Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AVG reporting rootkits [Solved]

Started by Ghadhean , Oct 13 2012 02:55 PM

  • This topic is locked This topic is locked

#1
Ghadhean
Posted 13 October 2012 - 02:55 PM

Ghadhean

    New Member

  • Member
  • Pip
  • 4 posts
I haven't noticed any problems with the computer, this is the only symptom. I've tried running a few scans on my own and uninstalling Daemon Tools Lite and Alchohol 120%, the only change I've seen is the filename that comes up in the AVG report--currently "spgk.sys". Below is the report from AVG followed by the OTL logfile.

Scan "Anti-Rootkit scan" completed.
Rootkits;"7";"0";"7"

Scan started:;"Saturday, October 13, 2012, 12:43:40 PM"
Scan finished:;"Saturday, October 13, 2012, 12:43:59 PM (18 second(s))"
Total object scanned:;"3654"
User who launched the scan:;"SYSTEM"

Rootkits
;"File";"Infection";"Result"
;"C:\Windows\System32\Drivers\spgk.sys";"atapi.sys, hooked import ataport.SYS AtaPortWritePortUchar -> spgk.sys +0x26D6";"Object is hidden"
;"C:\Windows\System32\Drivers\spgk.sys";"atapi.sys, hooked import ataport.SYS AtaPortReadPortUchar -> spgk.sys +0x2042";"Object is hidden"
;"C:\Windows\System32\Drivers\spgk.sys";"atapi.sys, hooked import ataport.SYS AtaPortWritePortBufferUshort -> spgk.sys +0x2800";"Object is hidden"
;"C:\Windows\System32\Drivers\spgk.sys";"atapi.sys, hooked import ataport.SYS AtaPortReadPortUshort -> spgk.sys +0x20C0";"Object is hidden"
;"C:\Windows\System32\Drivers\spgk.sys";"atapi.sys, hooked import ataport.SYS AtaPortReadPortBufferUshort -> spgk.sys +0x213E";"Object is hidden"
;"C:\Windows\System32\Drivers\spgk.sys";"Inline hook ataport.SYS DllUnload -> spgk.sys +0x299FE";"Object is hidden"
;"C:\Windows\System32\Drivers\spgk.sys";"i8042prt.sys, hooked import HAL.dll READ_PORT_UCHAR -> spgk.sys +0x11B90";"Object is hidden"


------------------------
OTL logfile created on: 10/13/2012 1:04:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JP\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 49.35% Memory free
6.19 Gb Paging File | 4.37 Gb Available in Paging File | 70.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.00 Gb Total Space | 53.84 Gb Free Space | 24.36% Space Free | Partition Type: NTFS
Drive D: | 11.88 Gb Total Space | 0.48 Gb Free Space | 4.00% Space Free | Partition Type: NTFS

Computer Name: SCARLET | User Name: JP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/13 13:03:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JP\Downloads\OTL.exe
PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/08/07 03:39:46 | 004,370,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgui.exe
PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/10/20 13:49:22 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/09/09 16:01:16 | 001,804,648 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
PRC - [2011/09/09 15:49:30 | 000,643,944 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/11/30 08:29:58 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/05/05 12:19:14 | 000,451,904 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/12/10 21:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/09/06 19:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Windows\sttray.exe
PRC - [2007/07/12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/12 16:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/10 03:06:15 | 000,460,312 | ---- | M] () -- C:\Users\JP\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 03:06:13 | 012,435,992 | ---- | M] () -- C:\Users\JP\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
MOD - [2012/10/10 03:06:12 | 004,005,912 | ---- | M] () -- C:\Users\JP\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 03:04:57 | 000,578,072 | ---- | M] () -- C:\Users\JP\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
MOD - [2012/10/10 03:04:55 | 000,123,928 | ---- | M] () -- C:\Users\JP\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll
MOD - [2012/10/10 03:04:44 | 000,156,712 | ---- | M] () -- C:\Users\JP\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 03:04:43 | 000,275,496 | ---- | M] () -- C:\Users\JP\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 03:04:42 | 002,168,360 | ---- | M] () -- C:\Users\JP\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2011/10/20 13:49:22 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - [2012/09/09 14:55:20 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/10/20 13:49:23 | 000,246,600 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/28 13:32:26 | 000,444,928 | ---- | M] (Livescribe) [Disabled | Stopped] -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
SRV - [2009/05/05 12:19:14 | 000,451,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2008/05/05 15:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/10 21:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/07/12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JP\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/07/26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/05/23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011/01/19 18:47:12 | 000,022,504 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/07/28 13:32:26 | 000,020,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PulseUsb.sys -- (PulseUsb)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/06/13 17:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/03/25 04:09:06 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/03/25 04:09:06 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010/03/25 04:09:06 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/02/08 15:16:56 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/02/29 01:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/09/06 19:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/05/23 17:37:40 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2006/11/02 00:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...ys=PTB&M=M-6337
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2304157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {3E2859B7-2F3A-47C8-9F11-81D9373C7457}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3E2859B7-2F3A-47C8-9F11-81D9373C7457}: "URL" = http://www.google.co...&rlz=1I7GWYE_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2011-10-20 13:49:26&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2304157
IE - HKCU\..\SearchScopes\{B8B6E7B6-43C6-4848-90F6-A4CC1DC44968}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.88
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.003
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\JP\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\JP\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\JP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/09 23:08:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/10 09:06:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/30 09:31:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 14:55:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/09 14:55:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/09 23:08:51 | 000,000,000 | ---D | M]

[2008/12/17 01:58:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JP\AppData\Roaming\Mozilla\Extensions
[2012/10/12 14:56:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\nmwpaavl.default\extensions
[2010/04/27 07:00:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\nmwpaavl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/09/19 10:30:14 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\nmwpaavl.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011/08/24 17:10:31 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\nmwpaavl.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}(61)
[2009/09/03 08:47:46 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\nmwpaavl.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2012/09/19 10:30:16 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\nmwpaavl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/10/20 13:49:35 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\nmwpaavl.default\extensions\avg@toolbar
[2009/06/04 07:35:20 | 000,000,000 | ---D | M] (ikariam.GameStats.org) -- C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\nmwpaavl.default\extensions\[email protected]
[2012/09/19 10:30:14 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\nmwpaavl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2009/04/09 15:03:38 | 000,057,407 | ---- | M] (flashget) (No name found) -- C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\nmwpaavl.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
[2008/10/17 10:03:56 | 000,000,205 | ---- | M] () (No name found) -- C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\nmwpaavl.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\IFlashgetXpi.xpt
[2010/02/08 15:18:20 | 000,002,055 | ---- | M] () -- C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\nmwpaavl.default\searchplugins\daemon-search.xml
[2012/09/09 14:55:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/09 14:55:20 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/01/20 17:39:06 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll
[2012/09/02 15:13:49 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/02 15:13:49 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\JP\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\JP\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\JP\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\JP\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: PopCap Games Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Photosynth (Enabled) = C:\Program Files\Photosynth\npPhotosynthMozilla.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\JP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Bejeweled = C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: YOUZEEK Free Music = C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcgpdkighmjfjlplcighhgamlhkimce\1.6.4_0\
CHR - Extension: Pirates: Tides of Fortune = C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Extensions\djlmofcgpnpnhlbkgbpenbecfboohcka\0.88_0\
CHR - Extension: Do Not Track Plus = C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.0.510_0\
CHR - Extension: Vector Racer = C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnlopomddhnaodbjochfdcebknmejgei\2011.2.9_0\
CHR - Extension: AdBlock = C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: Google Play Music = C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\4.0_0\
CHR - Extension: AVG Safe Search = C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: Solve a Cipher! = C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmgkpnbfgimlalkolndeccanfnbpogcd\2.5.0_0\
CHR - Extension: Zoggle = C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Extensions\makbpnhaoldbpinpacbppcefmonaimlf\1_0\
CHR - Extension: AVG Do Not Track = C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Readability = C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadggleneidfmbhhedlildjnpgcggmch\1.13_0\

O1 HOSTS File: ([2012/10/12 14:23:45 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74058E31-909D-4151-B5B5-780EA6D75293}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8557A1B1-C4A8-4456-8F6C-295EFF17B98A}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\JP\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\JP\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/16 18:28:43 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/12 14:26:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/12 14:26:12 | 000,000,000 | ---D | C] -- C:\Users\JP\AppData\Local\temp
[2012/10/11 17:57:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/11 17:57:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/11 17:57:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/11 17:57:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/11 17:56:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/11 17:47:39 | 004,766,830 | R--- | C] (Swearware) -- C:\Users\JP\Desktop\ComboFix.exe
[2012/10/11 13:06:03 | 000,000,000 | ---D | C] -- C:\Users\JP\AVG
[2012/09/18 07:00:20 | 000,000,000 | ---D | C] -- C:\Users\JP\Documents\Music
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/13 13:04:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1894920989-1679741012-3906484108-1000UA.job
[2012/10/13 12:58:47 | 097,271,295 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/10/13 12:58:47 | 000,629,010 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/10/13 12:48:40 | 000,002,610 | ---- | M] () -- C:\Users\JP\Documents\avgrkscan.csv
[2012/10/13 12:42:47 | 000,001,765 | ---- | M] () -- C:\Users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
[2012/10/13 12:41:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/13 12:41:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/13 12:41:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/13 12:41:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/13 12:41:30 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/13 09:21:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1894920989-1679741012-3906484108-1001UA.job
[2012/10/13 09:20:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1894920989-1679741012-3906484108-1001UA.job
[2012/10/13 09:18:10 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/12 21:20:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1894920989-1679741012-3906484108-1001Core.job
[2012/10/12 20:04:01 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1894920989-1679741012-3906484108-1000Core.job
[2012/10/12 15:25:29 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/10/12 14:23:45 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/11 17:48:27 | 004,766,830 | R--- | M] (Swearware) -- C:\Users\JP\Desktop\ComboFix.exe
[2012/10/11 12:52:52 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/11 12:52:52 | 000,105,022 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/11 11:21:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1894920989-1679741012-3906484108-1001Core.job
[2012/10/10 19:15:12 | 000,002,038 | ---- | M] () -- C:\Users\JP\Desktop\Google Chrome.lnk
[2012/10/10 19:15:12 | 000,002,000 | ---- | M] () -- C:\Users\JP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/29 18:02:47 | 000,879,336 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/13 12:48:40 | 000,002,610 | ---- | C] () -- C:\Users\JP\Documents\avgrkscan.csv
[2012/10/12 14:41:08 | 000,000,820 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2012/10/11 17:57:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/11 17:57:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/11 17:57:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/11 17:57:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/11 17:57:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/15 20:15:19 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2012/08/15 20:15:19 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2012/08/11 19:19:12 | 000,002,731 | ---- | C] () -- C:\Users\JP\.recently-used.xbel
[2012/07/13 19:22:57 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/01/26 08:17:48 | 000,000,307 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/09/14 18:57:44 | 000,207,579 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011/07/31 20:11:51 | 000,011,166 | ---- | C] () -- C:\Users\JP\gsview32.ini
[2010/04/09 19:13:28 | 000,000,000 | ---- | C] () -- C:\Users\JP\AppData\Local\prvlcl.dat
[2010/02/06 18:22:32 | 000,007,330 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2010/01/29 20:01:56 | 000,063,488 | ---- | C] () -- C:\Users\JP\xobglu16.dll
[2009/05/19 17:12:45 | 000,004,920 | ---- | C] () -- C:\Users\JP\descrambleC.dcr
[2009/05/03 12:21:23 | 000,000,680 | ---- | C] () -- C:\Users\JP\AppData\Local\d3d9caps.dat
[2009/03/19 14:04:03 | 000,000,000 | ---- | C] () -- C:\Users\JP\.javafx_eula_accepted
[2008/11/17 00:48:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/10/17 05:57:09 | 000,069,632 | ---- | C] () -- C:\Users\JP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/19 23:11:29 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat

========== ZeroAccess Check ==========

[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/08/21 21:11:24 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\.minecraft
[2012/02/10 15:25:58 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\.minecraft - Copy
[2012/10/12 16:21:47 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\.techniclauncher
[2012/01/27 15:21:10 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\AVG
[2011/10/20 13:50:09 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\AVG2012
[2010/02/07 20:10:28 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\AVG9
[2010/01/30 21:38:29 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\BITS
[2010/04/17 23:58:50 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\BitTorrent
[2008/12/11 17:16:09 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\Canon
[2010/06/18 23:07:30 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\CBS Interactive
[2011/11/27 22:37:10 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\cerasus.media
[2012/03/01 15:37:14 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\com.hwp.HWPLauncher
[2010/03/24 15:08:12 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2010/02/14 00:13:18 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\CrypTool
[2009/07/05 16:13:35 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\DAEMON Tools Lite
[2009/02/15 10:59:21 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2010/09/24 16:21:42 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\Downloaded Installations
[2011/11/28 17:26:53 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\ERS Game Studios
[2012/06/08 13:51:09 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\EuroTalk
[2009/09/03 08:47:14 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\FlashGet
[2009/09/03 08:47:08 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\FlashGetBHO
[2012/08/10 16:34:22 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\gtk-2.0
[2011/01/26 22:20:31 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\Hoyle
[2010/12/29 02:33:57 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\Hoyle FaceCreator
[2010/01/13 19:42:36 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\OpenOffice.org
[2011/11/01 22:46:15 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\Orneon
[2011/10/12 07:26:29 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\PokerCreations
[2008/11/24 00:49:48 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\SampleView
[2012/10/12 15:35:59 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\Samsung
[2008/08/23 17:00:42 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\ScanSoft
[2011/11/14 18:01:57 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\SouthPointPoker
[2009/09/11 23:39:57 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\The Creative Assembly
[2012/08/09 15:15:28 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\Three Rings Design
[2010/07/13 01:14:45 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\Unity
[2008/08/20 15:09:11 | 000,000,000 | ---D | M] -- C:\Users\JP\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:9F3CEEE6
@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:BEE39E9B
@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:65137F0D
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:943971F5

< End of report >
  • 0

Advertisements

#2
Aaron
Posted 13 October 2012 - 03:25 PM

Aaron

    Expert

  • Expert
  • 3,155 posts
Welcome at Geeks to Go ;) !
My name is Aaron and I will be helping you with your computer problem(s).

A few things:
  • Please post all the requested logs directly in your reply, do not attach or put them in Quote/Code boxes unless asked to.
  • Advanced malware isn't correctly removed in a few minutes, it will take take some time to analyse your system, removing the malware and analysing your system again for leftovers.
  • If you have any questions, don't hesitate to ask!

I see you ran Combofix, it's a dangerous tool to use if you are not familiar with it. Could you please post the log? You can find it here: C:\ComboFix.txt

============ Step one ============

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

============ Step two ============

Download aswMBR.exe to your desktop.

1. Double click the aswMBR.exe to run it
2. Click the "Scan" button to start scan
Note: if you use Avast, please disable the automatic scan: put AV engine to None.
Posted Image

3. On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

============ Step three ============

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

- Maser00
  • 0

#3
Ghadhean
Posted 13 October 2012 - 04:21 PM

Ghadhean

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for the quick reply! Posting logs:

-=ComboFix=-
-=AdwCleaner=-
-=aswMBR=-
-=RogueKiller=-

-=ComboFix=-
ComboFix 12-10-11.03 - JP 10/12/2012 14:14:01.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.2004 [GMT -7:00]
Running from: c:\users\JP\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\system
.
---- Previous Run -------
.
c:\users\JP\xobglu32.dll
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-12 to 2012-10-12 )))))))))))))))))))))))))))))))
.
.
2012-10-12 21:23 . 2012-10-12 21:23 -------- d-----w- c:\users\JP\AppData\Local\temp
2012-10-12 21:23 . 2012-10-12 21:23 -------- d-----w- c:\users\Ingrid\AppData\Local\temp
2012-10-12 21:23 . 2012-10-12 21:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-11 20:06 . 2012-10-11 20:06 -------- d-----w- c:\users\JP\AVG
2012-10-10 20:13 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 20:13 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 20:13 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 20:13 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 20:13 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 20:13 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 20:13 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-22 21:18 . 2012-08-24 07:34 140936 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-09-22 21:18 . 2012-08-24 06:47 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-09-22 21:18 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-22 21:18 . 2012-08-24 06:48 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-09-22 21:11 . 2012-08-24 06:51 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-24 22:43 . 2012-08-24 22:43 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-07-26 10:21 . 2012-07-26 10:21 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-09 21:55 . 2012-09-09 21:55 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-11-29 09:21 . 2012-09-09 21:55 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-11-10 03:31 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll" [2011-11-10 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-24 39408]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-29 95576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 865840]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-29 30192]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SigmatelSysTrayApp"="sttray.exe" [2007-09-07 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-30 198160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-10-20 218440]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072]
.
c:\users\JP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk - c:\windows\system32\RunDll32.exe [2006-11-2 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1894920989-1679741012-3906484108-1001Core.job
- c:\users\Ingrid\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-04 04:15]
.
2012-10-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1894920989-1679741012-3906484108-1001UA.job
- c:\users\Ingrid\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-04 04:15]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-18 21:36]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-18 21:36]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1894920989-1679741012-3906484108-1000Core.job
- c:\users\JP\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 06:18]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1894920989-1679741012-3906484108-1000UA.job
- c:\users\JP\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 06:18]
.
2012-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1894920989-1679741012-3906484108-1001Core.job
- c:\users\Ingrid\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-06 13:51]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1894920989-1679741012-3906484108-1001UA.job
- c:\users\Ingrid\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-06 13:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6337
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\nmwpaavl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com http://www.google.com');user_pref('capability.policy.localfilelinks.checkloaduri.enabled', 'allAccess');
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-NPSStartup - (no file)
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-12 14:23
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1894920989-1679741012-3906484108-1000\Software\SecuROM\License information*]
"datasecu"=hex:b6,60,41,7d,40,53,59,8e,cb,3c,a6,7f,37,3a,37,0f,b7,71,aa,fc,18,
99,04,9b,97,8a,16,52,ef,cc,39,c8,da,87,87,fd,be,e6,22,0f,42,35,b6,45,42,27,\
"rkeysecu"=hex:98,91,ad,f1,49,08,e6,af,16,c9,68,16,5c,ce,19,05
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-10-12 14:26:11
ComboFix-quarantined-files.txt 2012-10-12 21:26
.
Pre-Run: 58,920,386,560 bytes free
Post-Run: 58,843,586,560 bytes free
.
- - End Of File - - 194A43CEFA5D05C3F80E4FD79079B179

-=AdwCleaner=-
# AdwCleaner v2.004 - Logfile created 10/13/2012 at 14:48:29
# Updated 06/10/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : JP - SCARLET
# Boot Mode : Normal
# Running from : C:\Users\JP\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\nmwpaavl.default\searchplugins\daemon-search.xml
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
Folder Deleted : C:\Users\Ingrid\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\JP\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\JP\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\nmwpaavl.default\Conduit
Folder Deleted : C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\nmwpaavl.default\CT2304157
Folder Deleted : C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\nmwpaavl.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}(61)
Folder Deleted : C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\nmwpaavl.default\extensions\avg@toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2304157
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={8D9EB9F0-EB5B-4B22-A63F-DA921B970B57}&mid=914957e1416f55d41dbcf31bef26fcb3-691e265d2c1f8f95d5e8d320102ab1940fd1b6c5&lang=en&ds=AVG&pr=pr&d=2011-10-20 13:49:26&v=8.0.0.34&sap=nt --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\nmwpaavl.default\prefs.js

C:\Users\JP\AppData\Roaming\Mozilla\Firefox\Profiles\nmwpaavl.default\user.js ... Deleted !

Deleted : user_pref("CT2304157.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2304157.CTID", "CT2304157");
Deleted : user_pref("CT2304157.CurrentServerDate", "21-2-2010");
Deleted : user_pref("CT2304157.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2304157.FeedLastCount129078895246717929", 20);
Deleted : user_pref("CT2304157.FeedLastCount129095439763593837", 20);
Deleted : user_pref("CT2304157.FeedPollDate129078895250311712", "Sat Feb 20 2010 22:25:45 GMT-0800 (Pacific St[...]
Deleted : user_pref("CT2304157.FeedPollDate129095439763593837", "Sat Feb 20 2010 22:25:45 GMT-0800 (Pacific St[...]
Deleted : user_pref("CT2304157.FeedTTL129078895250311712", 40);
Deleted : user_pref("CT2304157.FirstServerDate", "29-11-2009");
Deleted : user_pref("CT2304157.FirstTime", true);
Deleted : user_pref("CT2304157.FirstTimeFF3", true);
Deleted : user_pref("CT2304157.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2304157.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2304157.Initialize", true);
Deleted : user_pref("CT2304157.InitializeCommonPrefs", true);
Deleted : user_pref("CT2304157.InstalledDate", "Sun Nov 29 2009 01:22:08 GMT-0800 (Pacific Standard Time)");
Deleted : user_pref("CT2304157.IsGrouping", false);
Deleted : user_pref("CT2304157.IsMulticommunity", false);
Deleted : user_pref("CT2304157.IsOpenThankYouPage", true);
Deleted : user_pref("CT2304157.IsOpenUninstallPage", true);
Deleted : user_pref("CT2304157.LanguagePackLastCheckTime", "Sat Feb 20 2010 22:25:46 GMT-0800 (Pacific Standar[...]
Deleted : user_pref("CT2304157.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2304157.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2304157.LastLogin_2.5.0.12", "Sun Nov 29 2009 01:23:07 GMT-0800 (Pacific Standard Time)[...]
Deleted : user_pref("CT2304157.LastLogin_2.5.6.0", "Sat Feb 20 2010 22:25:45 GMT-0800 (Pacific Standard Time)"[...]
Deleted : user_pref("CT2304157.LatestVersion", "2.1.0.18");
Deleted : user_pref("CT2304157.Locale", "en");
Deleted : user_pref("CT2304157.LoginCache", 4);
Deleted : user_pref("CT2304157.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2304157.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2304157.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2304157.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2304157.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2304157.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2304157.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT230[...]
Deleted : user_pref("CT2304157.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2304157.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2304157.SearchInNewTabLastCheckTime", "Sat Feb 20 2010 22:25:45 GMT-0800 (Pacific Stand[...]
Deleted : user_pref("CT2304157.SearchInNewTabServiceUrl", "hxxp://hosting.conduit-services.com/newtab/?ctid=EB[...]
Deleted : user_pref("CT2304157.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2304157.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2304157.SettingsLastCheckTime", "Sat Feb 20 2010 22:25:45 GMT-0800 (Pacific Standard Ti[...]
Deleted : user_pref("CT2304157.SettingsLastUpdate", "1266025963");
Deleted : user_pref("CT2304157.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2304157.ThirdPartyComponentsLastCheck", "Sat Feb 20 2010 22:25:44 GMT-0800 (Pacific Sta[...]
Deleted : user_pref("CT2304157.ThirdPartyComponentsLastUpdate", "1266025963");
Deleted : user_pref("CT2304157.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2304157.UserID", "UN57876387036065873");
Deleted : user_pref("CT2304157.alertChannelId", "700614");
Deleted : user_pref("CT2304157.clientLogIsEnabled", false);
Deleted : user_pref("CT2304157.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2304157.myStuffEnabled", true);
Deleted : user_pref("CT2304157.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2304157.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=E[...]
Deleted : user_pref("CT2304157.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2304157.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2304157.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2304157");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2304157");
Deleted : user_pref("CommunityToolbar.twitter.user_21817319.LastCheckTime", "Sat Feb 20 2010 22:25:45 GMT-0800[...]

Profile name : default
File : C:\Users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\nvfop4g7.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Users\JP\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Ingrid\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [11621 octets] - [13/10/2012 14:48:29]

########## EOF - C:\AdwCleaner[S1].txt - [11682 octets] ##########


-=aswMBR=-
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-13 15:04:35
-----------------------------
15:04:35.301 OS Version: Windows 6.0.6002 Service Pack 2
15:04:35.301 Number of processors: 2 586 0xF0D
15:04:35.301 ComputerName: SCARLET UserName: JP
15:04:36.549 Initialize success
15:04:41.795 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:04:41.795 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
15:04:41.810 Disk 0 MBR read successfully
15:04:41.810 Disk 0 MBR scan
15:04:41.810 Disk 0 Windows VISTA default MBR code
15:04:41.826 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 12166 MB offset 63
15:04:41.842 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 226306 MB offset 24916815
15:04:41.857 Disk 0 scanning sectors +488392065
15:04:41.935 Disk 0 scanning C:\Windows\system32\drivers
15:04:48.955 Service scanning
15:05:00.234 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
15:05:04.400 Modules scanning
15:06:06.850 Disk 0 MBR has been saved successfully to "C:\Users\JP\Desktop\MBR.dat"
15:06:06.850 The log file has been saved successfully to "C:\Users\JP\Desktop\aswMBR.txt"


-=RogueKiller=-
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : JP [Admin rights]
Mode : Remove -- Date : 10/13/2012 15:11:36

¤¤¤ Bad processes : 1 ¤¤¤
[RESIDUE][DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[STARTUP][BLACKLIST DLL] Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk @JP : C:\Windows\system32\RunDll32.exe|"C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN262BK0Y905KD;CONNECTION=NW;MONITOR=1; -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[SHELL][BLPATH] [ON_D:]HKLM\Software[...]\Winlogon : Shell (cmd.exe /k start cmd.exe) -> REPLACED (Explorer.exe)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
IRP[IRP_MJ_CREATE] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x859151F8)
IRP[IRP_MJ_CLOSE] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x859151F8)
IRP[IRP_MJ_DEVICE_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x859151F8)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x859151F8)
IRP[IRP_MJ_POWER] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x859151F8)
IRP[IRP_MJ_SYSTEM_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x859151F8)
IRP[IRP_MJ_PNP] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x859151F8)

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVS-22UST0 +++++
--- User ---
[MBR] 5f53289801fc4f319c841cc4754c5788
[BSP] e5e52a639e8be138c6e4edb761b0db3a : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 12166 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24916815 | Size: 226306 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0

#4
Aaron
Posted 14 October 2012 - 01:50 PM

Aaron

    Expert

  • Expert
  • 3,155 posts
I find the driver AVG is reporting suspicious. Other than that it look OK.

Let's run another tool to be sure:
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

And this one too:
Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

- Maser00
  • 0

#5
Ghadhean
Posted 14 October 2012 - 06:51 PM

Ghadhean

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
17:24:00.0109 5316 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:24:02.0112 5316 ============================================================
17:24:02.0112 5316 Current date / time: 2012/10/14 17:24:02.0112
17:24:02.0112 5316 SystemInfo:
17:24:02.0112 5316
17:24:02.0112 5316 OS Version: 6.0.6002 ServicePack: 2.0
17:24:02.0112 5316 Product type: Workstation
17:24:02.0112 5316 ComputerName: SCARLET
17:24:02.0113 5316 UserName: JP
17:24:02.0113 5316 Windows directory: C:\Windows
17:24:02.0113 5316 System windows directory: C:\Windows
17:24:02.0113 5316 Processor architecture: Intel x86
17:24:02.0113 5316 Number of processors: 2
17:24:02.0113 5316 Page size: 0x1000
17:24:02.0113 5316 Boot type: Normal boot
17:24:02.0113 5316 ============================================================
17:24:02.0654 5316 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:24:02.0657 5316 ============================================================
17:24:02.0657 5316 \Device\Harddisk0\DR0:
17:24:02.0657 5316 MBR partitions:
17:24:02.0657 5316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17C3310
17:24:02.0657 5316 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17C334F, BlocksNum 0x1BA01232
17:24:02.0657 5316 ============================================================
17:24:02.0684 5316 C: <-> \Device\Harddisk0\DR0\Partition2
17:24:02.0707 5316 D: <-> \Device\Harddisk0\DR0\Partition1
17:24:02.0707 5316 ============================================================
17:24:02.0707 5316 Initialize success
17:24:02.0707 5316 ============================================================
17:24:08.0695 4308 ============================================================
17:24:08.0696 4308 Scan started
17:24:08.0696 4308 Mode: Manual;
17:24:08.0696 4308 ============================================================
17:24:09.0135 4308 ================ Scan system memory ========================
17:24:09.0135 4308 System memory - ok
17:24:09.0140 4308 ================ Scan services =============================
17:24:09.0375 4308 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
17:24:09.0381 4308 ACPI - ok
17:24:09.0493 4308 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:24:09.0514 4308 AdobeARMservice - ok
17:24:09.0590 4308 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:24:09.0599 4308 adp94xx - ok
17:24:09.0627 4308 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:24:09.0634 4308 adpahci - ok
17:24:09.0661 4308 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
17:24:09.0664 4308 adpu160m - ok
17:24:09.0685 4308 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:24:09.0689 4308 adpu320 - ok
17:24:09.0742 4308 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:24:09.0743 4308 AeLookupSvc - ok
17:24:09.0795 4308 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
17:24:09.0801 4308 AFD - ok
17:24:09.0839 4308 [ 8ED60797908FD394EEE0D6949F493224 ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
17:24:09.0841 4308 AgereModemAudio - ok
17:24:09.0907 4308 [ 38325C6AA8EAE011897D61CE48EC6435 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
17:24:09.0941 4308 AgereSoftModem - ok
17:24:09.0979 4308 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:24:09.0981 4308 agp440 - ok
17:24:10.0008 4308 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
17:24:10.0011 4308 aic78xx - ok
17:24:10.0029 4308 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
17:24:10.0030 4308 ALG - ok
17:24:10.0052 4308 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
17:24:10.0054 4308 aliide - ok
17:24:10.0069 4308 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:24:10.0072 4308 amdagp - ok
17:24:10.0087 4308 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
17:24:10.0089 4308 amdide - ok
17:24:10.0108 4308 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
17:24:10.0110 4308 AmdK7 - ok
17:24:10.0129 4308 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:24:10.0131 4308 AmdK8 - ok
17:24:10.0170 4308 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
17:24:10.0171 4308 Appinfo - ok
17:24:10.0268 4308 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:24:10.0270 4308 Apple Mobile Device - ok
17:24:10.0333 4308 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
17:24:10.0338 4308 arc - ok
17:24:10.0381 4308 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:24:10.0386 4308 arcsas - ok
17:24:10.0411 4308 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:24:10.0419 4308 AsyncMac - ok
17:24:10.0463 4308 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
17:24:10.0474 4308 atapi - ok
17:24:10.0530 4308 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:24:10.0606 4308 AudioEndpointBuilder - ok
17:24:10.0637 4308 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:24:10.0641 4308 Audiosrv - ok
17:24:10.0708 4308 [ C46BA2C177DF0B84F9C0BFC1E4574DC7 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6x.sys
17:24:10.0710 4308 Avgfwfd - ok
17:24:10.0840 4308 [ BD5D11CEDBCDE4FA97D2387E7069B1FF ] avgfws C:\Program Files\AVG\AVG2012\avgfws.exe
17:24:10.0859 4308 avgfws - ok
17:24:11.0050 4308 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
17:24:11.0205 4308 AVGIDSAgent - ok
17:24:11.0264 4308 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
17:24:11.0268 4308 AVGIDSDriver - ok
17:24:11.0304 4308 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfilterx.sys
17:24:11.0305 4308 AVGIDSFilter - ok
17:24:11.0341 4308 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
17:24:11.0343 4308 AVGIDSHX - ok
17:24:11.0408 4308 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
17:24:11.0410 4308 AVGIDSShim - ok
17:24:11.0462 4308 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
17:24:11.0468 4308 Avgldx86 - ok
17:24:11.0505 4308 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
17:24:11.0507 4308 Avgmfx86 - ok
17:24:11.0533 4308 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
17:24:11.0535 4308 Avgrkx86 - ok
17:24:11.0571 4308 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
17:24:11.0594 4308 Avgtdix - ok
17:24:11.0643 4308 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
17:24:11.0646 4308 avgwd - ok
17:24:11.0737 4308 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
17:24:11.0739 4308 Beep - ok
17:24:11.0779 4308 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
17:24:11.0788 4308 BFE - ok
17:24:11.0894 4308 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
17:24:11.0903 4308 BITS - ok
17:24:11.0949 4308 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
17:24:11.0952 4308 blbdrive - ok
17:24:12.0033 4308 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:24:12.0037 4308 Bonjour Service - ok
17:24:12.0070 4308 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:24:12.0073 4308 bowser - ok
17:24:12.0103 4308 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
17:24:12.0105 4308 BrFiltLo - ok
17:24:12.0127 4308 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
17:24:12.0129 4308 BrFiltUp - ok
17:24:12.0160 4308 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
17:24:12.0162 4308 Browser - ok
17:24:12.0175 4308 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
17:24:12.0178 4308 Brserid - ok
17:24:12.0201 4308 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
17:24:12.0204 4308 BrSerWdm - ok
17:24:12.0225 4308 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
17:24:12.0227 4308 BrUsbMdm - ok
17:24:12.0235 4308 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
17:24:12.0238 4308 BrUsbSer - ok
17:24:12.0272 4308 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:24:12.0274 4308 BTHMODEM - ok
17:24:12.0370 4308 catchme - ok
17:24:12.0398 4308 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:24:12.0402 4308 cdfs - ok
17:24:12.0453 4308 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:24:12.0463 4308 cdrom - ok
17:24:12.0511 4308 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
17:24:12.0513 4308 CertPropSvc - ok
17:24:12.0571 4308 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
17:24:12.0574 4308 circlass - ok
17:24:12.0621 4308 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
17:24:12.0628 4308 CLFS - ok
17:24:12.0702 4308 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:24:12.0706 4308 clr_optimization_v2.0.50727_32 - ok
17:24:12.0813 4308 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:24:12.0828 4308 clr_optimization_v4.0.30319_32 - ok
17:24:12.0917 4308 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:24:12.0918 4308 CmBatt - ok
17:24:12.0937 4308 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:24:12.0939 4308 cmdide - ok
17:24:12.0948 4308 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:24:12.0950 4308 Compbatt - ok
17:24:12.0959 4308 COMSysApp - ok
17:24:13.0028 4308 [ 6BADA94085B6709694F8327C211D12E1 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x32.sys
17:24:13.0030 4308 cpuz135 - ok
17:24:13.0038 4308 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:24:13.0040 4308 crcdisk - ok
17:24:13.0111 4308 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
17:24:13.0113 4308 Crusoe - ok
17:24:13.0171 4308 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:24:13.0174 4308 CryptSvc - ok
17:24:13.0222 4308 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:24:13.0230 4308 DcomLaunch - ok
17:24:13.0307 4308 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:24:13.0309 4308 DfsC - ok
17:24:13.0426 4308 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
17:24:13.0504 4308 DFSR - ok
17:24:13.0578 4308 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
17:24:13.0584 4308 Dhcp - ok
17:24:13.0624 4308 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
17:24:13.0626 4308 disk - ok
17:24:13.0663 4308 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:24:13.0667 4308 Dnscache - ok
17:24:13.0709 4308 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:24:13.0714 4308 dot3svc - ok
17:24:13.0754 4308 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
17:24:13.0783 4308 Dot4 - ok
17:24:13.0824 4308 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:24:13.0825 4308 Dot4Print - ok
17:24:13.0845 4308 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
17:24:13.0847 4308 dot4usb - ok
17:24:13.0883 4308 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
17:24:13.0886 4308 DPS - ok
17:24:13.0925 4308 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:24:13.0927 4308 drmkaud - ok
17:24:13.0979 4308 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:24:14.0003 4308 DXGKrnl - ok
17:24:14.0067 4308 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
17:24:14.0071 4308 E1G60 - ok
17:24:14.0102 4308 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
17:24:14.0105 4308 EapHost - ok
17:24:14.0172 4308 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
17:24:14.0176 4308 Ecache - ok
17:24:14.0213 4308 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:24:14.0219 4308 ehRecvr - ok
17:24:14.0235 4308 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
17:24:14.0237 4308 ehSched - ok
17:24:14.0248 4308 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
17:24:14.0249 4308 ehstart - ok
17:24:14.0293 4308 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:24:14.0302 4308 elxstor - ok
17:24:14.0372 4308 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
17:24:14.0392 4308 EMDMgmt - ok
17:24:14.0418 4308 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:24:14.0420 4308 ErrDev - ok
17:24:14.0494 4308 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
17:24:14.0501 4308 EventSystem - ok
17:24:14.0564 4308 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
17:24:14.0569 4308 exfat - ok
17:24:14.0613 4308 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:24:14.0618 4308 fastfat - ok
17:24:14.0673 4308 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:24:14.0676 4308 fdc - ok
17:24:14.0705 4308 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
17:24:14.0707 4308 fdPHost - ok
17:24:14.0719 4308 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
17:24:14.0722 4308 FDResPub - ok
17:24:14.0745 4308 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:24:14.0747 4308 FileInfo - ok
17:24:14.0761 4308 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:24:14.0763 4308 Filetrace - ok
17:24:14.0833 4308 [ 27B9B2965221E95F23F33206F95C9447 ] FlipShare Service C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
17:24:14.0843 4308 FlipShare Service - ok
17:24:14.0889 4308 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:24:14.0891 4308 flpydisk - ok
17:24:14.0929 4308 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:24:14.0934 4308 FltMgr - ok
17:24:14.0996 4308 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
17:24:15.0030 4308 FontCache - ok
17:24:15.0128 4308 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:24:15.0131 4308 FontCache3.0.0.0 - ok
17:24:15.0196 4308 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS
17:24:15.0221 4308 FsUsbExDisk - ok
17:24:15.0279 4308 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:24:15.0281 4308 Fs_Rec - ok
17:24:15.0315 4308 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:24:15.0318 4308 gagp30kx - ok
17:24:15.0418 4308 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
17:24:15.0422 4308 GameConsoleService - ok
17:24:15.0478 4308 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
17:24:15.0480 4308 GEARAspiWDM - ok
17:24:15.0556 4308 [ F0187E45268E86AAAA932CBD9087BEA8 ] GoogleDesktopManager-110309-193829 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
17:24:15.0559 4308 GoogleDesktopManager-110309-193829 - ok
17:24:15.0609 4308 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
17:24:15.0632 4308 gpsvc - ok
17:24:15.0689 4308 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:24:15.0690 4308 gupdate - ok
17:24:15.0698 4308 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:24:15.0700 4308 gupdatem - ok
17:24:15.0753 4308 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:24:15.0757 4308 gusvc - ok
17:24:15.0799 4308 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:24:15.0806 4308 HdAudAddService - ok
17:24:15.0851 4308 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:24:15.0872 4308 HDAudBus - ok
17:24:15.0920 4308 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:24:15.0922 4308 HidBth - ok
17:24:15.0942 4308 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
17:24:15.0943 4308 HidIr - ok
17:24:15.0978 4308 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
17:24:15.0981 4308 hidserv - ok
17:24:16.0008 4308 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:24:16.0010 4308 HidUsb - ok
17:24:16.0034 4308 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:24:16.0038 4308 hkmsvc - ok
17:24:16.0050 4308 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
17:24:16.0053 4308 HpCISSs - ok
17:24:16.0154 4308 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
17:24:16.0159 4308 hpqcxs08 - ok
17:24:16.0200 4308 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
17:24:16.0202 4308 hpqddsvc - ok
17:24:16.0259 4308 [ 568E44F6DCFA173F3670172B69379891 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
17:24:16.0285 4308 HPSLPSVC - ok
17:24:16.0334 4308 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:24:16.0343 4308 HTTP - ok
17:24:16.0371 4308 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
17:24:16.0373 4308 i2omp - ok
17:24:16.0414 4308 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:24:16.0443 4308 i8042prt - ok
17:24:16.0537 4308 [ 204A73A56751C68C6031E9D5D611EC98 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
17:24:16.0546 4308 IAANTMON - ok
17:24:16.0659 4308 [ 8318E04A6455CED1020BCC5039B62CFA ] ialm C:\Windows\system32\DRIVERS\ialmnt5.sys
17:24:16.0702 4308 ialm - ok
17:24:16.0776 4308 [ 2358C53F30CB9DCD1D3843C4E2F299B2 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:24:16.0779 4308 iaStor - ok
17:24:16.0800 4308 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
17:24:16.0806 4308 iaStorV - ok
17:24:16.0874 4308 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:24:16.0907 4308 idsvc - ok
17:24:17.0070 4308 [ A9221D13D8F1F772010EE293BA9BAEB7 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
17:24:17.0192 4308 igfx - ok
17:24:17.0219 4308 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:24:17.0221 4308 iirsp - ok
17:24:17.0260 4308 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
17:24:17.0270 4308 IKEEXT - ok
17:24:17.0298 4308 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
17:24:17.0300 4308 intelide - ok
17:24:17.0317 4308 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:24:17.0319 4308 intelppm - ok
17:24:17.0377 4308 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
17:24:17.0378 4308 IntuitUpdateService - ok
17:24:17.0447 4308 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
17:24:17.0449 4308 IntuitUpdateServiceV4 - ok
17:24:17.0480 4308 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:24:17.0485 4308 IPBusEnum - ok
17:24:17.0500 4308 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:24:17.0505 4308 IpFilterDriver - ok
17:24:17.0548 4308 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:24:17.0556 4308 iphlpsvc - ok
17:24:17.0563 4308 IpInIp - ok
17:24:17.0618 4308 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
17:24:17.0626 4308 IPMIDRV - ok
17:24:17.0644 4308 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
17:24:17.0652 4308 IPNAT - ok
17:24:17.0706 4308 [ 178FE38B7740F598391EB2F51AE4CCAC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:24:17.0741 4308 iPod Service - ok
17:24:17.0755 4308 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:24:17.0758 4308 IRENUM - ok
17:24:17.0776 4308 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:24:17.0779 4308 isapnp - ok
17:24:17.0819 4308 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:24:17.0824 4308 iScsiPrt - ok
17:24:17.0846 4308 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
17:24:17.0848 4308 iteatapi - ok
17:24:17.0867 4308 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
17:24:17.0870 4308 iteraid - ok
17:24:17.0893 4308 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:24:17.0895 4308 kbdclass - ok
17:24:17.0906 4308 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:24:17.0909 4308 kbdhid - ok
17:24:17.0946 4308 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
17:24:17.0950 4308 KeyIso - ok
17:24:18.0002 4308 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:24:18.0012 4308 KSecDD - ok
17:24:18.0109 4308 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
17:24:18.0117 4308 KtmRm - ok
17:24:18.0166 4308 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
17:24:18.0172 4308 LanmanServer - ok
17:24:18.0217 4308 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:24:18.0224 4308 LanmanWorkstation - ok
17:24:18.0243 4308 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:24:18.0246 4308 lltdio - ok
17:24:18.0287 4308 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:24:18.0294 4308 lltdsvc - ok
17:24:18.0324 4308 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:24:18.0328 4308 lmhosts - ok
17:24:18.0355 4308 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:24:18.0359 4308 LSI_FC - ok
17:24:18.0372 4308 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:24:18.0376 4308 LSI_SAS - ok
17:24:18.0416 4308 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:24:18.0419 4308 LSI_SCSI - ok
17:24:18.0441 4308 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
17:24:18.0447 4308 luafv - ok
17:24:18.0478 4308 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:24:18.0482 4308 Mcx2Svc - ok
17:24:18.0519 4308 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
17:24:18.0521 4308 megasas - ok
17:24:18.0549 4308 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
17:24:18.0559 4308 MegaSR - ok
17:24:18.0618 4308 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
17:24:18.0622 4308 MMCSS - ok
17:24:18.0686 4308 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
17:24:18.0689 4308 Modem - ok
17:24:18.0709 4308 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:24:18.0711 4308 monitor - ok
17:24:18.0725 4308 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:24:18.0726 4308 mouclass - ok
17:24:18.0743 4308 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:24:18.0745 4308 mouhid - ok
17:24:18.0754 4308 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
17:24:18.0757 4308 MountMgr - ok
17:24:18.0822 4308 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:24:18.0826 4308 MozillaMaintenance - ok
17:24:18.0867 4308 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
17:24:18.0870 4308 mpio - ok
17:24:18.0887 4308 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:24:18.0890 4308 mpsdrv - ok
17:24:18.0940 4308 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
17:24:18.0951 4308 MpsSvc - ok
17:24:18.0996 4308 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
17:24:18.0998 4308 Mraid35x - ok
17:24:19.0047 4308 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:24:19.0051 4308 MRxDAV - ok
17:24:19.0084 4308 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:24:19.0087 4308 mrxsmb - ok
17:24:19.0120 4308 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:24:19.0126 4308 mrxsmb10 - ok
17:24:19.0138 4308 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:24:19.0141 4308 mrxsmb20 - ok
17:24:19.0168 4308 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
17:24:19.0171 4308 msahci - ok
17:24:19.0195 4308 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:24:19.0199 4308 msdsm - ok
17:24:19.0224 4308 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
17:24:19.0229 4308 MSDTC - ok
17:24:19.0259 4308 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:24:19.0263 4308 Msfs - ok
17:24:19.0281 4308 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:24:19.0282 4308 msisadrv - ok
17:24:19.0313 4308 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:24:19.0317 4308 MSiSCSI - ok
17:24:19.0331 4308 msiserver - ok
17:24:19.0352 4308 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:24:19.0354 4308 MSKSSRV - ok
17:24:19.0370 4308 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:24:19.0372 4308 MSPCLOCK - ok
17:24:19.0393 4308 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:24:19.0395 4308 MSPQM - ok
17:24:19.0435 4308 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:24:19.0439 4308 MsRPC - ok
17:24:19.0460 4308 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:24:19.0462 4308 mssmbios - ok
17:24:19.0477 4308 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:24:19.0479 4308 MSTEE - ok
17:24:19.0507 4308 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
17:24:19.0509 4308 Mup - ok
17:24:19.0553 4308 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
17:24:19.0562 4308 napagent - ok
17:24:19.0616 4308 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:24:19.0621 4308 NativeWifiP - ok
17:24:19.0684 4308 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:24:19.0695 4308 NDIS - ok
17:24:19.0703 4308 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:24:19.0705 4308 NdisTapi - ok
17:24:19.0724 4308 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:24:19.0726 4308 Ndisuio - ok
17:24:19.0763 4308 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:24:19.0768 4308 NdisWan - ok
17:24:19.0788 4308 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:24:19.0791 4308 NDProxy - ok
17:24:19.0838 4308 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:24:19.0854 4308 Net Driver HPZ12 - ok
17:24:19.0870 4308 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:24:19.0872 4308 NetBIOS - ok
17:24:19.0936 4308 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
17:24:19.0941 4308 netbt - ok
17:24:19.0960 4308 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
17:24:19.0963 4308 Netlogon - ok
17:24:19.0998 4308 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
17:24:20.0007 4308 Netman - ok
17:24:20.0037 4308 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
17:24:20.0044 4308 netprofm - ok
17:24:20.0090 4308 [ E9F451618E9C56865FBD94F7A72CD9B2 ] netr28 C:\Windows\system32\DRIVERS\netr28.sys
17:24:20.0111 4308 netr28 - ok
17:24:20.0141 4308 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:24:20.0145 4308 NetTcpPortSharing - ok
17:24:20.0266 4308 [ 6E9EDC1020B319E7676387B8CDF2398C ] NETw2v32 C:\Windows\system32\DRIVERS\NETw2v32.sys
17:24:20.0342 4308 NETw2v32 - ok
17:24:20.0365 4308 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:24:20.0368 4308 nfrd960 - ok
17:24:20.0386 4308 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:24:20.0392 4308 NlaSvc - ok
17:24:20.0427 4308 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:24:20.0429 4308 Npfs - ok
17:24:20.0443 4308 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
17:24:20.0446 4308 nsi - ok
17:24:20.0462 4308 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:24:20.0463 4308 nsiproxy - ok
17:24:20.0531 4308 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:24:20.0565 4308 Ntfs - ok
17:24:20.0613 4308 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
17:24:20.0615 4308 ntrigdigi - ok
17:24:20.0626 4308 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
17:24:20.0628 4308 Null - ok
17:24:20.0650 4308 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:24:20.0654 4308 nvraid - ok
17:24:20.0674 4308 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:24:20.0677 4308 nvstor - ok
17:24:20.0697 4308 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:24:20.0700 4308 nv_agp - ok
17:24:20.0708 4308 NwlnkFlt - ok
17:24:20.0716 4308 NwlnkFwd - ok
17:24:20.0831 4308 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:24:20.0854 4308 odserv - ok
17:24:20.0887 4308 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:24:20.0889 4308 ohci1394 - ok
17:24:20.0934 4308 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:24:20.0939 4308 ose - ok
17:24:21.0005 4308 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
17:24:21.0037 4308 p2pimsvc - ok
17:24:21.0056 4308 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
17:24:21.0064 4308 p2psvc - ok
17:24:21.0083 4308 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
17:24:21.0086 4308 Parport - ok
17:24:21.0124 4308 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:24:21.0127 4308 partmgr - ok
17:24:21.0141 4308 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
17:24:21.0143 4308 Parvdm - ok
17:24:21.0179 4308 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
17:24:21.0183 4308 PcaSvc - ok
17:24:21.0215 4308 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
17:24:21.0218 4308 pci - ok
17:24:21.0239 4308 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
17:24:21.0241 4308 pciide - ok
17:24:21.0294 4308 [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:24:21.0299 4308 pcmcia - ok
17:24:21.0358 4308 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:24:21.0391 4308 PEAUTH - ok
17:24:21.0469 4308 [ BABC6AB89EB4E2027EA469723D71DE92 ] PenCommService C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
17:24:21.0560 4308 PenCommService - ok
17:24:21.0654 4308 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
17:24:21.0707 4308 pla - ok
17:24:21.0744 4308 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:24:21.0751 4308 PlugPlay - ok
17:24:21.0783 4308 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:24:21.0804 4308 Pml Driver HPZ12 - ok
17:24:21.0839 4308 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
17:24:21.0847 4308 PNRPAutoReg - ok
17:24:21.0873 4308 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
17:24:21.0880 4308 PNRPsvc - ok
17:24:21.0930 4308 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:24:21.0940 4308 PolicyAgent - ok
17:24:21.0974 4308 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:24:21.0976 4308 PptpMiniport - ok
17:24:21.0991 4308 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
17:24:21.0994 4308 Processor - ok
17:24:22.0035 4308 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
17:24:22.0041 4308 ProfSvc - ok
17:24:22.0063 4308 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
17:24:22.0066 4308 ProtectedStorage - ok
17:24:22.0104 4308 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
17:24:22.0106 4308 PSched - ok
17:24:22.0156 4308 [ 82749A87E49FDC46E6D1B9627507DD75 ] PulseUsb C:\Windows\system32\DRIVERS\PulseUsb.sys
17:24:22.0176 4308 PulseUsb - ok
17:24:22.0222 4308 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
17:24:22.0225 4308 PxHelp20 - ok
17:24:22.0277 4308 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:24:22.0309 4308 ql2300 - ok
17:24:22.0327 4308 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:24:22.0330 4308 ql40xx - ok
17:24:22.0366 4308 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
17:24:22.0374 4308 QWAVE - ok
17:24:22.0393 4308 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:24:22.0394 4308 QWAVEdrv - ok
17:24:22.0411 4308 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:24:22.0413 4308 RasAcd - ok
17:24:22.0436 4308 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
17:24:22.0441 4308 RasAuto - ok
17:24:22.0458 4308 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:24:22.0461 4308 Rasl2tp - ok
17:24:22.0496 4308 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
17:24:22.0505 4308 RasMan - ok
17:24:22.0554 4308 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:24:22.0556 4308 RasPppoe - ok
17:24:22.0586 4308 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:24:22.0589 4308 RasSstp - ok
17:24:22.0646 4308 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:24:22.0652 4308 rdbss - ok
17:24:22.0664 4308 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:24:22.0666 4308 RDPCDD - ok
17:24:22.0704 4308 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
17:24:22.0710 4308 rdpdr - ok
17:24:22.0718 4308 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:24:22.0720 4308 RDPENCDD - ok
17:24:22.0769 4308 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:24:22.0774 4308 RDPWD - ok
17:24:22.0812 4308 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:24:22.0816 4308 RemoteAccess - ok
17:24:22.0845 4308 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:24:22.0850 4308 RemoteRegistry - ok
17:24:22.0882 4308 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
17:24:22.0885 4308 RpcLocator - ok
17:24:22.0913 4308 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
17:24:22.0921 4308 RpcSs - ok
17:24:22.0938 4308 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:24:22.0940 4308 rspndr - ok
17:24:22.0999 4308 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
17:24:23.0021 4308 RTL8169 - ok
17:24:23.0053 4308 [ 4F31CFDEBD0A5BC27D45E7EBFEFAAF6F ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
17:24:23.0056 4308 RTSTOR - ok
17:24:23.0076 4308 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
17:24:23.0079 4308 SamSs - ok
17:24:23.0099 4308 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:24:23.0102 4308 sbp2port - ok
17:24:23.0135 4308 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:24:23.0140 4308 SCardSvr - ok
17:24:23.0189 4308 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
17:24:23.0210 4308 Schedule - ok
17:24:23.0226 4308 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:24:23.0227 4308 SCPolicySvc - ok
17:24:23.0260 4308 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
17:24:23.0264 4308 sdbus - ok
17:24:23.0304 4308 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:24:23.0309 4308 SDRSVC - ok
17:24:23.0328 4308 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:24:23.0331 4308 secdrv - ok
17:24:23.0349 4308 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
17:24:23.0353 4308 seclogon - ok
17:24:23.0368 4308 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
17:24:23.0372 4308 SENS - ok
17:24:23.0405 4308 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
17:24:23.0407 4308 Serenum - ok
17:24:23.0437 4308 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
17:24:23.0440 4308 Serial - ok
17:24:23.0452 4308 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:24:23.0454 4308 sermouse - ok
17:24:23.0485 4308 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
17:24:23.0489 4308 SessionEnv - ok
17:24:23.0510 4308 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:24:23.0512 4308 sffdisk - ok
17:24:23.0527 4308 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:24:23.0528 4308 sffp_mmc - ok
17:24:23.0580 4308 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:24:23.0582 4308 sffp_sd - ok
17:24:23.0595 4308 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:24:23.0597 4308 sfloppy - ok
17:24:23.0642 4308 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:24:23.0652 4308 SharedAccess - ok
17:24:23.0701 4308 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:24:23.0709 4308 ShellHWDetection - ok
17:24:23.0737 4308 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
17:24:23.0739 4308 sisagp - ok
17:24:23.0765 4308 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
17:24:23.0768 4308 SiSRaid2 - ok
17:24:23.0793 4308 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:24:23.0796 4308 SiSRaid4 - ok
17:24:23.0850 4308 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
17:24:23.0855 4308 SkypeUpdate - ok
17:24:23.0982 4308 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
17:24:24.0083 4308 slsvc - ok
17:24:24.0124 4308 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
17:24:24.0128 4308 SLUINotify - ok
17:24:24.0161 4308 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:24:24.0164 4308 Smb - ok
17:24:24.0213 4308 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:24:24.0217 4308 SNMPTRAP - ok
17:24:24.0235 4308 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
17:24:24.0237 4308 spldr - ok
17:24:24.0267 4308 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
17:24:24.0272 4308 Spooler - ok
17:24:24.0346 4308 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\system32\Drivers\sptd.sys
17:24:24.0388 4308 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
17:24:24.0392 4308 sptd ( LockedFile.Multi.Generic ) - warning
17:24:24.0393 4308 sptd - detected LockedFile.Multi.Generic (1)
17:24:24.0429 4308 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:24:24.0436 4308 srv - ok
17:24:24.0464 4308 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:24:24.0469 4308 srv2 - ok
17:24:24.0498 4308 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:24:24.0502 4308 srvnet - ok
17:24:24.0543 4308 [ FFE42941E0326C322F40B0B79A46493C ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
17:24:24.0557 4308 sscdbus - ok
17:24:24.0587 4308 [ A68E7D87ADFBB8C50D88CD58230C6819 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
17:24:24.0589 4308 sscdmdfl - ok
17:24:24.0631 4308 [ B534B24151281856EC2F69ED3D6D60DD ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
17:24:24.0635 4308 sscdmdm - ok
17:24:24.0673 4308 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:24:24.0679 4308 SSDPSRV - ok
17:24:24.0700 4308 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:24:24.0705 4308 SstpSvc - ok
17:24:24.0741 4308 [ 5AF135B2E2097D4494B9067CE84E2665 ] STHDA C:\Windows\system32\drivers\stwrt.sys
17:24:24.0750 4308 STHDA - ok
17:24:24.0778 4308 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
17:24:24.0788 4308 StillCam - ok
17:24:24.0845 4308 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
17:24:24.0878 4308 stisvc - ok
17:24:24.0921 4308 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:24:24.0922 4308 swenum - ok
17:24:24.0982 4308 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
17:24:25.0003 4308 swprv - ok
17:24:25.0031 4308 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
17:24:25.0034 4308 Symc8xx - ok
17:24:25.0064 4308 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
17:24:25.0066 4308 Sym_hi - ok
17:24:25.0095 4308 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
17:24:25.0097 4308 Sym_u3 - ok
17:24:25.0135 4308 [ 21470BF105B96DED47E99E1EE7495E8F ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:24:25.0139 4308 SynTP - ok
17:24:25.0183 4308 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
17:24:25.0204 4308 SysMain - ok
17:24:25.0239 4308 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:24:25.0244 4308 TabletInputService - ok
17:24:25.0287 4308 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:24:25.0295 4308 TapiSrv - ok
17:24:25.0316 4308 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
17:24:25.0320 4308 TBS - ok
17:24:25.0379 4308 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:24:25.0413 4308 Tcpip - ok
17:24:25.0451 4308 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
17:24:25.0459 4308 Tcpip6 - ok
17:24:25.0496 4308 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:24:25.0498 4308 tcpipreg - ok
17:24:25.0540 4308 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:24:25.0542 4308 TDPIPE - ok
17:24:25.0568 4308 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:24:25.0570 4308 TDTCP - ok
17:24:25.0611 4308 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:24:25.0614 4308 tdx - ok
17:24:25.0624 4308 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:24:25.0627 4308 TermDD - ok
17:24:25.0703 4308 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
17:24:25.0724 4308 TermService - ok
17:24:25.0748 4308 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
17:24:25.0753 4308 Themes - ok
17:24:25.0773 4308 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
17:24:25.0776 4308 THREADORDER - ok
17:24:25.0810 4308 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
17:24:25.0815 4308 TrkWks - ok
17:24:25.0870 4308 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:24:25.0872 4308 TrustedInstaller - ok
17:24:25.0921 4308 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:24:25.0923 4308 tssecsrv - ok
17:24:25.0956 4308 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
17:24:25.0958 4308 tunmp - ok
17:24:25.0990 4308 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:24:25.0992 4308 tunnel - ok
17:24:26.0027 4308 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:24:26.0029 4308 uagp35 - ok
17:24:26.0083 4308 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:24:26.0089 4308 udfs - ok
17:24:26.0118 4308 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:24:26.0122 4308 UI0Detect - ok
17:24:26.0157 4308 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:24:26.0160 4308 uliagpkx - ok
17:24:26.0185 4308 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
17:24:26.0191 4308 uliahci - ok
17:24:26.0220 4308 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
17:24:26.0224 4308 UlSata - ok
17:24:26.0255 4308 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
17:24:26.0258 4308 ulsata2 - ok
17:24:26.0289 4308 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:24:26.0291 4308 umbus - ok
17:24:26.0319 4308 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
17:24:26.0328 4308 upnphost - ok
17:24:26.0357 4308 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:24:26.0359 4308 usbccgp - ok
17:24:26.0392 4308 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:24:26.0395 4308 usbcir - ok
17:24:26.0450 4308 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:24:26.0452 4308 usbehci - ok
17:24:26.0471 4308 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:24:26.0476 4308 usbhub - ok
17:24:26.0487 4308 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:24:26.0489 4308 usbohci - ok
17:24:26.0519 4308 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:24:26.0521 4308 usbprint - ok
17:24:26.0560 4308 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:24:26.0562 4308 usbscan - ok
17:24:26.0611 4308 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:24:26.0614 4308 USBSTOR - ok
17:24:26.0657 4308 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:24:26.0659 4308 usbuhci - ok
17:24:26.0683 4308 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:24:26.0687 4308 usbvideo - ok
17:24:26.0717 4308 [ 7B8424BBAAFBC127C8F55AD6007D6D6B ] UVCFTR C:\Windows\system32\Drivers\UVCFTR_S.SYS
17:24:26.0719 4308 UVCFTR - ok
17:24:26.0746 4308 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
17:24:26.0750 4308 UxSms - ok
17:24:26.0795 4308 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
17:24:26.0803 4308 vds - ok
17:24:26.0849 4308 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:24:26.0851 4308 vga - ok
17:24:26.0895 4308 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
17:24:26.0897 4308 VgaSave - ok
17:24:26.0920 4308 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:24:26.0922 4308 viaagp - ok
17:24:26.0953 4308 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
17:24:26.0955 4308 ViaC7 - ok
17:24:26.0985 4308 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
17:24:26.0987 4308 viaide - ok
17:24:26.0996 4308 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:24:26.0998 4308 volmgr - ok
17:24:27.0036 4308 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:24:27.0043 4308 volmgrx - ok
17:24:27.0075 4308 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:24:27.0081 4308 volsnap - ok
17:24:27.0105 4308 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:24:27.0109 4308 vsmraid - ok
17:24:27.0171 4308 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
17:24:27.0216 4308 VSS - ok
17:24:27.0222 4308 vToolbarUpdater - ok
17:24:27.0272 4308 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
17:24:27.0282 4308 W32Time - ok
17:24:27.0310 4308 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:24:27.0312 4308 WacomPen - ok
17:24:27.0348 4308 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
17:24:27.0350 4308 Wanarp - ok
17:24:27.0361 4308 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:24:27.0363 4308 Wanarpv6 - ok
17:24:27.0394 4308 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:24:27.0407 4308 wcncsvc - ok
17:24:27.0441 4308 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:24:27.0445 4308 WcsPlugInService - ok
17:24:27.0458 4308 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
17:24:27.0461 4308 Wd - ok
17:24:27.0503 4308 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:24:27.0514 4308 Wdf01000 - ok
17:24:27.0531 4308 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:24:27.0536 4308 WdiServiceHost - ok
17:24:27.0541 4308 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:24:27.0546 4308 WdiSystemHost - ok
17:24:27.0604 4308 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
17:24:27.0611 4308 WebClient - ok
17:24:27.0655 4308 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:24:27.0662 4308 Wecsvc - ok
17:24:27.0677 4308 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:24:27.0682 4308 wercplsupport - ok
17:24:27.0713 4308 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
17:24:27.0718 4308 WerSvc - ok
17:24:27.0784 4308 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:24:27.0791 4308 WinDefend - ok
17:24:27.0801 4308 WinHttpAutoProxySvc - ok
17:24:27.0866 4308 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:24:27.0870 4308 Winmgmt - ok
17:24:27.0937 4308 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
17:24:27.0982 4308 WinRM - ok
17:24:28.0038 4308 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:24:28.0061 4308 Wlansvc - ok
17:24:28.0094 4308 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:24:28.0096 4308 WmiAcpi - ok
17:24:28.0138 4308 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:24:28.0143 4308 wmiApSrv - ok
17:24:28.0210 4308 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:24:28.0244 4308 WMPNetworkSvc - ok
17:24:28.0265 4308 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:24:28.0271 4308 WPCSvc - ok
17:24:28.0313 4308 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:24:28.0320 4308 WPDBusEnum - ok
17:24:28.0370 4308 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
17:24:28.0373 4308 WpdUsb - ok
17:24:28.0494 4308 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:24:28.0517 4308 WPFFontCache_v0400 - ok
17:24:28.0540 4308 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:24:28.0542 4308 ws2ifsl - ok
17:24:28.0604 4308 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
17:24:28.0609 4308 wscsvc - ok
17:24:28.0619 4308 WSearch - ok
17:24:28.0720 4308 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:24:28.0776 4308 wuauserv - ok
17:24:28.0816 4308 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:24:28.0820 4308 WUDFRd - ok
17:24:28.0846 4308 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:24:28.0851 4308 wudfsvc - ok
17:24:28.0874 4308 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
17:24:28.0879 4308 yukonwlh - ok
17:24:28.0924 4308 ================ Scan global ===============================
17:24:28.0956 4308 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
17:24:29.0000 4308 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:24:29.0030 4308 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:24:29.0066 4308 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
17:24:29.0074 4308 [Global] - ok
17:24:29.0075 4308 ================ Scan MBR ==================================
17:24:29.0092 4308 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:24:29.0374 4308 \Device\Harddisk0\DR0 - ok
17:24:29.0374 4308 ================ Scan VBR ==================================
17:24:29.0381 4308 [ 89844CBF0538090D6CB42575D8EAB69F ] \Device\Harddisk0\DR0\Partition1
17:24:29.0383 4308 \Device\Harddisk0\DR0\Partition1 - ok
17:24:29.0389 4308 [ 0BAC372F84EE63EC7F94C3DFC546C64D ] \Device\Harddisk0\DR0\Partition2
17:24:29.0392 4308 \Device\Harddisk0\DR0\Partition2 - ok
17:24:29.0393 4308 ============================================================
17:24:29.0393 4308 Scan finished
17:24:29.0393 4308 ============================================================
17:24:29.0411 2424 Detected object count: 1
17:24:29.0411 2424 Actual detected object count: 1
17:24:44.0709 2424 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:24:44.0709 2424 sptd ( LockedFile.Multi.Generic ) - User select action: Skip



Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.14.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
JP :: SCARLET [administrator]

10/14/2012 5:30:21 PM
mbam-log-2012-10-14 (17-30-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237901
Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\JP\Downloads\PCPerformerSetup.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.

(end)
  • 0

#6
Aaron
Posted 15 October 2012 - 01:27 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
OK ;) These entries are clean, what AVG found was related to your emulation software (Alcohol for example).
I always run a virusscanner at the end, however I don't think it will find anything anymore. But it won't do any harm:


Please run a Bitdefender Online Virus Scan by following the instructions below:
  • Click this link to visit the Bitdeneder Online Virus Scan website.
  • Click on the green start scanner button in the middle of the screen.
  • Click the gray Continue button to the left.
  • Click the green Scan now button (you may need to scroll down to see it).
  • A little yellowish bar may pop up at the top of the page to notify you that the website is trying to install an add-on. Click on that yellowish bar and select to install the add-on.
  • If you had to install the add-on, then Internet Explorer will reload the page, and you will be back on step 2. Repeat steps 2 thru 4 again.
  • You may now be presented with a Security Warning popup asking if you want to install something from Bitdefender. Go ahead and click the Install button.
  • You should now be asked to accept the license agreement. You will need to click the I ACCEPT box in the lower-left corner before you can click on the OK button to continue.
  • The scan will begin running. This could take more than a few minutes.
  • Once it is done, it will tell you whether or not it found anything. Avoid removing anything for now, and click on the View report link.
  • Notepad will open with a copy of the report. Please save this on your desktop, and attach it to a reply by clicking on the More Reply Options button to the lower-right of where you type out your reply.

  • 0

#7
Ghadhean
Posted 15 October 2012 - 08:10 AM

Ghadhean

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks so much.

Attached Files


  • 0

#8
Aaron
Posted 15 October 2012 - 08:57 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
Hi, your logs look clean :thumbsup:

I'm happy I could help. I'm giving you some tips about preventing new infections and how to increase your computer's speed.
Let's first remove all system restore points (because they may still contain malware) and create a new restore point. To do this:

  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste the following:

    :Commands
[clearallrestorepoints]
  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES
Now we can cleanup the tools we used:
  • Open OTL to run it.
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application.
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes.
  • Note: if there are still some files left then you may delete them manually
============ 1. Cleaning your temporary files ============

We've already cleaned your temporary files when we removed the malware on your computer, but you could do this step once a month to keep your computer clean and faster. It will also greatly decrease the time a program like e.g. MBAM needs to scan for malware

Download Posted ImageTFC by OldTimer to your desktop
  • Please right-click TFC.exe and choose Run As Administrator.
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it''s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
You can find more information about TFC here.
Another great program you could use instead is Posted ImageCcleaner, it's best to download and install Ccleaner Slim that does not contain the Yahoo! Toolbar.

============ 2. Updating your programs ============

It is recommended to update all your programs, as this will result in a faster working computer and optimal protection. I highly recommended you to update most programs at least once a month!

  • Posted ImageIt is very important to update Windows as this will make your computer a lot safer, stable and maybe even faster. Every XP user should have Service Pack 3 & every Vista user should have Service Pack 2.
    For XP users: You can start it by clicking Start -> All programs -> Windows Update or go to this site.

    For Vista/Windows 7 users: Go to Control Panel and select System and Maintenance, then select Windows Update and install every update.
  • Posted Image It is also very important to update Java! Older versions have vulnerabilities that malware can use to infect your system (like when playing a browser game or even by visiting certain sites). Please follow these steps to remove older versions of Java and to install the newest one available.
    • Download the latest version of Java SE Runtime Environment (JRE) here.
    • Please go to Start -> Control Panel -> Add/Remove Programs and remove all old versions like Java™ 6 Update *version*. The following versions of Java could also be installed, uninstall these too: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE and J2SE.
    • Reboot your computer once all Java components are removed.
    • If you are experiencing problems while removing Java then you can try JavaRa to remove all leftovers.
    • Then from your desktop double-click on the download to install the newest version.
  • Posted ImageIt is also important to update Adobe Reader. Please go to Start > Control Panel > Add/Remove Programs and remove Adobe Reader. Then download and install the latest version here.
  • Extra:Posted ImageSecunia and the Posted ImageFilehippo Update Checker are two programs which can help you updating your programs. These will notify you when an update is found an suggest you a download link.
============ 3. How to prevent an new infection ============

I will list some program's here to secure your computer. At first look this could seem as a security overkill, but it isn't. Most program's aren't active so they won't slow down your computer at all. Only your antivirus, firewall, Winpatrol and Autorun Eater are active. These last two use almost no system resources from your computer, so your computer won't slow down a bit. All these programs are also free or have a free version.

  • First of all you need a good antivirus. Only install one antivirus program at the time because they can conflict! A few good antivirus to buy are Avira, Kaspersky, Avast and Norton (there are other good ones too). You see for yourself, you can find test reports ones a month at AV-Comparatives.org.
    If you want a free antivirus then I recommend you ONE of these:

    ! McAfee and Norton are known for their inability to uninstall themselves correctly, so after you uninstall them then run the corresponding uninstaller before trying to install a new anti-virus!
    McAfee Uninstaller
    Norton Uninstaller
  • Posted ImageSpywareblaster protects against bad ActiveX, it immunizes your PC against them. For more information see the TUTORIAL
  • Posted Image MVPS Hosts file this hosts file should replace your current hosts file. When done, a lot of 'bad' sites will be blocked so you can't access them and you won't be infected. For more information see the TUTORIAL
  • A firewall is important to prevent malware connecting the internet (for sending personal information or to copy itself to other computers) and blocking unauthorised access to your computer, however this is can only come in handy for -very- experienced users. The windows firewall is fine for the most users, but it doesn't allow you to monitor outgoing connections (Vista and Windows can if you change the settings). A tutorial on understanding and using firewalls may be found here. If really you want a third-party firewall then I recommend you ONE of these to:

  • Extra: Posted ImageWinPatrol is a small program that will sit in your systray and warn you if something like malware tries to make changes to your system - for experienced users who like this extra protection.
  • Extra: if you use USB drives a lot then you might want to install Posted ImageAutorun Eater. This is a small program which will stay resident and prevent an infected USB device from infecting your PC. This is the ONLY secure way to use USB drives that aren't yours! For more information see the FAQ
  • Posted ImageSandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer. It therefore greatly increases your security ! Anything done in the 'Sandbox' can easily be undone, for more information see the Help & FAQ. This is one of my favorite programs!
  • Extra: have a look at Posted ImageOpenDNS if you want to block phishing sites, +18 sites from you kids and more.
  • If you have a router, logon to it today and change the password from the default. If you don't know how, get the make and model from the router then google for the router maker's site. Almost all router makers have very clear instructions for each router they make. This will prevent DNS hijacking. Also try using WPA(2) encryption as WEP is easily hacked.
  • For safest browsing use a login which does not have admin rights. Any login (especially those with admin rights should have a password and it should be something you can remember but which a random hacker can't guess.)
    How to create User Accounts XP
    How to create User Accounts Video - Windows 7 (& Vista)
============ 4. Detecting and deleting infections ============

Unfortunately some malware will always be able to get through our very good prevention, however this is very rare. To check your system for malware or to remove it I recommend you to scan monthly with these three programs:

Always update these programs before you start scanning, this is very important !!
If you are happy with MBAM or SuperAntiSpyware then you might consider buying a license. A license isn't expensive at all and they are valid for ever, so no need to buy a new every year. With a license you have real-time protection (besides your antivirus software) and will prevent a lot of malware before they get on your computer! I strongly recommend you try a free trail to test each program and make up for yourself which one suites you best. BUT, do not buy a license for both. If you have these two programs running at the same time, then they may conflict.

============ 5. What browser should I use and how do I surf the internet safe? ============

There are a lot of browsers you can use. Some are more secure, faster, have a better compatibility with most sites and some are more customizable then others, but they all have there strong and weak points.

Posted ImageInternet Explorer is installed on almost every Windows computer. It is the slowest browser of all browser listed here and it's targeted most by malware. However Internet Explorer has a very high compatibility with most sites, it is a browser that most people use and there is good support from Microsoft.

How to make Internet Explorer more secure ?
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
Posted ImageFirefox is a very good open source browser. It's the secondly most used browser, it has a high compatibility with most sites and it's highly customizable. It is my personal favourite. FireFox is also targeted a lot by malware and it's not the fastest one, it has a slow startup. If you use Firefox then I recommend these add-ons:

  • Adblock Plus will block almost all ads on the internet.
  • WOT this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling!
  • NoScript provides extra protection to your Firefox (for more experienced users). It really makes Firefox safer!
    It allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, guarding your "trust boundaries" against cross-site scripting attacks (XSS) and Clickjacking attempts.
  • Vacuum Places Improved defragments your Firefox "Places" database (history/bookmarks)
    This greatly reduces the lag while typing in the address bar and the start-up time.
    This extension features configurable automatic cleaning, periodic reminder, and internationalization.
  • SpeedyFox another good tool that also boosts Firefox.
See here for a list of popular extensions, I'm sure it will improve your browser experience!

Posted ImageOpera is a good looking and very fast browser that has a lot of features other browsers don't have and it also isn't really targeted by malware. Not as customizable as Firefox and you can have some compatibility problems. Some features are: Mouse gestures, Opera Link, Opera Mail, Opera Turbo, Widgets, Speed Dial, Opera Unite... See here for more information.

Posted ImageGoogle Chrome is relatively new browser that is getting popular very fast. It is made by Google, it's the fastest browser of all and it's also easy looking. It also has support for add-ons like Firefox, but not as many as Firefox:

  • Adblock will block almost all ads on the internet.
  • WOT this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling!
See here for a list of popular extensions, I'm sure it will improve your browser experience!

============ 6. A few tips ============

  • Remove trail software and programs that you don't use any more, it will free disk space and can speed up your computer.
  • Make sure your hard drive is defragmented, this will also increase your computers' speed.

    • Windows XP users: have a look here
    • Windows Vista & 7 users: Windows normally defragments automatcly so you don't need to do anything. If you want to do it yourself then you can find information here
      I strongly recommend you to let Windows automatically defragment your drive once a month - not more, not less. You can check this option if you open Disk Defragmenter.
  • Make sure you always have backups! If anything goes wrong, you will always have your most precious data stored safe.
  • Do this to make your computer boot up and work a lot faster: open Start > Run and typ msconfig (Vista and 7 users can just typ this in the start menu) > Go to the Boot (4th) tab and untick everythink that isn't security software > press OK and restart.
    This will greatly improve your computers' speed!
  • Think twice when before downloading things like attachments, torrents, cracks, keygens, codecs and using P2P program's. Also watch out what sites you visit: particularly +18 sites and sites where you can download illegal or cracked software.
  • Do not use following software or be very, very careful: register cleaners, driver updating software, codecs (for music or movies) and Windows Transformation Packs. These often contain malware and even if they are malware free then they can still do severe damage to your system!
  • Also see the general the Preventing Malware and Safe Computing guide, made by one of my excellent former teachers.
Happy surfing again ! ;)
  • 0

#9
Aaron
Posted 20 October 2012 - 03:04 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP