iirsp - ok
21:13:39.0002 3676 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:13:39.0065 3676 IKEEXT - ok
21:13:39.0268 3676 IntcAzAudAddService (2e3b99e8c23be2bf32ebe1db5261f275) C:\Windows\system32\drivers\RTKVHD64.sys
21:13:39.0314 3676 IntcAzAudAddService - ok
21:13:39.0392 3676 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:13:39.0408 3676 intelide - ok
21:13:39.0439 3676 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
21:13:39.0470 3676 intelppm - ok
21:13:39.0502 3676 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:13:39.0533 3676 IPBusEnum - ok
21:13:39.0548 3676 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:13:39.0580 3676 IpFilterDriver - ok
21:13:39.0658 3676 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:13:39.0720 3676 iphlpsvc - ok
21:13:39.0751 3676 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:13:39.0782 3676 IPMIDRV - ok
21:13:39.0860 3676 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:13:39.0892 3676 IPNAT - ok
21:13:40.0016 3676 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
21:13:40.0048 3676 iPod Service - ok
21:13:40.0094 3676 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:13:40.0141 3676 IRENUM - ok
21:13:40.0172 3676 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:13:40.0188 3676 isapnp - ok
21:13:40.0204 3676 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:13:40.0219 3676 iScsiPrt - ok
21:13:40.0235 3676 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:13:40.0250 3676 kbdclass - ok
21:13:40.0297 3676 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:13:40.0328 3676 kbdhid - ok
21:13:40.0375 3676 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:13:40.0391 3676 KeyIso - ok
21:13:40.0516 3676 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
21:13:40.0531 3676 KSecDD - ok
21:13:40.0547 3676 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
21:13:40.0562 3676 KSecPkg - ok
21:13:40.0594 3676 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:13:40.0640 3676 ksthunk - ok
21:13:40.0734 3676 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:13:40.0781 3676 KtmRm - ok
21:13:40.0859 3676 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
21:13:40.0921 3676 LanmanServer - ok
21:13:40.0952 3676 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:13:40.0999 3676 LanmanWorkstation - ok
21:13:41.0062 3676 Live Updater Service (6bcee9c766815bfff89de7d81af34ce1) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
21:13:41.0077 3676 Live Updater Service - ok
21:13:41.0124 3676 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:13:41.0171 3676 lltdio - ok
21:13:41.0202 3676 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:13:41.0249 3676 lltdsvc - ok
21:13:41.0249 3676 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:13:41.0280 3676 lmhosts - ok
21:13:41.0358 3676 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:13:41.0374 3676 LSI_FC - ok
21:13:41.0405 3676 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:13:41.0420 3676 LSI_SAS - ok
21:13:41.0436 3676 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:13:41.0436 3676 LSI_SAS2 - ok
21:13:41.0452 3676 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:13:41.0467 3676 LSI_SCSI - ok
21:13:41.0483 3676 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:13:41.0545 3676 luafv - ok
21:13:41.0608 3676 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
21:13:41.0608 3676 MBAMProtector - ok
21:13:41.0842 3676 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:13:41.0857 3676 MBAMService - ok
21:13:41.0888 3676 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:13:41.0920 3676 Mcx2Svc - ok
21:13:41.0935 3676 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:13:41.0951 3676 megasas - ok
21:13:41.0982 3676 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:13:41.0998 3676 MegaSR - ok
21:13:42.0076 3676 Microsoft SharePoint Workspace Audit Service - ok
21:13:42.0107 3676 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:13:42.0169 3676 MMCSS - ok
21:13:42.0200 3676 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:13:42.0247 3676 Modem - ok
21:13:42.0278 3676 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:13:42.0310 3676 monitor - ok
21:13:42.0310 3676 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:13:42.0325 3676 mouclass - ok
21:13:42.0356 3676 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:13:42.0403 3676 mouhid - ok
21:13:42.0419 3676 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:13:42.0434 3676 mountmgr - ok
21:13:42.0450 3676 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:13:42.0466 3676 mpio - ok
21:13:42.0481 3676 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:13:42.0512 3676 mpsdrv - ok
21:13:42.0622 3676 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:13:42.0684 3676 MpsSvc - ok
21:13:42.0684 3676 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:13:42.0731 3676 MRxDAV - ok
21:13:42.0778 3676 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:13:42.0793 3676 mrxsmb - ok
21:13:42.0809 3676 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:13:42.0824 3676 mrxsmb10 - ok
21:13:42.0856 3676 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:13:42.0871 3676 mrxsmb20 - ok
21:13:42.0887 3676 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:13:42.0902 3676 msahci - ok
21:13:42.0902 3676 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:13:42.0918 3676 msdsm - ok
21:13:42.0934 3676 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:13:42.0949 3676 MSDTC - ok
21:13:43.0012 3676 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:13:43.0043 3676 Msfs - ok
21:13:43.0058 3676 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:13:43.0090 3676 mshidkmdf - ok
21:13:43.0105 3676 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:13:43.0121 3676 msisadrv - ok
21:13:43.0168 3676 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:13:43.0230 3676 MSiSCSI - ok
21:13:43.0230 3676 msiserver - ok
21:13:43.0261 3676 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:13:43.0308 3676 MSKSSRV - ok
21:13:43.0308 3676 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:13:43.0355 3676 MSPCLOCK - ok
21:13:43.0370 3676 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:13:43.0417 3676 MSPQM - ok
21:13:43.0448 3676 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:13:43.0464 3676 MsRPC - ok
21:13:43.0480 3676 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:13:43.0480 3676 mssmbios - ok
21:13:43.0495 3676 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:13:43.0542 3676 MSTEE - ok
21:13:43.0573 3676 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:13:43.0589 3676 MTConfig - ok
21:13:43.0589 3676 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:13:43.0604 3676 Mup - ok
21:13:43.0636 3676 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:13:43.0698 3676 napagent - ok
21:13:43.0760 3676 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:13:43.0792 3676 NativeWifiP - ok
21:13:43.0932 3676 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
21:13:43.0963 3676 NAUpdate - ok
21:13:44.0057 3676 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:13:44.0088 3676 NDIS - ok
21:13:44.0135 3676 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:13:44.0166 3676 NdisCap - ok
21:13:44.0213 3676 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:13:44.0244 3676 NdisTapi - ok
21:13:44.0260 3676 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:13:44.0291 3676 Ndisuio - ok
21:13:44.0291 3676 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:13:44.0338 3676 NdisWan - ok
21:13:44.0353 3676 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:13:44.0384 3676 NDProxy - ok
21:13:44.0384 3676 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:13:44.0431 3676 NetBIOS - ok
21:13:44.0447 3676 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:13:44.0478 3676 NetBT - ok
21:13:44.0494 3676 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:13:44.0509 3676 Netlogon - ok
21:13:44.0587 3676 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:13:44.0650 3676 Netman - ok
21:13:44.0681 3676 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:13:44.0743 3676 netprofm - ok
21:13:44.0806 3676 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:13:44.0837 3676 NetTcpPortSharing - ok
21:13:44.0884 3676 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:13:44.0899 3676 nfrd960 - ok
21:13:44.0946 3676 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:13:45.0024 3676 NlaSvc - ok
21:13:45.0258 3676 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
21:13:45.0320 3676 NOBU - ok
21:13:45.0383 3676 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:13:45.0414 3676 Npfs - ok
21:13:45.0430 3676 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:13:45.0476 3676 nsi - ok
21:13:45.0492 3676 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:13:45.0523 3676 nsiproxy - ok
21:13:45.0617 3676 nSvcIp (20e179a7fe78b37a02d30c4d34c870e7) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
21:13:45.0648 3676 nSvcIp - ok
21:13:45.0742 3676 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:13:45.0788 3676 Ntfs - ok
21:13:45.0898 3676 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:13:45.0960 3676 Null - ok
21:13:46.0022 3676 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
21:13:46.0100 3676 NVENETFD - ok
21:13:46.0693 3676 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:13:46.0865 3676 nvlddmkm - ok
21:13:46.0990 3676 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
21:13:47.0021 3676 NVNET - ok
21:13:47.0068 3676 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:13:47.0083 3676 nvraid - ok
21:13:47.0083 3676 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:13:47.0099 3676 nvstor - ok
21:13:47.0130 3676 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\drivers\nvstor64.sys
21:13:47.0130 3676 nvstor64 - ok
21:13:47.0161 3676 nvsvc (43bc8151893ae6afe42e149d663c2221) C:\Windows\system32\nvvsvc.exe
21:13:47.0177 3676 nvsvc - ok
21:13:47.0192 3676 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:13:47.0208 3676 nv_agp - ok
21:13:47.0208 3676 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:13:47.0224 3676 ohci1394 - ok
21:13:47.0270 3676 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:13:47.0317 3676 ose - ok
21:13:47.0598 3676 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:13:47.0707 3676 osppsvc - ok
21:13:47.0816 3676 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:13:47.0848 3676 p2pimsvc - ok
21:13:47.0910 3676 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:13:47.0926 3676 p2psvc - ok
21:13:47.0941 3676 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:13:47.0957 3676 Parport - ok
21:13:47.0988 3676 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:13:48.0004 3676 partmgr - ok
21:13:48.0019 3676 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:13:48.0066 3676 PcaSvc - ok
21:13:48.0097 3676 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:13:48.0113 3676 pci - ok
21:13:48.0128 3676 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:13:48.0128 3676 pciide - ok
21:13:48.0144 3676 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:13:48.0160 3676 pcmcia - ok
21:13:48.0175 3676 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:13:48.0191 3676 pcw - ok
21:13:48.0222 3676 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:13:48.0284 3676 PEAUTH - ok
21:13:48.0347 3676 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:13:48.0378 3676 PerfHost - ok
21:13:48.0472 3676 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:13:48.0534 3676 pla - ok
21:13:48.0612 3676 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:13:48.0674 3676 PlugPlay - ok
21:13:48.0706 3676 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:13:48.0737 3676 PNRPAutoReg - ok
21:13:48.0768 3676 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:13:48.0799 3676 PNRPsvc - ok
21:13:48.0877 3676 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
21:13:48.0908 3676 Point64 - ok
21:13:48.0940 3676 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:13:49.0002 3676 PolicyAgent - ok
21:13:49.0033 3676 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:13:49.0080 3676 Power - ok
21:13:49.0142 3676 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:13:49.0236 3676 PptpMiniport - ok
21:13:49.0252 3676 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:13:49.0283 3676 Processor - ok
21:13:49.0330 3676 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
21:13:49.0376 3676 ProfSvc - ok
21:13:49.0408 3676 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:13:49.0423 3676 ProtectedStorage - ok
21:13:49.0470 3676 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:13:49.0532 3676 Psched - ok
21:13:49.0610 3676 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:13:49.0657 3676 ql2300 - ok
21:13:49.0735 3676 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:13:49.0751 3676 ql40xx - ok
21:13:49.0766 3676 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:13:49.0798 3676 QWAVE - ok
21:13:49.0829 3676 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:13:49.0876 3676 QWAVEdrv - ok
21:13:49.0891 3676 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:13:49.0922 3676 RasAcd - ok
21:13:49.0985 3676 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:13:50.0032 3676 RasAgileVpn - ok
21:13:50.0047 3676 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:13:50.0110 3676 RasAuto - ok
21:13:50.0125 3676 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:13:50.0172 3676 Rasl2tp - ok
21:13:50.0219 3676 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:13:50.0250 3676 RasMan - ok
21:13:50.0250 3676 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:13:50.0312 3676 RasPppoe - ok
21:13:50.0312 3676 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:13:50.0359 3676 RasSstp - ok
21:13:50.0375 3676 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:13:50.0437 3676 rdbss - ok
21:13:50.0437 3676 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
21:13:50.0453 3676 rdpbus - ok
21:13:50.0500 3676 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:13:50.0562 3676 RDPCDD - ok
21:13:50.0593 3676 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:13:50.0702 3676 RDPENCDD - ok
21:13:50.0718 3676 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:13:50.0749 3676 RDPREFMP - ok
21:13:50.0780 3676 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
21:13:50.0796 3676 RDPWD - ok
21:13:50.0812 3676 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:13:50.0827 3676 rdyboost - ok
21:13:50.0858 3676 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:13:50.0890 3676 RemoteAccess - ok
21:13:50.0921 3676 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:13:50.0952 3676 RemoteRegistry - ok
21:13:50.0968 3676 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:13:51.0014 3676 RpcEptMapper - ok
21:13:51.0046 3676 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:13:51.0061 3676 RpcLocator - ok
21:13:51.0092 3676 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
21:13:51.0124 3676 RpcSs - ok
21:13:51.0139 3676 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:13:51.0170 3676 rspndr - ok
21:13:51.0186 3676 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:13:51.0202 3676 SamSs - ok
21:13:51.0217 3676 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:13:51.0233 3676 sbp2port - ok
21:13:51.0248 3676 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:13:51.0280 3676 SCardSvr - ok
21:13:51.0295 3676 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:13:51.0342 3676 scfilter - ok
21:13:51.0404 3676 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:13:51.0482 3676 Schedule - ok
21:13:51.0514 3676 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:13:51.0545 3676 SCPolicySvc - ok
21:13:51.0576 3676 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:13:51.0592 3676 SDRSVC - ok
21:13:51.0685 3676 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:13:51.0732 3676 SeaPort - ok
21:13:51.0779 3676 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:13:51.0841 3676 secdrv - ok
21:13:51.0857 3676 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:13:51.0888 3676 seclogon - ok
21:13:51.0904 3676 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:13:51.0950 3676 SENS - ok
21:13:51.0966 3676 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:13:51.0982 3676 SensrSvc - ok
21:13:52.0013 3676 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
21:13:52.0060 3676 Serenum - ok
21:13:52.0091 3676 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
21:13:52.0122 3676 Serial - ok
21:13:52.0122 3676 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:13:52.0169 3676 sermouse - ok
21:13:52.0200 3676 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:13:52.0262 3676 SessionEnv - ok
21:13:52.0262 3676 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:13:52.0278 3676 sffdisk - ok
21:13:52.0278 3676 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:13:52.0294 3676 sffp_mmc - ok
21:13:52.0325 3676 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:13:52.0372 3676 sffp_sd - ok
21:13:52.0387 3676 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:13:52.0403 3676 sfloppy - ok
21:13:52.0481 3676 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
21:13:52.0512 3676 Sftfs - ok
21:13:52.0652 3676 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:13:52.0684 3676 sftlist - ok
21:13:52.0699 3676 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:13:52.0715 3676 Sftplay - ok
21:13:52.0746 3676 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:13:52.0746 3676 Sftredir - ok
21:13:52.0762 3676 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
21:13:52.0777 3676 Sftvol - ok
21:13:52.0793 3676 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:13:52.0808 3676 sftvsa - ok
21:13:52.0886 3676 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:13:52.0933 3676 SharedAccess - ok
21:13:52.0980 3676 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:13:53.0027 3676 ShellHWDetection - ok
21:13:53.0089 3676 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:13:53.0120 3676 SiSRaid2 - ok
21:13:53.0120 3676 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:13:53.0136 3676 SiSRaid4 - ok
21:13:53.0152 3676 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:13:53.0198 3676 Smb - ok
21:13:53.0230 3676 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:13:53.0245 3676 SNMPTRAP - ok
21:13:53.0276 3676 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:13:53.0292 3676 spldr - ok
21:13:53.0323 3676 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:13:53.0370 3676 Spooler - ok
21:13:53.0495 3676 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:13:53.0588 3676 sppsvc - ok
21:13:53.0682 3676 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:13:53.0744 3676 sppuinotify - ok
21:13:53.0776 3676 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:13:53.0822 3676 srv - ok
21:13:53.0854 3676 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:13:53.0900 3676 srv2 - ok
21:13:53.0932 3676 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:13:53.0978 3676 srvnet - ok
21:13:54.0010 3676 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:13:54.0056 3676 SSDPSRV - ok
21:13:54.0056 3676 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:13:54.0103 3676 SstpSvc - ok
21:13:54.0119 3676 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:13:54.0134 3676 stexstor - ok
21:13:54.0197 3676 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:13:54.0212 3676 stisvc - ok
21:13:54.0228 3676 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:13:54.0244 3676 swenum - ok
21:13:54.0275 3676 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:13:54.0337 3676 swprv - ok
21:13:54.0415 3676 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:13:54.0493 3676 SysMain - ok
21:13:54.0571 3676 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:13:54.0587 3676 TabletInputService - ok
21:13:54.0618 3676 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:13:54.0665 3676 TapiSrv - ok
21:13:54.0696 3676 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:13:54.0743 3676 TBS - ok
21:13:54.0899 3676 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:13:54.0977 3676 Tcpip - ok
21:13:55.0180 3676 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:13:55.0226 3676 TCPIP6 - ok
21:13:55.0289 3676 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:13:55.0336 3676 tcpipreg - ok
21:13:55.0351 3676 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:13:55.0351 3676 TDPIPE - ok
21:13:55.0382 3676 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:13:55.0445 3676 TDTCP - ok
21:13:55.0476 3676 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:13:55.0523 3676 tdx - ok
21:13:55.0538 3676 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:13:55.0554 3676 TermDD - ok
21:13:55.0585 3676 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:13:55.0648 3676 TermService - ok
21:13:55.0663 3676 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:13:55.0694 3676 Themes - ok
21:13:55.0710 3676 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:13:55.0741 3676 THREADORDER - ok
21:13:55.0788 3676 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:13:55.0866 3676 TrkWks - ok
21:13:55.0913 3676 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:13:55.0960 3676 TrustedInstaller - ok
21:13:55.0991 3676 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:13:56.0038 3676 tssecsrv - ok
21:13:56.0069 3676 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:13:56.0084 3676 TsUsbFlt - ok
21:13:56.0100 3676 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
21:13:56.0100 3676 TsUsbGD - ok
21:13:56.0162 3676 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:13:56.0194 3676 tunnel - ok
21:13:56.0225 3676 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:13:56.0240 3676 uagp35 - ok
21:13:56.0256 3676 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:13:56.0303 3676 udfs - ok
21:13:56.0318 3676 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:13:56.0334 3676 UI0Detect - ok
21:13:56.0350 3676 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:13:56.0350 3676 uliagpkx - ok
21:13:56.0365 3676 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:13:56.0396 3676 umbus - ok
21:13:56.0428 3676 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:13:56.0459 3676 UmPass - ok
21:13:56.0490 3676 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:13:56.0552 3676 upnphost - ok
21:13:56.0599 3676 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
21:13:56.0662 3676 USBAAPL64 - ok
21:13:56.0724 3676 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:13:56.0771 3676 usbccgp - ok
21:13:56.0786 3676 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:13:56.0818 3676 usbcir - ok
21:13:56.0849 3676 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:13:56.0896 3676 usbehci - ok
21:13:56.0942 3676 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:13:56.0989 3676 usbhub - ok
21:13:57.0020 3676 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
21:13:57.0067 3676 usbohci - ok
21:13:57.0098 3676 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:13:57.0145 3676 usbprint - ok
21:13:57.0176 3676 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:13:57.0192 3676 usbscan - ok
21:13:57.0208 3676 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:13:57.0239 3676 USBSTOR - ok
21:13:57.0270 3676 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:13:57.0301 3676 usbuhci - ok
21:13:57.0332 3676 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:13:57.0379 3676 UxSms - ok
21:13:57.0410 3676 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:13:57.0426 3676 VaultSvc - ok
21:13:57.0473 3676 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:13:57.0473 3676 vdrvroot - ok
21:13:57.0520 3676 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:13:57.0566 3676 vds - ok
21:13:57.0598 3676 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:13:57.0613 3676 vga - ok
21:13:57.0613 3676 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:13:57.0644 3676 VgaSave - ok
21:13:57.0660 3676 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:13:57.0676 3676 vhdmp - ok
21:13:57.0676 3676 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:13:57.0691 3676 viaide - ok
21:13:57.0707 3676 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:13:57.0722 3676 volmgr - ok
21:13:57.0738 3676 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:13:57.0754 3676 volmgrx - ok
21:13:57.0785 3676 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:13:57.0800 3676 volsnap - ok
21:13:57.0832 3676 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:13:57.0847 3676 vsmraid - ok
21:13:57.0941 3676 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:13:58.0019 3676 VSS - ok
21:13:58.0112 3676 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:13:58.0175 3676 vwifibus - ok
21:13:58.0222 3676 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:13:58.0268 3676 W32Time - ok
21:13:58.0284 3676 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:13:58.0315 3676 WacomPen - ok
21:13:58.0331 3676 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:13:58.0378 3676 WANARP - ok
21:13:58.0378 3676 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:13:58.0409 3676 Wanarpv6 - ok
21:13:58.0534 3676 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:13:58.0580 3676 WatAdminSvc - ok
21:13:58.0643 3676 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:13:58.0705 3676 wbengine - ok
21:13:58.0783 3676 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:13:58.0830 3676 WbioSrvc - ok
21:13:58.0861 3676 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:13:58.0908 3676 wcncsvc - ok
21:13:58.0939 3676 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:13:58.0955 3676 WcsPlugInService - ok
21:13:58.0955 3676 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:13:58.0970 3676 Wd - ok
21:13:59.0017 3676 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:13:59.0033 3676 Wdf01000 - ok
21:13:59.0048 3676 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:13:59.0080 3676 WdiServiceHost - ok
21:13:59.0095 3676 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:13:59.0111 3676 WdiSystemHost - ok
21:13:59.0142 3676 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:13:59.0173 3676 WebClient - ok
21:13:59.0204 3676 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:13:59.0251 3676 Wecsvc - ok
21:13:59.0267 3676 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:13:59.0298 3676 wercplsupport - ok
21:13:59.0345 3676 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:13:59.0376 3676 WerSvc - ok
21:13:59.0438 3676 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:13:59.0501 3676 WfpLwf - ok
21:13:59.0501 3676 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:13:59.0516 3676 WIMMount - ok
21:13:59.0579 3676 WinDefend - ok
21:13:59.0594 3676 WinHttpAutoProxySvc - ok
21:13:59.0626 3676 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:13:59.0688 3676 Winmgmt - ok
21:13:59.0797 3676 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:13:59.0875 3676 WinRM - ok
21:14:00.0000 3676 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:14:00.0047 3676 WinUsb - ok
21:14:00.0094 3676 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:14:00.0140 3676 Wlansvc - ok
21:14:00.0187 3676 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:14:00.0218 3676 wlcrasvc - ok
21:14:00.0343 3676 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:14:00.0421 3676 wlidsvc - ok
21:14:00.0515 3676 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:14:00.0546 3676 WmiAcpi - ok
21:14:00.0608 3676 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:14:00.0640 3676 wmiApSrv - ok
21:14:00.0686 3676 WMPNetworkSvc - ok
21:14:00.0718 3676 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:14:00.0733 3676 WPCSvc - ok
21:14:00.0749 3676 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:14:00.0764 3676 WPDBusEnum - ok
21:14:00.0780 3676 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:14:00.0811 3676 ws2ifsl - ok
21:14:00.0858 3676 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:14:00.0920 3676 wscsvc - ok
21:14:00.0920 3676 WSearch - ok
21:14:01.0108 3676 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
21:14:01.0170 3676 wuauserv - ok
21:14:01.0264 3676 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:14:01.0342 3676 WudfPf - ok
21:14:01.0373 3676 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:14:01.0420 3676 WUDFRd - ok
21:14:01.0451 3676 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:14:01.0482 3676 wudfsvc - ok
21:14:01.0498 3676 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:14:01.0544 3676 WwanSvc - ok
21:14:01.0685 3676 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
21:14:01.0716 3676 YahooAUService - ok
21:14:01.0778 3676 MBR (0x1B8) (70e629b51c16b3c007730c6ae57144c9) \Device\Harddisk0\DR0
21:14:04.0072 3676 \Device\Harddisk0\DR0 - ok
21:14:04.0087 3676 MBR (0x1B8) (bad0263fbe81b49f5f07b32dc9d198b3) \Device\Harddisk1\DR1
21:14:04.0290 3676 \Device\Harddisk1\DR1 - ok
21:14:04.0321 3676 Boot (0x1200) (b7caec7c8bc77644351f08c502c2cb2a) \Device\Harddisk0\DR0\Partition0
21:14:04.0321 3676 \Device\Harddisk0\DR0\Partition0 - ok
21:14:04.0352 3676 Boot (0x1200) (80ce2cd362b2ac67f67980991ab1f004) \Device\Harddisk0\DR0\Partition1
21:14:04.0352 3676 \Device\Harddisk0\DR0\Partition1 - ok
21:14:04.0352 3676 Boot (0x1200) (ce9799ed97e49b93152ec2ca0b288983) \Device\Harddisk1\DR1\Partition0
21:14:04.0368 3676 \Device\Harddisk1\DR1\Partition0 - ok
21:14:04.0368 3676 ============================================================
21:14:04.0368 3676 Scan finished
21:14:04.0368 3676 ============================================================
21:14:04.0368 3672 Detected object count: 0
21:14:04.0368 3672 Actual detected object count: 0
21:16:35.0377 3704 Deinitialize success
  • 0

#20
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#21
deanf

deanf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Took all night to run the VRT. Here are the results. I have not seen or heard the Virus or Malware pop-ups. Hooray, I hope. Thank you.

Results of system analysis
Kaspersky Virus Removal Tool 11.0.0.1245 (database released 06/08/2012; 00:07)

List of processes
File name PID Description Copyright MD5 Information
c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate 1288 avast! Service Copyright © 2012 AVAST Software ?? 43.76 kb, rsAh,
created: 06.07.2012 20:19:46,
modified: 03.07.2012 12:21:29
Command line:
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
dpupdchk.exe
Script: Quarantine, Delete, BC delete, Terminate 3900 ?? error getting file info
Command line:
iPodService.exe
Script: Quarantine, Delete, BC delete, Terminate 4656 ?? error getting file info
Command line:
ipoint.exe
Script: Quarantine, Delete, BC delete, Terminate 3736 ?? error getting file info
Command line:
mDNSResponder.exe
Script: Quarantine, Delete, BC delete, Terminate 1944 ?? error getting file info
Command line:
NOBuAgent.exe
Script: Quarantine, Delete, BC delete, Terminate 364 ?? error getting file info
Command line:
nSvcAppFlt.exe
Script: Quarantine, Delete, BC delete, Terminate 1136 ?? error getting file info
Command line:
nSvcIp.exe
Script: Quarantine, Delete, BC delete, Terminate 2732 ?? error getting file info
Command line:
RAVCpl64.exe
Script: Quarantine, Delete, BC delete, Terminate 3792 ?? error getting file info
Command line:
c:\program files (x86)\openoffice.org 3\program\soffice.bin
Script: Quarantine, Delete, BC delete, Terminate 4532 OpenOffice.org 3.3 Copyright © 2000-2010 by Oracle, Inc. ?? 11049.50 kb, rsAh,
created: 17.01.2011 18:37:40,
modified: 17.01.2011 18:37:40
Command line:
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate 4956 ?? error getting file info
Command line:
Detected:75, recognized as trusted 66
Module name Handle Description Copyright MD5 Used by processes
C:\Program Files (x86)\OpenOffice.org 3\program\basegfxmi.dll
Script: Quarantine, Delete, BC delete 1857028096 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\comphelp4MSC.dll
Script: Quarantine, Delete, BC delete 1847656448 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\configmgr.uno.dll
Script: Quarantine, Delete, BC delete 1823014912 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\deploymentmiscmi.dll
Script: Quarantine, Delete, BC delete 1859190784 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\emsermi.dll
Script: Quarantine, Delete, BC delete 1850736640 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\fwemi.dll
Script: Quarantine, Delete, BC delete 1851260928 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\fwimi.dll
Script: Quarantine, Delete, BC delete 1850933248 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\fwkmi.dll
Script: Quarantine, Delete, BC delete 1820196864 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\i18nisolang1MSC.dll
Script: Quarantine, Delete, BC delete 1960509440 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\i18npapermi.dll
Script: Quarantine, Delete, BC delete 1880752128 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\i18npool.uno.dll
Script: Quarantine, Delete, BC delete 1816199168 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\i18nutilMSC.dll
Script: Quarantine, Delete, BC delete 1872363520 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\icudt40.dll
Script: Quarantine, Delete, BC delete 29163520 ICU Data DLL Copyright © 2008, International Business Machines Corporation and others. All Rights Reserved. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\icuin40.dll
Script: Quarantine, Delete, BC delete 155516928 IBM ICU I18N DLL Copyright © 2008, International Business Machines Corporation and others. All Rights Reserved. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\icuuc40.dll
Script: Quarantine, Delete, BC delete 24576000 IBM ICU Common DLL Copyright © 2008, International Business Machines Corporation and others. All Rights Reserved. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\libdb47.dll
Script: Quarantine, Delete, BC delete 1858338816 Berkeley DB 4.7 DLL Copyright © Oracle 1997,2008 -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
Script: Quarantine, Delete, BC delete 26607616 -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\localebe1.uno.dll
Script: Quarantine, Delete, BC delete 1823604736 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\oleautobridge.uno.dll
Script: Quarantine, Delete, BC delete 1815740416 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\oooimprovementmi.dll
Script: Quarantine, Delete, BC delete 1816068096 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\sbmi.dll
Script: Quarantine, Delete, BC delete 1824653312 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\sfxmi.dll
Script: Quarantine, Delete, BC delete 1852178432 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\sofficeapp.dll
Script: Quarantine, Delete, BC delete 1848770560 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\sotmi.dll
Script: Quarantine, Delete, BC delete 1849950208 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\svlmi.dll
Script: Quarantine, Delete, BC delete 1827274752 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\svtmi.dll
Script: Quarantine, Delete, BC delete 1833697280 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\tkmi.dll
Script: Quarantine, Delete, BC delete 1831469056 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\tlmi.dll
Script: Quarantine, Delete, BC delete 1857748992 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\ucb1.dll
Script: Quarantine, Delete, BC delete 1821900800 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\ucbhelper4MSC.dll
Script: Quarantine, Delete, BC delete 1850277888 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\ucpfile1.dll
Script: Quarantine, Delete, BC delete 1818361856 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\utlmi.dll
Script: Quarantine, Delete, BC delete 1856045056 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\vclmi.dll
Script: Quarantine, Delete, BC delete 1828126720 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\vos3MSC.dll
Script: Quarantine, Delete, BC delete 1946877952 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\program\xcrmi.dll
Script: Quarantine, Delete, BC delete 1855455232 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\bootstrap.uno.dll
Script: Quarantine, Delete, BC delete 1824129024 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppu3.dll
Script: Quarantine, Delete, BC delete 1880817664 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll
Script: Quarantine, Delete, BC delete 1859780608 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\jvmfwk3.dll
Script: Quarantine, Delete, BC delete 1960378368 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\msci_uno.dll
Script: Quarantine, Delete, BC delete 1849294848 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\reg3.dll
Script: Quarantine, Delete, BC delete 1849163776 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\sal3.dll
Script: Quarantine, Delete, BC delete 1860239360 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\salhelper3MSC.dll
Script: Quarantine, Delete, BC delete 1947009024 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stlport_vc7145.dll
Script: Quarantine, Delete, BC delete 268435456 STLport Copyright © Boris Fomitchev -- 4532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stocservices.uno.dll
Script: Quarantine, Delete, BC delete 1823473664 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\store3.dll
Script: Quarantine, Delete, BC delete 1823670272 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\uwinapi.dll
Script: Quarantine, Delete, BC delete 1881014272 Copyright © 2010 by Oracle, Inc. -- 4532
C:\Program Files\AVAST Software\Avast\defs\12080601\algo.dll
Script: Quarantine, Delete, BC delete 1804075008 -- 1288
Modules detected:531, recognized as trusted 483

Kernel Space Modules Viewer
Module Base address Size in memory Description Manufacturer
C:\Windows\system32\DRIVERS\80013130.sys
Script: Quarantine, Delete, BC delete 7201000 75F000 (7729152)
C:\Windows\System32\Drivers\dump_diskdump.sys
Script: Quarantine, Delete, BC delete 42DE000 00A000 (40960)
C:\Windows\System32\Drivers\dump_dumpfve.sys
Script: Quarantine, Delete, BC delete 45D9000 013000 (77824)
C:\Windows\System32\Drivers\dump_nvstor64.sys
Script: Quarantine, Delete, BC delete 4107000 03F000 (258048)
Modules detected - 167, recognized as trusted - 163

Services
Service Description Status File Group Dependencies
Detected - 170, recognized as trusted - 170

Drivers
Service Description Status File Group Dependencies
80013130
Driver: Unload, Delete, Disable, BC delete 80013130 Running 80013130.sys
Script: Quarantine, Delete, BC delete
catchme
Driver: Unload, Delete, Disable, BC delete catchme Not started C:\ComboFix\catchme.sys
Script: Quarantine, Delete, BC delete Base
Detected - 252, recognized as trusted - 250

Autoruns
File name Status Startup method Description
C:\Users\DJF\AppData\Local\Temp\_uninst_80225257.bat
Script: Quarantine, Delete, BC delete Active Shortcut in Autoruns folder C:\Users\DJF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\DJF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_80225257.lnk,
C:\Windows\System32\appmgmts.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters, ServiceDll
Delete
C:\Windows\system32\psxss.exe
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
C:\cf6d56e8526e861137df4b01d92338ed\DW\DW20.exe
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup, EventMessageFile
auditcse.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}, DLLName
Delete
rdpclip
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd, StartupPrograms
Delete
Autoruns items detected - 592, recognized as trusted - 586

Microsoft Internet Explorer extension modules (BHOs, Toolbars ...)
File name Type Description Manufacturer CLSID
Extension module {2670000A-7350-4f3c-8081-5663EE0C6C49}
Delete
Extension module {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
Delete
Elements detected - 9, recognized as trusted - 7

Windows Explorer extension modules
File name Destination Description Manufacturer CLSID
ColumnHandler {F9DB5320-233E-11D1-9F84-707F02C10627}
Delete
Elements detected - 40, recognized as trusted - 39

Printing system extensions (print monitors, providers)
File name Type Name Description Manufacturer
CNHF1LM.DLL
Script: Quarantine, Delete, BC delete Monitor BJ Fax Language Monitor1
CNBLM4.DLL
Script: Quarantine, Delete, BC delete Monitor BJ Language Monitor4
localspl.dll
Script: Quarantine, Delete, BC delete Monitor Local Port
FXSMON.DLL
Script: Quarantine, Delete, BC delete Monitor Microsoft Shared Fax Monitor
tcpmon.dll
Script: Quarantine, Delete, BC delete Monitor Standard TCP/IP Port
usbmon.dll
Script: Quarantine, Delete, BC delete Monitor USB Monitor
WSDMon.dll
Script: Quarantine, Delete, BC delete Monitor WSD Port
inetpp.dll
Script: Quarantine, Delete, BC delete Provider HTTP Print Services
Elements detected - 9, recognized as trusted - 1

Task Scheduler jobs
File name Job name Job status Description Manufacturer
Elements detected - 3, recognized as trusted - 3

SPI/LSP settings
Namespace providers (NSP) Provider Status EXE file Description GUID
Detected - 9, recognized as trusted - 9
Transport protocol providers (TSP, LSP) Provider EXE file Description
Detected - 10, recognized as trusted - 10
Results of automatic SPI settings check LSP settings checked. No errors detected


TCP/UDP ports
Port Status Remote Host Remote Port Application Notes
TCP ports
135 LISTENING 0.0.0.0 0 [868] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
139 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
445 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
554 LISTENING 0.0.0.0 0 [4956] wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate
2869 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
5354 ESTABLISHED 127.0.0.1 49156 [1944] mDNSResponder.exe
Script: Quarantine, Delete, BC delete, Terminate
5354 LISTENING 0.0.0.0 0 [1944] mDNSResponder.exe
Script: Quarantine, Delete, BC delete, Terminate
5357 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
10243 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
12025 LISTENING 0.0.0.0 0 [1288] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12080 LISTENING 0.0.0.0 0 [1288] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12119 LISTENING 0.0.0.0 0 [1288] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12465 LISTENING 0.0.0.0 0 [1288] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12563 LISTENING 0.0.0.0 0 [1288] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
27015 ESTABLISHED 127.0.0.1 49183 [1916] c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
Script: Quarantine, Delete, BC delete, Terminate
27015 LISTENING 0.0.0.0 0 [1916] c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
Script: Quarantine, Delete, BC delete, Terminate
27275 LISTENING 0.0.0.0 0 [1288] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
49152 LISTENING 0.0.0.0 0 [504] wininit.exe
Script: Quarantine, Delete, BC delete, Terminate
49153 LISTENING 0.0.0.0 0 [928] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49154 LISTENING 0.0.0.0 0 [348] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49156 ESTABLISHED 127.0.0.1 5354 [1916] c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
Script: Quarantine, Delete, BC delete, Terminate
49163 LISTENING 0.0.0.0 0 [1548] spoolsv.exe
Script: Quarantine, Delete, BC delete, Terminate
49165 LISTENING 0.0.0.0 0 [568] services.exe
Script: Quarantine, Delete, BC delete, Terminate
49166 LISTENING 0.0.0.0 0 [584] lsass.exe
Script: Quarantine, Delete, BC delete, Terminate
49183 ESTABLISHED 127.0.0.1 27015 [4340] c:\program files (x86)\itunes\ituneshelper.exe
Script: Quarantine, Delete, BC delete, Terminate
50548 ESTABLISHED 77.234.43.54 80 [1288] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
50734 TIME_WAIT 192.168.0.1 5000 [0]
50736 TIME_WAIT 192.168.0.1 5000 [0]
50737 TIME_WAIT 192.168.0.1 5000 [0]
50738 TIME_WAIT 192.168.0.1 5000 [0]
50739 TIME_WAIT 192.168.0.1 5000 [0]
50740 TIME_WAIT 192.168.0.1 5000 [0]
50741 TIME_WAIT 192.168.0.1 5000 [0]
50742 TIME_WAIT 192.168.0.1 5000 [0]
UDP ports
137 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
138 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
500 LISTENING -- -- [348] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [1984] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [1984] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3544 LISTENING -- -- [348] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [1028] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [1984] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [1028] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [1984] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4500 LISTENING -- -- [348] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
5004 LISTENING -- -- [4956] wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate
5005 LISTENING -- -- [4956] wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate
5353 LISTENING -- -- [1944] mDNSResponder.exe
Script: Quarantine, Delete, BC delete, Terminate
49889 LISTENING -- -- [348] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49942 LISTENING -- -- [1984] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
52639 LISTENING -- -- [5924] c:\program files (x86)\internet explorer\iexplore.exe
Script: Quarantine, Delete, BC delete, Terminate
53698 LISTENING -- -- [1916] c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
Script: Quarantine, Delete, BC delete, Terminate
53699 LISTENING -- -- [1916] c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
Script: Quarantine, Delete, BC delete, Terminate
53700 LISTENING -- -- [1944] mDNSResponder.exe
Script: Quarantine, Delete, BC delete, Terminate
53845 LISTENING -- -- [3140] c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
58915 LISTENING -- -- [1308] c:\program files (x86)\windows live\mail\wlmail.exe
Script: Quarantine, Delete, BC delete, Terminate
59134 LISTENING -- -- [4340] c:\program files (x86)\itunes\ituneshelper.exe
Script: Quarantine, Delete, BC delete, Terminate
59135 LISTENING -- -- [4340] c:\program files (x86)\itunes\ituneshelper.exe
Script: Quarantine, Delete, BC delete, Terminate
60088 LISTENING -- -- [1028] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
63540 LISTENING -- -- [1028] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
64121 LISTENING -- -- [2692] c:\program files (x86)\internet explorer\iexplore.exe
Script: Quarantine, Delete, BC delete, Terminate
64796 LISTENING -- -- [1984] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
64797 LISTENING -- -- [1984] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate

Downloaded Program Files (DPF)
File name Description Manufacturer CLSID Source URL
Elements detected - 1, recognized as trusted - 1

Control Panel Applets (CPL)
File name Description Manufacturer
C:\Windows\system32\FlashPlayerCPLApp.cpl
Script: Quarantine, Delete, BC delete Adobe Flash Player Control Panel Applet Copyright © 1996 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.
Elements detected - 19, recognized as trusted - 18

Active Setup
File name Description Manufacturer CLSID
Elements detected - 9, recognized as trusted - 9

HOSTS file
Hosts file record
127.0.0.1 localhost


Clear Hosts file

Protocols and handlers
File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
Elements detected - 16, recognized as trusted - 13

Suspicious objects
File Description Type


--------------------------------------------------------------------------------

Main script of analysis
Windows version: Windows 7 Home Premium, Build=7601, SP="Service Pack 1"
System Restore: enabled
>> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-268)
>> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
>> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
>> Disable HDD autorun
>> Disable autorun from network drives
>> Disable CD/DVD autorun
>> Disable removable media autorun
>> Windows Explorer - show extensions of known file types
System Analysis in progress
System Analysis - complete

Script commands
Add commands to script:Blocking hooks using Anti-RootkitEnable AVZGuardOperations with AVZPM (true=enable,false=disable)BootCleaner - import list of deleted filesBootCleaner - import allRegistry cleanup after deleting filesExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizardBootCleaner - activateRebootInsert template for QuarantineFile() - quarantining fileInsert template for BC_QrFile() - quarantining file via BootCleanerInsert template for DeleteFile() - deleting fileInsert template for DelCLSID() - deleting CLSID item from registryAdditional operations:Performance tweaking: disable service TermService (@%SystemRoot%\System32\termsrv.dll,-268)Performance tweaking: disable service SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)Performance tweaking: disable service Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)Security tweaking: disable CD autorunSecurity tweaking: disable administrative sharesSecurity tweaking: disable anonymous user accessSecurity: disable sending Remote Assistant queries--------------------------------------------------------------------------------
File list





<?xml version="1.0" encoding="windows-1251" ?>
- <!-- AVZ XML Report
-->
- <AVZ Version="4.35" LogDate="06.08.2012 19:47:10" WinDir="C:\Windows\" OS_MjVer="6" OS_MiVer="1" OS_Build="7601" BootMode="0" OS_CSDV="Service Pack 1" ProfileDir="C:\Users\DJF" Session="" IsWow64="True" IsAdmin="True" IsSRDisabled="False" MainDBDate="12/30/1899" CompHash="5E15EDA47F8CC3105DE8851667B74D0C">
- <PROCESS>
<ITEM PID="1288" File="c:\program files\avast software\avast\avastsvc.exe" CheckResult="0" Descr="avast! Service" LegalCopyright="Copyright © 2012 AVAST Software" Hidden="0" CmdLine=""C:\Program Files\AVAST Software\Avast\AvastSvc.exe"" Size="44808" Attr="rsAh" CreateDate="06.07.2012 20:19:46" ChageDate="03.07.2012 12:21:29" MD5="2F7C0F3E39C45E0127FB78B2F18A41F3" />
<ITEM PID="3900" File="dpupdchk.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
<ITEM PID="4656" File="iPodService.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
<ITEM PID="3736" File="ipoint.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
<ITEM PID="1944" File="mDNSResponder.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
<ITEM PID="364" File="NOBuAgent.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
<ITEM PID="1136" File="nSvcAppFlt.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
<ITEM PID="2732" File="nSvcIp.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
<ITEM PID="3792" File="RAVCpl64.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
<ITEM PID="4532" File="c:\program files (x86)\openoffice.org 3\program\soffice.bin" CheckResult="0" Descr="OpenOffice.org 3.3" LegalCopyright="Copyright © 2000-2010 by Oracle, Inc." Hidden="0" CmdLine=""C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"" Size="11314688" Attr="rsAh" CreateDate="17.01.2011 18:37:40" ChageDate="17.01.2011 18:37:40" MD5="2337EC951C4AF6E1AF65D10BD9615BEB" />
<ITEM PID="4956" File="wmpnetwk.exe" CheckResult="-1" Descr="" LegalCopyright="" Hidden="1" CmdLine="" />
</PROCESS>
- <DLL>
<ITEM File="C:\Program Files\AVAST Software\Avast\defs\12080601\algo.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="1288" Hidden="0" Size="1792000" Attr="rsAh" CreateDate="06.08.2012 16:47:07" ChageDate="06.08.2012 15:53:58" MD5="83FD20EEC65CA5A056C97A43B877A7B5" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\sal3.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="1740800" Attr="rsAh" CreateDate="17.01.2011 16:19:08" ChageDate="14.10.2011 22:51:36" MD5="31627AF89921827333F36DC57904D8C1" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\uwinapi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="86016" Attr="rsAh" CreateDate="19.11.2010 18:46:18" ChageDate="14.10.2011 22:51:36" MD5="8AE17F3B16E18C181887AC7B1176F550" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\sofficeapp.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="379904" Attr="rsAh" CreateDate="13.12.2010 16:23:04" ChageDate="14.10.2011 22:51:35" MD5="454453FC42331EE8FAAA180B3103F73E" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\comphelp4MSC.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="1033728" Attr="rsAh" CreateDate="17.01.2011 16:19:02" ChageDate="14.10.2011 22:51:33" MD5="5957599CCD5C20F0EF09DC5724D298C6" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="432128" Attr="rsAh" CreateDate="19.11.2010 18:45:20" ChageDate="14.10.2011 22:51:36" MD5="DC8E336A2A331D0C1563432B1CB009D2" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\salhelper3MSC.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="13312" Attr="rsAh" CreateDate="19.11.2010 18:45:56" ChageDate="14.10.2011 22:51:36" MD5="D3A856838D2CE61406B5B6B1B15C18AA" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppu3.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="142848" Attr="rsAh" CreateDate="19.11.2010 18:45:20" ChageDate="14.10.2011 22:51:36" MD5="7FE1C1210805639E4436E1AA15BFA43C" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stlport_vc7145.dll" CheckResult="-1" Descr="STLport" LegalCopyright="Copyright © Boris Fomitchev" UsedBy="4532" Hidden="0" Size="597504" Attr="rsAh" CreateDate="19.11.2010 18:46:06" ChageDate="14.10.2011 22:51:36" MD5="E4AF4686765E8328BA401E26B6367739" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\ucbhelper4MSC.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="358912" Attr="rsAh" CreateDate="19.11.2010 18:46:14" ChageDate="14.10.2011 22:51:36" MD5="031CA081F2B6335439199A8F9A4968F0" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\vos3MSC.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="94208" Attr="rsAh" CreateDate="19.11.2010 18:46:20" ChageDate="14.10.2011 22:51:36" MD5="07383E4B9D80B3F829A75764821DE923" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\deploymentmiscmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="135680" Attr="rsAh" CreateDate="17.01.2011 16:19:04" ChageDate="14.10.2011 22:51:34" MD5="3FA55AFD6FB18119992844399C51761D" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\libdb47.dll" CheckResult="-1" Descr="Berkeley DB 4.7 DLL" LegalCopyright="Copyright © Oracle 1997,2008" UsedBy="4532" Hidden="0" Size="832000" Attr="rsAh" CreateDate="17.01.2011 16:19:06" ChageDate="14.10.2011 22:51:34" MD5="7E176DAB009C8546598669F7830521A6" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\tlmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="529408" Attr="rsAh" CreateDate="17.01.2011 16:19:12" ChageDate="14.10.2011 22:51:36" MD5="352BD114CC6BE19C034AE4597E3B5E56" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\basegfxmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="700928" Attr="rsAh" CreateDate="17.01.2011 16:19:02" ChageDate="14.10.2011 22:51:33" MD5="EFE5B5BD7C143543D403367A70243D85" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\i18nisolang1MSC.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="26112" Attr="rsAh" CreateDate="19.11.2010 18:45:36" ChageDate="14.10.2011 22:51:34" MD5="A01C8AC4A10C0F7859C12E16A5583B11" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\utlmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="958464" Attr="rsAh" CreateDate="17.01.2011 16:19:12" ChageDate="14.10.2011 22:51:36" MD5="2C97C1EC7798FE966505E0139DECD85C" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\xcrmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="531456" Attr="rsAh" CreateDate="19.11.2010 18:46:20" ChageDate="14.10.2011 22:51:36" MD5="5D273513533F89A477D73691E0295B7A" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\sfxmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="3234816" Attr="rsAh" CreateDate="17.01.2011 16:19:10" ChageDate="14.10.2011 22:51:35" MD5="05FB98AFF45E3DBBC0F6D01DDD4ED9F0" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\fwemi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="869888" Attr="rsAh" CreateDate="13.12.2010 16:22:36" ChageDate="14.10.2011 22:51:34" MD5="3D9C5C11C34831B1633606B8B3C4DE3A" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\fwimi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="311296" Attr="rsAh" CreateDate="13.12.2010 16:22:36" ChageDate="14.10.2011 22:51:34" MD5="E6DA62B5B80F2F37FC8E34DCDFA2FF2B" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\svtmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="2863616" Attr="rsAh" CreateDate="13.12.2010 16:23:06" ChageDate="14.10.2011 22:51:35" MD5="8D193A229EE9AC50278DBF49C6DE6374" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\tkmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="2186752" Attr="rsAh" CreateDate="17.01.2011 16:19:12" ChageDate="14.10.2011 22:51:36" MD5="9FD24F35DD14039311FE9E5CF6BB3CF8" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\vclmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="3266560" Attr="rsAh" CreateDate="17.01.2011 16:19:12" ChageDate="14.10.2011 22:51:36" MD5="54763ABF58174A4D3A465EB6EFCA91F4" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\sotmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="256000" Attr="rsAh" CreateDate="19.11.2010 18:46:04" ChageDate="14.10.2011 22:51:35" MD5="1AF8542A9E67A56F089D4C7F34C54CED" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\i18npapermi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="29184" Attr="rsAh" CreateDate="19.11.2010 18:45:36" ChageDate="14.10.2011 22:51:34" MD5="C45E4DFF969BC9E612A7F15A956D7990" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\i18nutilMSC.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="66560" Attr="rsAh" CreateDate="19.11.2010 18:45:36" ChageDate="14.10.2011 22:51:34" MD5="D8FDFA9F10413394990B72290804CBD3" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\icuuc40.dll" CheckResult="-1" Descr="IBM ICU Common DLL" LegalCopyright="Copyright © 2008, International Business Machines Corporation and others. All Rights Reserved." UsedBy="4532" Hidden="0" Size="951296" Attr="rsAh" CreateDate="19.11.2010 18:45:38" ChageDate="14.10.2011 22:51:34" MD5="D72CBD88B4503A52BC3C12E0BFEB2B05" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\icudt40.dll" CheckResult="-1" Descr="ICU Data DLL" LegalCopyright="Copyright © 2008, International Business Machines Corporation and others. All Rights Reserved." UsedBy="4532" Hidden="0" Size="13914112" Attr="rsAh" CreateDate="19.11.2010 18:45:36" ChageDate="14.10.2011 22:51:34" MD5="965E86B5BC1948EA00570C7D5D16978D" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\svlmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="777216" Attr="rsAh" CreateDate="17.01.2011 16:19:10" ChageDate="14.10.2011 22:51:35" MD5="50863BF52B964E5CD79092F14E94C6CF" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\jvmfwk3.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="92160" Attr="rsAh" CreateDate="19.11.2010 18:45:40" ChageDate="14.10.2011 22:51:36" MD5="5A9E8A71D9FDDEBE125BF3E9A86B86A5" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="4532" Hidden="0" Size="985088" Attr="rsAh" CreateDate="17.01.2011 16:19:06" ChageDate="14.10.2011 22:51:34" MD5="5C85BE88896379D3CB5F89B0372FEA7B" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\sbmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="1577984" Attr="rsAh" CreateDate="17.01.2011 16:19:08" ChageDate="14.10.2011 22:51:35" MD5="CA7D3F33EAFC77FFFC6B1264764F6CF8" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\msci_uno.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="51712" Attr="rsAh" CreateDate="19.11.2010 18:45:44" ChageDate="14.10.2011 22:51:36" MD5="A32353C4C37C1D9D93B6B2BFFBCAC936" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\bootstrap.uno.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="452608" Attr="rsAh" CreateDate="19.11.2010 18:45:14" ChageDate="14.10.2011 22:51:36" MD5="5C49F2FF1FCDD7A2F32667174C25D690" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\reg3.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="92672" Attr="rsAh" CreateDate="19.11.2010 18:45:54" ChageDate="14.10.2011 22:51:36" MD5="1683956538D0A78244A841C55F559F47" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\store3.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="53248" Attr="rsAh" CreateDate="19.11.2010 18:46:06" ChageDate="14.10.2011 22:51:36" MD5="3515F77A5FADFD6A3F01442778B7369E" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\configmgr.uno.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="396800" Attr="rsAh" CreateDate="19.11.2010 18:45:18" ChageDate="14.10.2011 22:51:33" MD5="E108E95E08B9563831762C1D37FBB107" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\localebe1.uno.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="24064" Attr="rsAh" CreateDate="13.12.2010 16:22:44" ChageDate="14.10.2011 22:51:34" MD5="F162169026CDFE43CB0A227A927910BE" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stocservices.uno.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="92672" Attr="rsAh" CreateDate="19.11.2010 18:46:06" ChageDate="14.10.2011 22:51:36" MD5="95D3C50D19690ED2E3F7F21EE6D03A5D" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\ucb1.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="212992" Attr="rsAh" CreateDate="19.11.2010 18:46:14" ChageDate="14.10.2011 22:51:36" MD5="48066FB18B91B22F3BBC97605AD3E26F" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\fwkmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="1649152" Attr="rsAh" CreateDate="13.12.2010 16:22:38" ChageDate="14.10.2011 22:51:34" MD5="A366CD196F7A0AC1EEF2FAD2FF2445F8" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\ucpfile1.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="257024" Attr="rsAh" CreateDate="17.01.2011 16:19:12" ChageDate="14.10.2011 22:51:36" MD5="A8F1978E4C68388936CD9AEBA7619E75" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\i18npool.uno.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="1317376" Attr="rsAh" CreateDate="17.01.2011 16:19:06" ChageDate="14.10.2011 22:51:34" MD5="605481BE0295FE48DD0957F821C984C3" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\icuin40.dll" CheckResult="-1" Descr="IBM ICU I18N DLL" LegalCopyright="Copyright © 2008, International Business Machines Corporation and others. All Rights Reserved." UsedBy="4532" Hidden="0" Size="1071616" Attr="rsAh" CreateDate="19.11.2010 18:45:36" ChageDate="14.10.2011 22:51:34" MD5="392DA0C8DFB6A324262CE3027A9581F9" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\oooimprovementmi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="83968" Attr="rsAh" CreateDate="13.12.2010 16:22:50" ChageDate="14.10.2011 22:51:35" MD5="64EA7EB625701E6562E660AC8F93D5B4" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\oleautobridge.uno.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="287232" Attr="rsAh" CreateDate="13.12.2010 16:22:50" ChageDate="14.10.2011 22:51:35" MD5="783A71728F921203764671E5D07D0B84" />
<ITEM File="C:\Program Files (x86)\OpenOffice.org 3\program\emsermi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © 2010 by Oracle, Inc." UsedBy="4532" Hidden="0" Size="148480" Attr="rsAh" CreateDate="19.11.2010 18:45:28" ChageDate="14.10.2011 22:51:34" MD5="4FBD197BCF03D7E1D8D0777A87BC8805" />
</DLL>
- <KERNELOBJ>
<ITEM File="C:\Windows\system32\DRIVERS\80013130.sys" CheckResult="-1" Base="7201000" MemSize="75F000" Descr="" LegalCopyright="" />
<ITEM File="C:\Windows\System32\Drivers\dump_diskdump.sys" CheckResult="-1" Base="42DE000" MemSize="00A000" Descr="" LegalCopyright="" />
<ITEM File="C:\Windows\System32\Drivers\dump_dumpfve.sys" CheckResult="-1" Base="45D9000" MemSize="013000" Descr="" LegalCopyright="" />
<ITEM File="C:\Windows\System32\Drivers\dump_nvstor64.sys" CheckResult="-1" Base="4107000" MemSize="03F000" Descr="" LegalCopyright="" />
</KERNELOBJ>
<Service />
- <Drivers>
<ITEM File="80013130.sys" Name="80013130" CheckResult="-1" Type="1" State="4" />
<ITEM File="C:\ComboFix\catchme.sys" Name="catchme" CheckResult="-1" Type="1" State="1" />
</Drivers>
- <AUTORUN>
<ITEM File="C:\Users\DJF\AppData\Local\Temp\_uninst_80225257.bat" CheckResult="-1" Enabled="1" Type="LNK" Size="356" Attr="rsAh" CreateDate="06.08.2012 19:45:04" ChageDate="06.08.2012 19:45:04" MD5="FA552CD8D731FAB71B18AE214A33C065" X1="C:\Users\DJF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\" X2="C:\Users\DJF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_80225257.lnk" X3="" />
<ITEM File="C:\Windows\System32\appmgmts.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters" X3="ServiceDll" />
<ITEM File="C:\Windows\system32\psxss.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="System\CurrentControlSet\Control\Session Manager\SubSystems" X3="Posix" />
<ITEM File="C:\cf6d56e8526e861137df4b01d92338ed\DW\DW20.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup" X3="EventMessageFile" />
<ITEM File="auditcse.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}" X3="DLLName" />
<ITEM File="rdpclip" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd" X3="StartupPrograms" />
</AUTORUN>
- <BHO>
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="3" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions" CLSID="{2670000A-7350-4f3c-8081-5663EE0C6C49}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" BHOType="3" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions" CLSID="{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}" Descr="" LegalCopyright="" />
</BHO>
- <ExplorerExt>
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="2" ExtName="ColumnHandler" RegKey="SOFTWARE\Classes\Folder\shellex\ColumnHandlers" CLSID="{F9DB5320-233E-11D1-9F84-707F02C10627}" Descr="" LegalCopyright="" />
</ExplorerExt>
- <PrintEXT>
<ITEM File="CNHF1LM.DLL" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="CNBLM4.DLL" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="localspl.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="FXSMON.DLL" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="tcpmon.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="usbmon.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="WSDMon.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="inetpp.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Providers" Descr="" LegalCopyright="" />
</PrintEXT>
<TaskScheduler />
- <SPI>
<ITEM File="C:\Windows\System32\mswsock.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\nlasvc.dll,-1000" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="20.11.2010 23:24:09" ChageDate="20.11.2010 23:24:09" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\napinsp.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\napinsp.dll,-1000" Descr="E-mail Naming Shim Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="52224" Attr="rsAh" CreateDate="13.07.2009 19:54:55" ChageDate="13.07.2009 21:16:02" MD5="0B7E85364CB878E2AD531DB7B601A9E5" />
<ITEM File="C:\Windows\system32\pnrpnsp.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1000" Descr="PNRP Name Space Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="65024" Attr="rsAh" CreateDate="13.07.2009 19:55:50" ChageDate="13.07.2009 21:16:12" MD5="5CF640EDDB1E40A5AB1BB743BCDEC610" />
<ITEM File="C:\Windows\system32\pnrpnsp.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1001" Descr="PNRP Name Space Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="65024" Attr="rsAh" CreateDate="13.07.2009 19:55:50" ChageDate="13.07.2009 21:16:12" MD5="5CF640EDDB1E40A5AB1BB743BCDEC610" />
<ITEM File="C:\Windows\System32\mswsock.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\wshtcpip.dll,-60103" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="20.11.2010 23:24:09" ChageDate="20.11.2010 23:24:09" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\System32\winrnr.dll" CheckResult="-1" SPIType="1" SPINaim="NTDS" Descr="LDAP RnR Provider DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="20992" Attr="rsAh" CreateDate="13.07.2009 19:37:57" ChageDate="13.07.2009 21:16:19" MD5="5DF5D8CFD9B9573FA3B2C89D9061A240" />
<ITEM File="C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" CheckResult="-1" SPIType="1" SPINaim="WindowsLive NSP" Descr="Microsoft® Windows Live ID Namespace Provider" LegalCopyright="Copyright © 1995-2010 Microsoft Corp." Size="145280" Attr="rsAh" CreateDate="28.03.2011 20:31:14" ChageDate="28.03.2011 20:31:14" MD5="12B79422A23814429CDA9E734C58F78F" />
<ITEM File="C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" CheckResult="-1" SPIType="1" SPINaim="WindowsLive Local NSP" Descr="Microsoft® Windows Live ID Namespace Provider" LegalCopyright="Copyright © 1995-2010 Microsoft Corp." Size="145280" Attr="rsAh" CreateDate="28.03.2011 20:31:14" ChageDate="28.03.2011 20:31:14" MD5="12B79422A23814429CDA9E734C58F78F" />
<ITEM File="C:\Program Files (x86)\Bonjour\mdnsNSP.dll" CheckResult="-1" SPIType="1" SPINaim="mdnsNSP" Descr="Bonjour Namespace Provider" LegalCopyright="Copyright © 2003-2011 Apple Inc." Size="121704" Attr="rsAh" CreateDate="30.08.2011 23:05:02" ChageDate="30.08.2011 23:05:02" MD5="40947436A70E0034E41123DF5A0A7702" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wship6.dll,-60100" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="20.11.2010 23:24:09" ChageDate="20.11.2010 23:24:09" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wship6.dll,-60101" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="20.11.2010 23:24:09" ChageDate="20.11.2010 23:24:09" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wship6.dll,-60102" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="20.11.2010 23:24:09" ChageDate="20.11.2010 23:24:09" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60100" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="20.11.2010 23:24:09" ChageDate="20.11.2010 23:24:09" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60101" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="20.11.2010 23:24:09" ChageDate="20.11.2010 23:24:09" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60102" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="20.11.2010 23:24:09" ChageDate="20.11.2010 23:24:09" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshqos.dll,-100" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="20.11.2010 23:24:09" ChageDate="20.11.2010 23:24:09" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshqos.dll,-101" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="20.11.2010 23:24:09" ChageDate="20.11.2010 23:24:09" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshqos.dll,-102" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="20.11.2010 23:24:09" ChageDate="20.11.2010 23:24:09" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshqos.dll,-103" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="20.11.2010 23:24:09" ChageDate="20.11.2010 23:24:09" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
</SPI>
<DPF />
- <CPL>
<ITEM File="C:\Windows\system32\FlashPlayerCPLApp.cpl" CheckResult="-1" Enabled="1" Descr="Adobe Flash Player Control Panel Applet" LegalCopyright="Copyright © 1996 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries." Size="70344" Attr="rsAh" CreateDate="16.10.2011 12:45:19" ChageDate="04.08.2012 16:15:07" MD5="55BAB11461AF614A9BE43DDA52EF6125" />
</CPL>
<ActiveSetup />
- <HOSTS>
<ITEM Line="127.0.0.1 localhost" />
</HOSTS>
- <ProtocolExt>
<ITEM File="mscoree.dll" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/octet-stream" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" Descr="Microsoft .NET Runtime Execution Engine" LegalCopyright="© Microsoft Corporation. All rights reserved." />
<ITEM File="mscoree.dll" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-complus" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" Descr="Microsoft .NET Runtime Execution Engine" LegalCopyright="© Microsoft Corporation. All rights reserved." />
<ITEM File="mscoree.dll" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-msdownload" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" Descr="Microsoft .NET Runtime Execution Engine" LegalCopyright="© Microsoft Corporation. All rights reserved." />
</ProtocolExt>
- <IPU>
<ITEM Code="1" X1="TermService" X2="@%SystemRoot%\System32\termsrv.dll,-268" />
<ITEM Code="1" X1="SSDPSRV" X2="@%systemroot%\system32\ssdpsrv.dll,-100" />
<ITEM Code="1" X1="Schedule" X2="@%SystemRoot%\system32\schedsvc.dll,-100" />
<ITEM Code="2" />
<ITEM Code="3" />
<ITEM Code="5" />
<ITEM Code="8" X1="-1" />
</IPU>
- <WIZARD-TSW>
<ITEM ID="58" Level="3" Fixed="0" />
<ITEM ID="59" Level="3" Fixed="0" />
<ITEM ID="60" Level="1" Fixed="0" />
<ITEM ID="61" Level="2" Fixed="0" />
<ITEM ID="66" Level="1" Fixed="0" />
</WIZARD-TSW>
</AVZ>
  • 0

#22
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Your logs shows that your system is clean. If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Removing the tools we used:

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now copy/paste this: ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /Uninstall, it needs to be there.

    Posted Image

  • Please follow the prompts to uninstall Combofix.
  • This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

NEXT...

OTL Clean-Up:

  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


There are a few things I recommend you to do once your computer is completely clean:

Updates for Windows - One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

How to turn on Automatic Updates for Windows:

Updates for other installed software

A common attack method for hacking attempts and malware installs is to exploit known vulnerabilities in programs that are commonly installed on a person's computer. These vulnerabilities could allow a remote user or malware developer to install malware, keyloggers, and backdoors on to your computer without your knowledge or permission.
Some of the programs that are commonly exploited include Adobe Shockwave, Adobe Reader, Sun Java, Adobe Flash, and even Windows itself. Therefore it is crucial that everyone remain vigilant as to when a security vulnerability is found in our installed programs and to update it when a security update is released. Unfortunately, no one has the time to stay on top of these updates, which can happen frequently.

I highly recommend you to install Secunia Personal Software Inspector (PSI) that can be used to scan your computer for known vulnerable programs, provide information on the vulnerability, and provide a location to an update for the vulnerable program. A tutorial on how to use Secunia Personal Software Inspector (PSI) can be found here: Keep Software Updated with Secunia PSI.

Web Browsers - Picking the right internet browser is very important. You need to find one that suits your needs but that is also safe. All browsers listed below are far more secure than Internet Explorer, immune to almost all known browser hijackers, and also have the best built-in pop up blockers.

Although, if you prefer staying with Internet Explorer I highly recommend you do this :

Make Internet Explorer more secure:
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the options Download signed and unsigned ActiveX controls to Prompt, and Initialize and Script ActiveX controls not marked as safe to Disable.
  • Next click OK, then Apply button and then OK to exit the Internet Properties page.

Tips to protect yourself against malware and reduce the potential for re-infection:

Now after all these steps, your PC will be more secure. However it is important to note that you can still get infected if you are not careful. One of the best security programs you can have is common sense. As malware gets more sophisticated, you need to be more wary. If you do get caught though and the above steps can't help prevent it, we will be here to help you out.

Stay secure and thank you for choosing GeeksToGo.
  • 0

#23
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP