Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Trojan Horse Generic problem

This is a discussion on Trojan Horse Generic problem within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi You guys really helped me 4 years ago on an old PC. Now I have a new conundrum. Yesterday,


 
 
Thread Tools Search this Thread
Old 06-21-2012, 05:01 AM   #1
Registered Member
 
Join Date: Aug 2008
Posts: 34
OS: winxp



Hi

You guys really helped me 4 years ago on an old PC.

Now I have a new conundrum.

Yesterday, started getting new messages from AVG that there was a Trojan Horse dropper Generic_c mmi, in the Windows\system32\services.exe. It said it to ignore the threat

Nothing untoward happened until this morning, when the webbrowser (Chrome) started sending me to all kinds of different URLs, Facebook and Google Mail won't let me in due weak signature on a certificate, and I have a strange audio clip I can't stop.

I ran CC Cleaner and cleaned the junk.
I ran AVG scan, and it found 3 infections, 2 of which it cleaned, but it couldn't clean this one, it said: the object was white-listed (critical/system fix could not be removed)/

Any help would be appreciated.

DDS text is below:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by prnapper at 11:41:45 on 2012-06-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2933.912 [GMT 1:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\prnapper\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\windows\system32\taskeng.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Users\prnapper\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\prnapper\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\prnapper\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\prnapper\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\prnapper\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\prnapper\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\prnapper\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\prnapper\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\prnapper\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\prnapper\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskhost.exe
C:\Users\prnapper\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\prnapper\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN112996368568762-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=4e27fe04000000000000b4749fd7b042
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
BHO: Samsung BHO Class: {aa609d72-8482-4076-8991-8cdae5b93bcb} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
uRun: [Google Update] "C:\Users\prnapper\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Facebook Update] "C:\Users\prnapper\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
uRun: [Spotify Web Helper] "C:\Users\prnapper\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\prnapper\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1D0BC37F-EBAC-41C4-BFA8-8E0002CB923A} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1D0BC37F-EBAC-41C4-BFA8-8E0002CB923A}\2445F40756E6A7F6E656 : DhcpNameServer = 192.168.22.22 192.168.22.23
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs:
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
BHO-X64: Searchqu Toolbar - No File
BHO-X64: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO-X64: Samsung BHO Helper - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64:
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\prnapper\AppData\Roaming\Mozilla\Firefox\Profiles\kzw87idh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN112996368568762-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=4e27fe04000000000000b4749fd7b042
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B00942def-bbde-4d86-929f-93b4f1a88227%7D&mid=773fdfd4ffd847d19821653dd93359b1-b39b7022330731295b0043d1437350097fdce96a&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2011-10-12%2018%3A41%3A24&sap=ku&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\prnapper\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\prnapper\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm_i.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN112996368568762-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=4e27fe04000000000000b4749fd7b042
FF - user.js: extensions.zonealarm_i.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN112996368568762-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=4e27fe04000000000000b4749fd7b042&q={searchTerms}
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN112996368568762-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=4e27fe04000000000000b4749fd7b042
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN112996368568762-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=4e27fe04000000000000b4749fd7b042&q=
FF - user.js: extensions.zonealarm.id - 4e27fe04000000000000b4749fd7b042
FF - user.js: extensions.zonealarm.instlDay - 15473
FF - user.js: extensions.zonealarm.vrsn - 1.5.20.3
FF - user.js: extensions.zonealarm.vrsni - 1.5.20.3
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.20.323:10:13
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1600
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN112996368568762-1600
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 RapportKE64;RapportKE64;C:\windows\system32\Drivers\RapportKE64.sys --> C:\windows\system32\Drivers\RapportKE64.sys [?]
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-8-12 1151096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110818.030\IDSviA64.sys [2011-8-19 488056]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys [2012-3-11 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-3-11 55056]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-3-11 61712]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-06-21 09:46:50 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2012-06-21 09:36:46 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-06-21 0847 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-21 08:05:58 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-21 08:05:58 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-16 17:02:12 0 ----a-w- C:\windows\SysWow64\shoE71B.tmp
2012-06-13 17:35:31 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-06-13 17:34:55 3216384 ----a-w- C:\windows\System32\msi.dll
2012-06-13 17:34:55 2342400 ----a-w- C:\windows\SysWow64\msi.dll
2012-06-13 17:34:52 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-06-13 08:12:16 -------- d-----w- C:\Users\prnapper\AppData\Local\AVG Secure Search
2012-06-12 08:00:07 912504 ----a-w- C:\windows\System32\drivers\NISx64\1207020.003\symefa64.sys
2012-06-12 08:00:07 450680 ----a-w- C:\windows\System32\drivers\NISx64\1207020.003\symds64.sys
2012-06-12 08:00:07 386168 ----a-w- C:\windows\System32\drivers\NISx64\1207020.003\symnets.sys
2012-06-12 08:00:06 744568 ----a-w- C:\windows\System32\drivers\NISx64\1207020.003\srtsp64.sys
2012-06-12 08:00:06 40568 ----a-w- C:\windows\System32\drivers\NISx64\1207020.003\srtspx64.sys
2012-06-12 08:00:06 171128 ----a-w- C:\windows\System32\drivers\NISx64\1207020.003\ironx64.sys
2012-06-12 07:59:46 -------- d-----w- C:\windows\System32\drivers\NISx64\1207020.003
2012-05-30 15:12:35 -------- d-----w- C:\StealthBastard
.
==================== Find3M ====================
.
2012-06-21 10:24:32 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-18 0248 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\windows\System32\win32k.sys
2012-05-04 1122 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-04-19 03:50:26 28480 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2012-04-11 16:30:58 60304 ----a-w- C:\Users\prnapper\g2mdlhlpx.exe
2012-04-09 22:20:16 0 ----a-w- C:\windows\SysWow64\shoCD94.tmp
2012-04-05 16:30:53 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
.
============= FINISH: 11:44:13.19 ===============



Thanks a lot for taking the time to read this.
Attached Files
File Type: zip Attach.zip (2.9 KB, 28 views)
prnapper is offline  
Sponsored Links
Advertisement
 
Old 06-21-2012, 11:31 AM   #2
Security Team
Trainee IV
 
Join Date: Sep 2010
Location: The eurozone.....eeek!
Posts: 535
OS: xp



Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.
woosh is offline  
Old 06-21-2012, 04:00 PM   #3
Security Team
Trainee IV
 
Join Date: Sep 2010
Location: The eurozone.....eeek!
Posts: 535
OS: xp



You have more than one active antivirus installed, this is never a good idea. At best it can just slow down your computer, at worst cause conflicts and do all sorts of damage.

Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.

Select the program you no longer wish to keep and click Uninstall.


If you choose to uninstall Norton, also run this Norton Removal Tool

1. Download this file:

ftp://ftp.symantec.com/public/englis...moval_Tool.exe

Save the file to the Windows desktop.

2. On the Windows desktop, double-click the Norton Removal Tool icon.

3. Follow the on-screen instructions. Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.

=====================================

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


NEXT


Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, DO NOT select "Cure" at this time, but rather select SKIP.
Once complete, a log will be produced at the root drive which is typically C:\

For example, C:\TDSSKiller.2.5.17.0_date_time_log.txt
Please post that log for review in your next reply.
woosh is offline  
Sponsored Links
Advertisement
 
Old 06-22-2012, 02:21 AM   #4
Registered Member
 
Join Date: Aug 2008
Posts: 34
OS: winxp



aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-22 09:08:40
-----------------------------
09:08:40.576 OS Version: Windows x64 6.1.7601 Service Pack 1
09:08:40.576 Number of processors: 4 586 0x2505
09:08:40.577 ComputerName: PRNAPPER-PC UserName: prnapper
09:08:41.251 Initialize success
09:09:06.771 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:09:06.781 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 305245MB BusType: 3
09:09:06.821 Disk 0 MBR read successfully
09:09:06.831 Disk 0 MBR scan
09:09:06.831 Disk 0 unknown MBR code
09:09:06.851 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:09:06.871 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 113664 MB offset 206848
09:09:06.871 Disk 0 Partition - 00 0F Extended LBA 169329 MB offset 232990720
09:09:06.901 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 22146 MB offset 579776512
09:09:06.991 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 169328 MB offset 232992768
09:09:07.051 Disk 0 scanning C:\windows\system32\drivers
09:09:16.588 Service scanning
09:09:37.558 Modules scanning
09:09:37.568 Disk 0 trace - called modules:
09:09:37.948 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
09:09:37.958 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800337e060]
09:09:37.968 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80030be050]
09:09:37.978 Scan finished successfully
09:09:52.137 Disk 0 MBR has been saved successfully to "C:\Users\prnapper\Desktop\MBR.dat"
09:09:52.147 The log file has been saved successfully to "C:\Users\prnapper\Desktop\aswMBR.txt"

09:12:07.0765 4352 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
09:12:08.0226 4352 ============================================================
09:12:08.0226 4352 Current date / time: 2012/06/22 09:12:08.0226
09:12:08.0226 4352 SystemInfo:
09:12:08.0226 4352
09:12:08.0226 4352 OS Version: 6.1.7601 ServicePack: 1.0
09:12:08.0226 4352 Product type: Workstation
09:12:08.0226 4352 ComputerName: PRNAPPER-PC
09:12:08.0227 4352 UserName: prnapper
09:12:08.0227 4352 Windows directory: C:\windows
09:12:08.0227 4352 System windows directory: C:\windows
09:12:08.0227 4352 Running under WOW64
09:12:08.0227 4352 Processor architecture: Intel x64
09:12:08.0227 4352 Number of processors: 4
09:12:08.0227 4352 Page size: 0x1000
09:12:08.0227 4352 Boot type: Normal boot
09:12:08.0227 4352 ============================================================
09:12:08.0728 4352 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:12:08.0740 4352 ============================================================
09:12:08.0740 4352 \Device\Harddisk0\DR0:
09:12:08.0740 4352 MBR partitions:
09:12:08.0740 4352 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:12:08.0740 4352 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDE00000
09:12:08.0784 4352 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xDE33000, BlocksNum 0x14AB8000
09:12:08.0784 4352 ============================================================
09:12:08.0827 4352 C: <-> \Device\Harddisk0\DR0\Partition1
09:12:08.0876 4352 D: <-> \Device\Harddisk0\DR0\Partition2
09:12:08.0876 4352 ============================================================
09:12:08.0876 4352 Initialize success
09:12:08.0876 4352 ============================================================
09:12:10.0796 4628 ============================================================
09:12:10.0796 4628 Scan started
09:12:10.0796 4628 Mode: Manual;
09:12:10.0796 4628 ============================================================
09:12:11.0094 4628 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
09:12:11.0096 4628 1394ohci - ok
09:12:11.0134 4628 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
09:12:11.0137 4628 ACPI - ok
09:12:11.0171 4628 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
09:12:11.0173 4628 AcpiPmi - ok
09:12:11.0280 4628 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:12:11.0284 4628 AdobeFlashPlayerUpdateSvc - ok
09:12:11.0337 4628 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
09:12:11.0344 4628 adp94xx - ok
09:12:11.0403 4628 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
09:12:11.0408 4628 adpahci - ok
09:12:11.0458 4628 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
09:12:11.0461 4628 adpu320 - ok
09:12:11.0491 4628 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
09:12:11.0493 4628 AeLookupSvc - ok
09:12:11.0567 4628 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
09:12:11.0584 4628 AFD - ok
09:12:11.0629 4628 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
09:12:11.0630 4628 agp440 - ok
09:12:11.0677 4628 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
09:12:11.0680 4628 ALG - ok
09:12:11.0717 4628 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
09:12:11.0719 4628 aliide - ok
09:12:11.0724 4628 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
09:12:11.0725 4628 amdide - ok
09:12:11.0751 4628 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
09:12:11.0752 4628 AmdK8 - ok
09:12:11.0773 4628 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
09:12:11.0775 4628 AmdPPM - ok
09:12:11.0813 4628 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
09:12:11.0816 4628 amdsata - ok
09:12:11.0860 4628 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
09:12:11.0863 4628 amdsbs - ok
09:12:11.0900 4628 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
09:12:11.0902 4628 amdxata - ok
09:12:11.0950 4628 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
09:12:11.0952 4628 AppID - ok
09:12:11.0984 4628 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
09:12:11.0986 4628 AppIDSvc - ok
09:12:12.0031 4628 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
09:12:12.0034 4628 Appinfo - ok
09:12:12.0131 4628 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:12:12.0135 4628 Apple Mobile Device - ok
09:12:12.0180 4628 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
09:12:12.0182 4628 arc - ok
09:12:12.0198 4628 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
09:12:12.0200 4628 arcsas - ok
09:12:12.0230 4628 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
09:12:12.0231 4628 AsyncMac - ok
09:12:12.0266 4628 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
09:12:12.0268 4628 atapi - ok
09:12:12.0326 4628 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
09:12:12.0333 4628 AudioEndpointBuilder - ok
09:12:12.0341 4628 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
09:12:12.0348 4628 AudioSrv - ok
09:12:13.0015 4628 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
09:12:13.0138 4628 AVGIDSAgent - ok
09:12:13.0293 4628 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys
09:12:13.0296 4628 AVGIDSDriver - ok
09:12:13.0330 4628 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys
09:12:13.0332 4628 AVGIDSFilter - ok
09:12:13.0386 4628 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys
09:12:13.0388 4628 AVGIDSHA - ok
09:12:13.0417 4628 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys
09:12:13.0422 4628 Avgldx64 - ok
09:12:13.0465 4628 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys
09:12:13.0467 4628 Avgmfx64 - ok
09:12:13.0505 4628 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys
09:12:13.0507 4628 Avgrkx64 - ok
09:12:13.0555 4628 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys
09:12:13.0570 4628 Avgtdia - ok
09:12:13.0716 4628 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
09:12:13.0732 4628 avgwd - ok
09:12:13.0774 4628 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
09:12:13.0777 4628 AxInstSV - ok
09:12:13.0863 4628 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
09:12:13.0884 4628 b06bdrv - ok
09:12:13.0942 4628 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
09:12:13.0946 4628 b57nd60a - ok
09:12:14.0022 4628 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
09:12:14.0028 4628 BBSvc - ok
09:12:14.0345 4628 BCM43XX (63dd9c990883709053dd2c427df0db6f) C:\windows\system32\DRIVERS\bcmwl664.sys
09:12:14.0426 4628 BCM43XX - ok
09:12:14.0570 4628 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
09:12:14.0573 4628 BDESVC - ok
09:12:14.0746 4628 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
09:12:14.0747 4628 Beep - ok
09:12:14.0866 4628 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
09:12:14.0896 4628 BITS - ok
09:12:14.0930 4628 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
09:12:14.0931 4628 blbdrive - ok
09:12:14.0979 4628 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
09:12:14.0981 4628 bowser - ok
09:12:15.0012 4628 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
09:12:15.0013 4628 BrFiltLo - ok
09:12:15.0018 4628 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
09:12:15.0019 4628 BrFiltUp - ok
09:12:15.0059 4628 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
09:12:15.0061 4628 Browser - ok
09:12:15.0108 4628 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
09:12:15.0112 4628 Brserid - ok
09:12:15.0140 4628 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
09:12:15.0142 4628 BrSerWdm - ok
09:12:15.0156 4628 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
09:12:15.0157 4628 BrUsbMdm - ok
09:12:15.0169 4628 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
09:12:15.0170 4628 BrUsbSer - ok
09:12:15.0231 4628 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
09:12:15.0234 4628 BthEnum - ok
09:12:15.0279 4628 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
09:12:15.0281 4628 BTHMODEM - ok
09:12:15.0321 4628 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
09:12:15.0323 4628 BthPan - ok
09:12:15.0420 4628 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
09:12:15.0441 4628 BTHPORT - ok
09:12:15.0491 4628 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
09:12:15.0493 4628 bthserv - ok
09:12:15.0518 4628 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
09:12:15.0520 4628 BTHUSB - ok
09:12:15.0594 4628 BTWAMPFL (72cc5dcc4e67e7927f94801166cfdcda) C:\windows\system32\DRIVERS\btwampfl.sys
09:12:15.0617 4628 BTWAMPFL - ok
09:12:15.0760 4628 btwaudio (f6135859a582a7294ba7a3336e08baa1) C:\windows\system32\drivers\btwaudio.sys
09:12:15.0764 4628 btwaudio - ok
09:12:15.0807 4628 btwavdt (3def2370e414b4e299673558ba171a51) C:\windows\system32\DRIVERS\btwavdt.sys
09:12:15.0810 4628 btwavdt - ok
09:12:15.0932 4628 btwdins (f0af04a96ca48b869284b5dc4cdb8cbb) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
09:12:15.0949 4628 btwdins - ok
09:12:15.0978 4628 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\windows\system32\DRIVERS\btwl2cap.sys
09:12:15.0980 4628 btwl2cap - ok
09:12:16.0024 4628 btwrchid (9937e0e4dfc0030560a6dfe9d3a94b39) C:\windows\system32\DRIVERS\btwrchid.sys
09:12:16.0026 4628 btwrchid - ok
09:12:16.0080 4628 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
09:12:16.0081 4628 cdfs - ok
09:12:16.0126 4628 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
09:12:16.0129 4628 cdrom - ok
09:12:16.0163 4628 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
09:12:16.0166 4628 CertPropSvc - ok
09:12:16.0199 4628 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
09:12:16.0200 4628 circlass - ok
09:12:16.0251 4628 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
09:12:16.0254 4628 CLFS - ok
09:12:16.0337 4628 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:12:16.0344 4628 clr_optimization_v2.0.50727_32 - ok
09:12:16.0393 4628 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:12:16.0396 4628 clr_optimization_v2.0.50727_64 - ok
09:12:16.0468 4628 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:12:16.0491 4628 clr_optimization_v4.0.30319_32 - ok
09:12:16.0532 4628 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:12:16.0534 4628 clr_optimization_v4.0.30319_64 - ok
09:12:16.0576 4628 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\windows\system32\DRIVERS\clwvd.sys
09:12:16.0577 4628 clwvd - ok
09:12:16.0604 4628 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
09:12:16.0605 4628 CmBatt - ok
09:12:16.0635 4628 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
09:12:16.0637 4628 cmdide - ok
09:12:16.0709 4628 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
09:12:16.0717 4628 CNG - ok
09:12:16.0771 4628 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
09:12:16.0772 4628 Compbatt - ok
09:12:16.0784 4628 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
09:12:16.0785 4628 CompositeBus - ok
09:12:16.0803 4628 COMSysApp - ok
09:12:16.0827 4628 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
09:12:16.0828 4628 crcdisk - ok
09:12:16.0871 4628 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
09:12:16.0873 4628 CryptSvc - ok
09:12:17.0018 4628 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
09:12:17.0032 4628 cvhsvc - ok
09:12:17.0113 4628 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
09:12:17.0118 4628 DcomLaunch - ok
09:12:17.0159 4628 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
09:12:17.0164 4628 defragsvc - ok
09:12:17.0225 4628 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
09:12:17.0228 4628 DfsC - ok
09:12:17.0295 4628 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
09:12:17.0297 4628 Dhcp - ok
09:12:17.0305 4628 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
09:12:17.0306 4628 discache - ok
09:12:17.0348 4628 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
09:12:17.0350 4628 Disk - ok
09:12:17.0410 4628 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
09:12:17.0415 4628 Dnscache - ok
09:12:17.0458 4628 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
09:12:17.0464 4628 dot3svc - ok
09:12:17.0488 4628 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
09:12:17.0491 4628 DPS - ok
09:12:17.0522 4628 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
09:12:17.0524 4628 drmkaud - ok
09:12:17.0624 4628 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
09:12:17.0644 4628 DXGKrnl - ok
09:12:17.0726 4628 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
09:12:17.0728 4628 EapHost - ok
09:12:17.0907 4628 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
09:12:17.0946 4628 ebdrv - ok
09:12:18.0073 4628 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
09:12:18.0076 4628 EFS - ok
09:12:18.0161 4628 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
09:12:18.0172 4628 ehRecvr - ok
09:12:18.0191 4628 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
09:12:18.0195 4628 ehSched - ok
09:12:18.0305 4628 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
09:12:18.0315 4628 elxstor - ok
09:12:18.0324 4628 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
09:12:18.0325 4628 ErrDev - ok
09:12:18.0369 4628 ETD (ace57d5012b00971cce04c61cfeefae6) C:\windows\system32\DRIVERS\ETD.sys
09:12:18.0371 4628 ETD - ok
09:12:18.0431 4628 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
09:12:18.0435 4628 EventSystem - ok
09:12:18.0473 4628 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
09:12:18.0476 4628 exfat - ok
09:12:18.0502 4628 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
09:12:18.0506 4628 fastfat - ok
09:12:18.0579 4628 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
09:12:18.0589 4628 Fax - ok
09:12:18.0634 4628 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
09:12:18.0636 4628 fdc - ok
09:12:18.0676 4628 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
09:12:18.0679 4628 fdPHost - ok
09:12:18.0700 4628 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
09:12:18.0703 4628 FDResPub - ok
09:12:18.0724 4628 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
09:12:18.0725 4628 FileInfo - ok
09:12:18.0743 4628 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
09:12:18.0745 4628 Filetrace - ok
09:12:18.0781 4628 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
09:12:18.0782 4628 flpydisk - ok
09:12:18.0814 4628 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
09:12:18.0817 4628 FltMgr - ok
09:12:18.0921 4628 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
09:12:18.0941 4628 FontCache - ok
09:12:19.0055 4628 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:12:19.0058 4628 FontCache3.0.0.0 - ok
09:12:19.0126 4628 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
09:12:19.0129 4628 FsDepends - ok
09:12:19.0177 4628 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
09:12:19.0178 4628 Fs_Rec - ok
09:12:19.0221 4628 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
09:12:19.0225 4628 fvevol - ok
09:12:19.0255 4628 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
09:12:19.0257 4628 gagp30kx - ok
09:12:19.0370 4628 GameConsoleService (521a469caf61f00e1de081cc2099c1d6) C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
09:12:19.0375 4628 GameConsoleService - ok
09:12:19.0406 4628 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
09:12:19.0408 4628 GEARAspiWDM - ok
09:12:19.0482 4628 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
09:12:19.0490 4628 gpsvc - ok
09:12:19.0598 4628 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:12:19.0600 4628 gupdate - ok
09:12:19.0617 4628 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:12:19.0620 4628 gupdatem - ok
09:12:19.0668 4628 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
09:12:19.0669 4628 hcw85cir - ok
09:12:19.0718 4628 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
09:12:19.0723 4628 HdAudAddService - ok
09:12:19.0745 4628 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
09:12:19.0747 4628 HDAudBus - ok
09:12:19.0783 4628 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
09:12:19.0785 4628 HECIx64 - ok
09:12:19.0814 4628 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
09:12:19.0815 4628 HidBatt - ok
09:12:19.0882 4628 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
09:12:19.0884 4628 HidBth - ok
09:12:19.0920 4628 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
09:12:19.0921 4628 HidIr - ok
09:12:19.0950 4628 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
09:12:19.0953 4628 hidserv - ok
09:12:19.0989 4628 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
09:12:19.0990 4628 HidUsb - ok
09:12:20.0013 4628 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
09:12:20.0017 4628 hkmsvc - ok
09:12:20.0042 4628 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
09:12:20.0047 4628 HomeGroupListener - ok
09:12:20.0079 4628 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
09:12:20.0084 4628 HomeGroupProvider - ok
09:12:20.0125 4628 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
09:12:20.0126 4628 HpSAMD - ok
09:12:20.0194 4628 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
09:12:20.0201 4628 HTTP - ok
09:12:20.0229 4628 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
09:12:20.0229 4628 hwpolicy - ok
09:12:20.0270 4628 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
09:12:20.0271 4628 i8042prt - ok
09:12:20.0325 4628 iaStor (a5f72bb0d024e7e463344105be613ae4) C:\windows\system32\DRIVERS\iaStor.sys
09:12:20.0329 4628 iaStor - ok
09:12:20.0383 4628 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
09:12:20.0388 4628 iaStorV - ok
09:12:20.0516 4628 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:12:20.0531 4628 idsvc - ok
09:12:21.0081 4628 igfx (677aa5991026a65ada128c4b59cf2bad) C:\windows\system32\DRIVERS\igdkmd64.sys
09:12:21.0298 4628 igfx - ok
09:12:21.0419 4628 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
09:12:21.0421 4628 iirsp - ok
09:12:21.0510 4628 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
09:12:21.0525 4628 IKEEXT - ok
09:12:21.0582 4628 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
09:12:21.0586 4628 Impcd - ok
09:12:21.0763 4628 IntcAzAudAddService (a0c2c3d4c03c4fb896cfc53873784178) C:\windows\system32\drivers\RTKVHD64.sys
09:12:21.0794 4628 IntcAzAudAddService - ok
09:12:21.0947 4628 IntcDAud (c6c1f19205da83c801be7c25f4e2ee07) C:\windows\system32\DRIVERS\IntcDAud.sys
09:12:21.0952 4628 IntcDAud - ok
09:12:21.0986 4628 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
09:12:21.0987 4628 intelide - ok
09:12:22.0025 4628 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
09:12:22.0027 4628 intelppm - ok
09:12:22.0051 4628 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
09:12:22.0055 4628 IPBusEnum - ok
09:12:22.0079 4628 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
09:12:22.0081 4628 IpFilterDriver - ok
09:12:22.0102 4628 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
09:12:22.0106 4628 IPMIDRV - ok
09:12:22.0148 4628 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
09:12:22.0151 4628 IPNAT - ok
09:12:22.0266 4628 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
09:12:22.0276 4628 iPod Service - ok
09:12:22.0314 4628 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
09:12:22.0315 4628 IRENUM - ok
09:12:22.0354 4628 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
09:12:22.0355 4628 isapnp - ok
09:12:22.0382 4628 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
09:12:22.0386 4628 iScsiPrt - ok
09:12:22.0417 4628 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
09:12:22.0419 4628 kbdclass - ok
09:12:22.0439 4628 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
09:12:22.0441 4628 kbdhid - ok
09:12:22.0478 4628 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
09:12:22.0480 4628 KeyIso - ok
09:12:22.0494 4628 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
09:12:22.0496 4628 KSecDD - ok
09:12:22.0536 4628 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
09:12:22.0539 4628 KSecPkg - ok
09:12:22.0562 4628 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
09:12:22.0563 4628 ksthunk - ok
09:12:22.0616 4628 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
09:12:22.0624 4628 KtmRm - ok
09:12:22.0665 4628 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
09:12:22.0670 4628 LanmanServer - ok
09:12:22.0710 4628 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
09:12:22.0716 4628 LanmanWorkstation - ok
09:12:22.0754 4628 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
09:12:22.0757 4628 lltdio - ok
09:12:22.0799 4628 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
09:12:22.0806 4628 lltdsvc - ok
09:12:22.0853 4628 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
09:12:22.0855 4628 lmhosts - ok
09:12:22.0973 4628 LMS (23d990150d56b670a62b21b9abdd45ee) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:12:22.0978 4628 LMS - ok
09:12:23.0012 4628 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
09:12:23.0015 4628 LSI_FC - ok
09:12:23.0045 4628 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
09:12:23.0048 4628 LSI_SAS - ok
09:12:23.0068 4628 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
09:12:23.0070 4628 LSI_SAS2 - ok
09:12:23.0094 4628 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
09:12:23.0096 4628 LSI_SCSI - ok
09:12:23.0129 4628 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
09:12:23.0131 4628 luafv - ok
09:12:23.0245 4628 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
09:12:23.0250 4628 McComponentHostService - ok
09:12:23.0289 4628 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
09:12:23.0292 4628 Mcx2Svc - ok
09:12:23.0315 4628 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
09:12:23.0316 4628 megasas - ok
09:12:23.0347 4628 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
09:12:23.0352 4628 MegaSR - ok
09:12:23.0386 4628 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
09:12:23.0388 4628 MMCSS - ok
09:12:23.0401 4628 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
09:12:23.0403 4628 Modem - ok
09:12:23.0432 4628 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
09:12:23.0433 4628 monitor - ok
09:12:23.0459 4628 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
09:12:23.0461 4628 mouclass - ok
09:12:23.0483 4628 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
09:12:23.0486 4628 mouhid - ok
09:12:23.0513 4628 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
09:12:23.0515 4628 mountmgr - ok
09:12:23.0580 4628 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:12:23.0583 4628 MozillaMaintenance - ok
09:12:23.0631 4628 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
09:12:23.0633 4628 mpio - ok
09:12:23.0653 4628 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
09:12:23.0654 4628 mpsdrv - ok
09:12:23.0680 4628 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
09:12:23.0683 4628 MRxDAV - ok
09:12:23.0722 4628 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
09:12:23.0724 4628 mrxsmb - ok
09:12:23.0744 4628 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
09:12:23.0747 4628 mrxsmb10 - ok
09:12:23.0774 4628 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
09:12:23.0775 4628 mrxsmb20 - ok
09:12:23.0804 4628 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
09:12:23.0805 4628 msahci - ok
09:12:23.0833 4628 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
09:12:23.0835 4628 msdsm - ok
09:12:23.0872 4628 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
09:12:23.0876 4628 MSDTC - ok
09:12:23.0919 4628 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
09:12:23.0920 4628 Msfs - ok
09:12:23.0946 4628 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
09:12:23.0947 4628 mshidkmdf - ok
09:12:23.0965 4628 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
09:12:23.0967 4628 msisadrv - ok
09:12:24.0001 4628 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
09:12:24.0006 4628 MSiSCSI - ok
09:12:24.0009 4628 msiserver - ok
09:12:24.0039 4628 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
09:12:24.0041 4628 MSKSSRV - ok
09:12:24.0045 4628 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
09:12:24.0047 4628 MSPCLOCK - ok
09:12:24.0071 4628 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
09:12:24.0073 4628 MSPQM - ok
09:12:24.0150 4628 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
09:12:24.0156 4628 MsRPC - ok
09:12:24.0188 4628 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
09:12:24.0189 4628 mssmbios - ok
09:12:24.0204 4628 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
09:12:24.0205 4628 MSTEE - ok
09:12:24.0220 4628 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
09:12:24.0222 4628 MTConfig - ok
09:12:24.0243 4628 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
09:12:24.0245 4628 Mup - ok
09:12:24.0289 4628 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
09:12:24.0296 4628 napagent - ok
09:12:24.0352 4628 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
09:12:24.0356 4628 NativeWifiP - ok
09:12:24.0437 4628 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
09:12:24.0453 4628 NDIS - ok
09:12:24.0494 4628 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
09:12:24.0496 4628 NdisCap - ok
09:12:24.0520 4628 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
09:12:24.0521 4628 NdisTapi - ok
09:12:24.0538 4628 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
09:12:24.0540 4628 Ndisuio - ok
09:12:24.0563 4628 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
09:12:24.0566 4628 NdisWan - ok
09:12:24.0582 4628 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
09:12:24.0584 4628 NDProxy - ok
09:12:24.0617 4628 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
09:12:24.0619 4628 NetBIOS - ok
09:12:24.0645 4628 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
09:12:24.0648 4628 NetBT - ok
09:12:24.0707 4628 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
09:12:24.0710 4628 Netlogon - ok
09:12:24.0751 4628 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
09:12:24.0758 4628 Netman - ok
09:12:24.0797 4628 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
09:12:24.0805 4628 netprofm - ok
09:12:24.0907 4628 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:12:24.0912 4628 NetTcpPortSharing - ok
09:12:24.0944 4628 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
09:12:24.0946 4628 nfrd960 - ok
09:12:25.0000 4628 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
09:12:25.0004 4628 NlaSvc - ok
09:12:25.0227 4628 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
09:12:25.0270 4628 NOBU - ok
09:12:25.0391 4628 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
09:12:25.0393 4628 Npfs - ok
09:12:25.0416 4628 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
09:12:25.0418 4628 nsi - ok
09:12:25.0426 4628 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
09:12:25.0427 4628 nsiproxy - ok
09:12:25.0562 4628 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
09:12:25.0577 4628 Ntfs - ok
09:12:25.0760 4628 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
09:12:25.0761 4628 Null - ok
09:12:25.0855 4628 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
09:12:25.0858 4628 nvraid - ok
09:12:25.0901 4628 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
09:12:25.0904 4628 nvstor - ok
09:12:26.0007 4628 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
09:12:26.0009 4628 nv_agp - ok
09:12:26.0025 4628 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
09:12:26.0027 4628 ohci1394 - ok
09:12:26.0090 4628 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:12:26.0093 4628 ose - ok
09:12:26.0264 4628 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:12:26.0354 4628 osppsvc - ok
09:12:26.0476 4628 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
09:12:26.0480 4628 p2pimsvc - ok
09:12:26.0496 4628 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
09:12:26.0502 4628 p2psvc - ok
09:12:26.0571 4628 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
09:12:26.0573 4628 Parport - ok
09:12:26.0598 4628 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
09:12:26.0600 4628 partmgr - ok
09:12:26.0633 4628 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
09:12:26.0636 4628 PcaSvc - ok
09:12:26.0670 4628 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
09:12:26.0671 4628 pci - ok
09:12:26.0681 4628 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
09:12:26.0682 4628 pciide - ok
09:12:26.0702 4628 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
09:12:26.0704 4628 pcmcia - ok
09:12:26.0727 4628 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
09:12:26.0729 4628 pcw - ok
09:12:26.0815 4628 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
09:12:26.0819 4628 PEAUTH - ok
09:12:26.0888 4628 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
09:12:26.0890 4628 PerfHost - ok
09:12:26.0983 4628 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
09:12:27.0000 4628 pla - ok
09:12:27.0133 4628 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
09:12:27.0137 4628 PlugPlay - ok
09:12:27.0165 4628 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
09:12:27.0167 4628 PNRPAutoReg - ok
09:12:27.0190 4628 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
09:12:27.0193 4628 PNRPsvc - ok
09:12:27.0234 4628 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
09:12:27.0242 4628 PolicyAgent - ok
09:12:27.0318 4628 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
09:12:27.0320 4628 Power - ok
09:12:27.0450 4628 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
09:12:27.0453 4628 PptpMiniport - ok
09:12:27.0477 4628 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
09:12:27.0478 4628 Processor - ok
09:12:27.0519 4628 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
09:12:27.0521 4628 ProfSvc - ok
09:12:27.0557 4628 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
09:12:27.0559 4628 ProtectedStorage - ok
09:12:27.0599 4628 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
09:12:27.0601 4628 Psched - ok
09:12:27.0829 4628 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
09:12:27.0844 4628 ql2300 - ok
09:12:28.0550 4628 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
09:12:28.0553 4628 ql40xx - ok
09:12:28.0692 4628 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
09:12:28.0699 4628 QWAVE - ok
09:12:28.0737 4628 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
09:12:28.0738 4628 QWAVEdrv - ok
09:12:28.0918 4628 RapportCerberus_34302 (5e0459ed0a8f540d2f7b6e52da12c9d4) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys
09:12:28.0926 4628 RapportCerberus_34302 - ok
09:12:29.0027 4628 RapportEI64 (06917b0649e334c43bfd529afcdc6c1c) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
09:12:29.0030 4628 RapportEI64 - ok
09:12:29.0070 4628 RapportKE64 (49dec9bb40555db653c4e1ab9a087403) C:\windows\system32\Drivers\RapportKE64.sys
09:12:29.0072 4628 RapportKE64 - ok
09:12:29.0161 4628 RapportMgmtService (d9ef54568fafcb4be4637068e768409a) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
09:12:29.0171 4628 RapportMgmtService - ok
09:12:29.0212 4628 RapportPG64 (6a36c7b3dfcf56bc164cb399bc4943a7) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
09:12:29.0214 4628 RapportPG64 - ok
09:12:29.0236 4628 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
09:12:29.0238 4628 RasAcd - ok
09:12:29.0285 4628 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
09:12:29.0286 4628 RasAgileVpn - ok
09:12:29.0318 4628 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
09:12:29.0322 4628 RasAuto - ok
09:12:29.0343 4628 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
09:12:29.0346 4628 Rasl2tp - ok
09:12:29.0379 4628 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
09:12:29.0384 4628 RasMan - ok
09:12:29.0416 4628 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
09:12:29.0418 4628 RasPppoe - ok
09:12:29.0449 4628 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
09:12:29.0451 4628 RasSstp - ok
09:12:29.0480 4628 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
09:12:29.0484 4628 rdbss - ok
09:12:29.0507 4628 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
09:12:29.0509 4628 rdpbus - ok
09:12:29.0530 4628 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
09:12:29.0531 4628 RDPCDD - ok
09:12:29.0560 4628 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
09:12:29.0561 4628 RDPENCDD - ok
09:12:29.0569 4628 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
09:12:29.0570 4628 RDPREFMP - ok
09:12:29.0624 4628 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
09:12:29.0632 4628 RDPWD - ok
09:12:29.0667 4628 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
09:12:29.0670 4628 rdyboost - ok
09:12:29.0707 4628 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
09:12:29.0711 4628 RemoteAccess - ok
09:12:29.0748 4628 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
09:12:29.0753 4628 RemoteRegistry - ok
09:12:29.0789 4628 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
09:12:29.0792 4628 RFCOMM - ok
09:12:29.0900 4628 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
09:12:29.0904 4628 RichVideo - ok
09:12:29.0930 4628 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
09:12:29.0933 4628 RpcEptMapper - ok
09:12:29.0957 4628 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
09:12:29.0959 4628 RpcLocator - ok
09:12:30.0051 4628 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
09:12:30.0058 4628 RpcSs - ok
09:12:30.0103 4628 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
09:12:30.0104 4628 rspndr - ok
09:12:30.0209 4628 RTL8167 (bfe0ef0c4c15820698f50ad73af5e35f) C:\windows\system32\DRIVERS\Rt64win7.sys
09:12:30.0224 4628 RTL8167 - ok
09:12:30.0694 4628 rtport (4ca0dba9e224473d664c25e411f5a3bd) C:\windows\SysWOW64\drivers\rtport.sys
09:12:30.0696 4628 rtport - ok
09:12:30.0869 4628 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
09:12:30.0871 4628 SABI - ok
09:12:30.0996 4628 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
09:12:30.0998 4628 SamSs - ok
09:12:31.0142 4628 Samsung UPD Service (d641337b75b9a9d5ae10687aa1097755) C:\windows\System32\SUPDSvc.exe
09:12:31.0146 4628 Samsung UPD Service - ok
09:12:31.0377 4628 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
09:12:31.0380 4628 sbp2port - ok
09:12:31.0419 4628 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
09:12:31.0437 4628 SCardSvr - ok
09:12:31.0489 4628 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
09:12:31.0490 4628 scfilter - ok
09:12:31.0892 4628 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
09:12:31.0919 4628 Schedule - ok
09:12:32.0147 4628 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
09:12:32.0149 4628 SCPolicySvc - ok
09:12:32.0377 4628 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
09:12:32.0397 4628 SDRSVC - ok
09:12:32.0789 4628 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
09:12:32.0793 4628 SeaPort - ok
09:12:32.0849 4628 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
09:12:32.0850 4628 secdrv - ok
09:12:32.0888 4628 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
09:12:32.0891 4628 seclogon - ok
09:12:32.0909 4628 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
09:12:32.0911 4628 SENS - ok
09:12:32.0923 4628 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
09:12:32.0926 4628 SensrSvc - ok
09:12:32.0953 4628 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
09:12:32.0954 4628 Serenum - ok
09:12:33.0051 4628 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
09:12:33.0068 4628 Serial - ok
09:12:33.0113 4628 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
09:12:33.0115 4628 sermouse - ok
09:12:33.0209 4628 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
09:12:33.0220 4628 SessionEnv - ok
09:12:33.0313 4628 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
09:12:33.0315 4628 sffdisk - ok
09:12:33.0345 4628 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
09:12:33.0348 4628 sffp_mmc - ok
09:12:33.0380 4628 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
09:12:33.0381 4628 sffp_sd - ok
09:12:33.0410 4628 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
09:12:33.0412 4628 sfloppy - ok
09:12:33.0491 4628 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
09:12:33.0503 4628 Sftfs - ok
09:12:33.0612 4628 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
09:12:33.0620 4628 sftlist - ok
09:12:33.0727 4628 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
09:12:33.0731 4628 Sftplay - ok
09:12:33.0764 4628 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
09:12:33.0766 4628 Sftredir - ok
09:12:33.0797 4628 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
09:12:33.0799 4628 Sftvol - ok
09:12:33.0840 4628 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
09:12:33.0844 4628 sftvsa - ok
09:12:33.0886 4628 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
09:12:33.0890 4628 ShellHWDetection - ok
09:12:33.0934 4628 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
09:12:33.0936 4628 SiSRaid2 - ok
09:12:33.0957 4628 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
09:12:33.0959 4628 SiSRaid4 - ok
09:12:33.0992 4628 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
09:12:33.0995 4628 Smb - ok
09:12:34.0039 4628 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
09:12:34.0042 4628 SNMPTRAP - ok
09:12:34.0084 4628 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
09:12:34.0085 4628 spldr - ok
09:12:34.0126 4628 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
09:12:34.0131 4628 Spooler - ok
09:12:34.0313 4628 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
09:12:34.0350 4628 sppsvc - ok
09:12:34.0502 4628 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
09:12:34.0507 4628 sppuinotify - ok
09:12:34.0588 4628 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
09:12:34.0594 4628 srv - ok
09:12:34.0646 4628 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
09:12:34.0650 4628 srv2 - ok
09:12:34.0669 4628 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
09:12:34.0671 4628 srvnet - ok
09:12:34.0712 4628 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
09:12:34.0717 4628 SSDPSRV - ok
09:12:34.0730 4628 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
09:12:34.0735 4628 SstpSvc - ok
09:12:34.0797 4628 Steam Client Service - ok
09:12:34.0844 4628 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
09:12:34.0846 4628 stexstor - ok
09:12:34.0881 4628 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
09:12:34.0883 4628 StillCam - ok
09:12:34.0945 4628 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
09:12:34.0956 4628 stisvc - ok
09:12:34.0986 4628 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
09:12:34.0988 4628 swenum - ok
09:12:35.0043 4628 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
09:12:35.0052 4628 swprv - ok
09:12:35.0157 4628 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
09:12:35.0184 4628 SysMain - ok
09:12:35.0292 4628 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
09:12:35.0297 4628 TabletInputService - ok
09:12:35.0327 4628 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
09:12:35.0335 4628 TapiSrv - ok
09:12:35.0364 4628 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
09:12:35.0367 4628 TBS - ok
09:12:35.0563 4628 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
09:12:35.0587 4628 Tcpip - ok
09:12:35.0845 4628 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
09:12:35.0866 4628 TCPIP6 - ok
09:12:35.0988 4628 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
09:12:35.0990 4628 tcpipreg - ok
09:12:36.0016 4628 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
09:12:36.0018 4628 TDPIPE - ok
09:12:36.0059 4628 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
09:12:36.0061 4628 TDTCP - ok
09:12:36.0130 4628 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
09:12:36.0133 4628 tdx - ok
09:12:36.0171 4628 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
09:12:36.0174 4628 TermDD - ok
09:12:36.0234 4628 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
09:12:36.0247 4628 TermService - ok
09:12:36.0288 4628 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
09:12:36.0290 4628 Themes - ok
09:12:36.0309 4628 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
09:12:36.0311 4628 THREADORDER - ok
09:12:36.0330 4628 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
09:12:36.0333 4628 TrkWks - ok
09:12:36.0395 4628 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
09:12:36.0398 4628 TrustedInstaller - ok
09:12:36.0424 4628 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
09:12:36.0426 4628 tssecsrv - ok
09:12:36.0449 4628 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
09:12:36.0451 4628 TsUsbFlt - ok
09:12:36.0478 4628 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
09:12:36.0479 4628 TsUsbGD - ok
09:12:36.0523 4628 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
09:12:36.0527 4628 tunnel - ok
09:12:36.0542 4628 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
09:12:36.0544 4628 uagp35 - ok
09:12:36.0583 4628 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
09:12:36.0588 4628 udfs - ok
09:12:36.0628 4628 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
09:12:36.0631 4628 UI0Detect - ok
09:12:36.0678 4628 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
09:12:36.0680 4628 uliagpkx - ok
09:12:36.0716 4628 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
09:12:36.0718 4628 umbus - ok
09:12:36.0748 4628 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
09:12:36.0749 4628 UmPass - ok
09:12:36.0967 4628 UNS (cbdee152d73200ee49031a26310b9d3e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
09:12:36.0988 4628 UNS - ok
09:12:37.0109 4628 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
09:12:37.0116 4628 upnphost - ok
09:12:37.0162 4628 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
09:12:37.0165 4628 USBAAPL64 - ok
09:12:37.0199 4628 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
09:12:37.0201 4628 usbccgp - ok
09:12:37.0248 4628 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
09:12:37.0250 4628 usbcir - ok
09:12:37.0272 4628 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
09:12:37.0274 4628 usbehci - ok
09:12:37.0320 4628 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
09:12:37.0326 4628 usbhub - ok
09:12:37.0362 4628 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
09:12:37.0364 4628 usbohci - ok
09:12:37.0401 4628 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
09:12:37.0403 4628 usbprint - ok
09:12:37.0449 4628 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
09:12:37.0451 4628 USBSTOR - ok
09:12:37.0464 4628 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
09:12:37.0466 4628 usbuhci - ok
09:12:37.0516 4628 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
09:12:37.0520 4628 usbvideo - ok
09:12:37.0552 4628 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
09:12:37.0556 4628 UxSms - ok
09:12:37.0597 4628 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
09:12:37.0599 4628 VaultSvc - ok
09:12:37.0687 4628 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
09:12:37.0698 4628 vdrvroot - ok
09:12:37.0751 4628 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
09:12:37.0761 4628 vds - ok
09:12:37.0821 4628 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
09:12:37.0822 4628 vga - ok
09:12:37.0845 4628 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
09:12:37.0847 4628 VgaSave - ok
09:12:37.0879 4628 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
09:12:37.0883 4628 vhdmp - ok
09:12:37.0901 4628 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
09:12:37.0903 4628 viaide - ok
09:12:37.0929 4628 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
09:12:37.0930 4628 volmgr - ok
09:12:37.0967 4628 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
09:12:37.0971 4628 volmgrx - ok
09:12:37.0992 4628 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
09:12:37.0997 4628 volsnap - ok
09:12:38.0061 4628 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
09:12:38.0065 4628 vsmraid - ok
09:12:38.0162 4628 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
09:12:38.0185 4628 VSS - ok
09:12:38.0341 4628 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
09:12:38.0357 4628 vToolbarUpdater11.1.0 - ok
09:12:38.0468 4628 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
09:12:38.0470 4628 vwifibus - ok
09:12:38.0510 4628 vwififlt (13a0decd1794de60a8427862c8669d27) C:\windows\system32\DRIVERS\vwififlt.sys
09:12:38.0512 4628 vwififlt - ok
09:12:38.0562 4628 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
09:12:38.0568 4628 W32Time - ok
09:12:38.0593 4628 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
09:12:38.0595 4628 WacomPen - ok
09:12:38.0634 4628 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
09:12:38.0636 4628 WANARP - ok
09:12:38.0640 4628 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
09:12:38.0641 4628 Wanarpv6 - ok
09:12:38.0746 4628 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
09:12:38.0763 4628 WatAdminSvc - ok
09:12:38.0872 4628 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
09:12:38.0891 4628 wbengine - ok
09:12:39.0011 4628 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
09:12:39.0019 4628 WbioSrvc - ok
09:12:39.0055 4628 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
09:12:39.0064 4628 wcncsvc - ok
09:12:39.0086 4628 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
09:12:39.0090 4628 WcsPlugInService - ok
09:12:39.0153 4628 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
09:12:39.0154 4628 Wd - ok
09:12:39.0208 4628 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
09:12:39.0216 4628 Wdf01000 - ok
09:12:39.0247 4628 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
09:12:39.0250 4628 WdiServiceHost - ok
09:12:39.0254 4628 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
09:12:39.0256 4628 WdiSystemHost - ok
09:12:39.0286 4628 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
09:12:39.0291 4628 WebClient - ok
09:12:39.0314 4628 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
09:12:39.0320 4628 Wecsvc - ok
09:12:39.0337 4628 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
09:12:39.0340 4628 wercplsupport - ok
09:12:39.0370 4628 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
09:12:39.0373 4628 WerSvc - ok
09:12:39.0442 4628 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
09:12:39.0443 4628 WfpLwf - ok
09:12:39.0456 4628 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
09:12:39.0458 4628 WIMMount - ok
09:12:39.0467 4628 WinHttpAutoProxySvc - ok
09:12:39.0529 4628 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
09:12:39.0533 4628 Winmgmt - ok
09:12:39.0660 4628 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
09:12:39.0697 4628 WinRM - ok
09:12:39.0857 4628 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
09:12:39.0859 4628 WinUsb - ok
09:12:39.0932 4628 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
09:12:39.0945 4628 Wlansvc - ok
09:12:40.0037 4628 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:12:40.0040 4628 wlcrasvc - ok
09:12:40.0184 4628 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:12:40.0210 4628 wlidsvc - ok
09:12:40.0326 4628 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
09:12:40.0328 4628 WmiAcpi - ok
09:12:40.0384 4628 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
09:12:40.0389 4628 wmiApSrv - ok
09:12:40.0443 4628 WMPNetworkSvc - ok
09:12:40.0476 4628 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
09:12:40.0480 4628 WPCSvc - ok
09:12:40.0525 4628 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
09:12:40.0529 4628 WPDBusEnum - ok
09:12:40.0562 4628 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
09:12:40.0564 4628 ws2ifsl - ok
09:12:40.0568 4628 WSearch - ok
09:12:40.0757 4628 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
09:12:40.0787 4628 wuauserv - ok
09:12:40.0895 4628 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
09:12:40.0897 4628 WudfPf - ok
09:12:40.0920 4628 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
09:12:40.0924 4628 wudfsvc - ok
09:12:40.0967 4628 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
09:12:40.0974 4628 WwanSvc - ok
09:12:41.0031 4628 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
09:12:41.0328 4628 \Device\Harddisk0\DR0 - ok
09:12:41.0333 4628 Boot (0x1200) (ab4001d07157513dfb7671c74995a052) \Device\Harddisk0\DR0\Partition0
09:12:41.0335 4628 \Device\Harddisk0\DR0\Partition0 - ok
09:12:41.0350 4628 Boot (0x1200) (bc5b0c084f42cfaf29bb9173d06d0b07) \Device\Harddisk0\DR0\Partition1
09:12:41.0352 4628 \Device\Harddisk0\DR0\Partition1 - ok
09:12:41.0376 4628 Boot (0x1200) (58518ad16c5140a943186fc891180378) \Device\Harddisk0\DR0\Partition2
09:12:41.0379 4628 \Device\Harddisk0\DR0\Partition2 - ok
09:12:41.0379 4628 ============================================================
09:12:41.0380 4628 Scan finished
09:12:41.0380 4628 ============================================================
09:12:41.0396 6004 Detected object count: 0
09:12:41.0396 6004 Actual detected object count: 0


Thanks

Last night I also ran a scan using the Malwarebytes programme, which found 4 threats, and I ran resolve.

No music this morning, but still getting redirected by webserver and not being allowed onto facebook/gmail. Not had any notifications of Trojan yet either.

Thanks
Attached Files
File Type: zip MBR.zip (537 Bytes, 16 views)
prnapper is offline  
Old 06-22-2012, 02:43 AM   #5
Registered Member
 
Join Date: Aug 2008
Posts: 34
OS: winxp



Ok, just got notification from AVG that Trojan detected.
prnapper is offline  
Old 06-22-2012, 02:47 AM   #6
Registered Member
 
Join Date: Aug 2008
Posts: 34
OS: winxp



OK, something else - not having signature issues on Firefox, only Chrome.

I've uninstalled and reinstalled Chrome to no effect.
prnapper is offline  
Old 06-22-2012, 02:50 AM   #7
Registered Member
 
Join Date: Aug 2008
Posts: 34
OS: winxp



Oh, and the sounds are still going on Ive realised - like somekind of radio or ad always on and eating up my download allowance!
prnapper is offline  
Old 06-22-2012, 12:52 PM   #8
Security Team
Trainee IV
 
Join Date: Sep 2010
Location: The eurozone.....eeek!
Posts: 535
OS: xp



Hi,

Could you post the Malwarebytes log that removed the items, it should be located at:
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd

  1. Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop

  2. Disable your AntiVirus and AntiSpyware applications. They may otherwise interfere with ComboFix.

    How to disable your security applications

  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine once or twice. This is normal.
  5. When finished, it shall produce a log for you. Please be patient as it may take a while. Post that log in your next reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please reboot your machine.

    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
woosh is offline  
Old 06-22-2012, 02:33 PM   #9
Registered Member
 
Join Date: Aug 2008
Posts: 34
OS: winxp



Malware log


Malwarebytes Anti-Malware 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: v2012.06.21.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
prnapper :: PRNAPPER-PC [administrator]

21/06/2012 16:59:00
mbam-log-2012-06-21 (16-59-00).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 372585
Time elapsed: 1 hour(s), 59 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\TheBflix (PUP.BFlix) -> Quarantined and deleted successfully.

Files Detected: 8
C:\ProgramData\TheBflix\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
C:\Users\prnapper\Downloads\DownloadSetup (1).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\prnapper\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Installer\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94}\U\[email protected] (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\ajhcekcffkpnaednoeoegnmnjdlnjjmg.crx (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> Quarantined and deleted successfully.

(end)

Combofix log


ComboFix 12-06-21.03 - prnapper 22/06/2012 21:10:07.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2933.1698 [GMT 1:00]
Running from: c:\users\prnapper\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\prnapper\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-22 20:19 . 2012-06-22 20:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-21 19:17 . 2012-06-21 19:17 -------- d-----w- c:\users\prnapper\AppData\Roaming\Tific
2012-06-21 19:17 . 2012-06-21 19:17 -------- d-----w- c:\users\prnapper\AppData\Local\Symantec
2012-06-21 15:58 . 2012-06-21 15:58 -------- d-----w- c:\users\prnapper\AppData\Roaming\Malwarebytes
2012-06-21 15:57 . 2012-06-21 15:57 -------- d-----w- c:\programdata\Malwarebytes
2012-06-21 15:57 . 2012-06-21 15:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-21 15:57 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-21 09:46 . 2012-06-21 09:46 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-21 09:36 . 2012-06-21 10:24 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-21 08:06 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 08:06 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 08:06 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 08:06 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 08:06 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 08:06 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 08:06 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 08:05 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 08:05 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-16 17:02 . 2012-06-16 17:02 0 ----a-w- c:\windows\SysWow64\shoE71B.tmp
2012-06-13 17:35 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 17:34 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 17:34 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 17:34 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 08:12 . 2012-06-13 08:12 -------- d-----w- c:\users\prnapper\AppData\Local\AVG Secure Search
2012-05-30 15:12 . 2012-05-30 15:30 -------- d-----w- C:\StealthBastard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 10:24 . 2011-11-20 22:26 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 03:50 . 2012-04-19 03:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-09 22:20 . 2012-04-09 22:20 0 ----a-w- c:\windows\SysWow64\shoCD94.tmp
2012-04-05 16:30 . 2011-08-19 14:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-30 11:35 . 2012-05-09 08:07 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-12 08:49 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-01-20 1242448]
"Facebook Update"="c:\users\prnapper\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-12-28 137536]
"Optimizer Pro"="c:\program files (x86)\Optimizer Pro\OptProLauncher.exe" [2012-01-02 81912]
"Spotify Web Helper"="c:\users\prnapper\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-27 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl10"="c:\program files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" [2010-09-20 87336]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-12 1104440]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\prnapper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-22 1133856]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 257696]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-17 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys [2012-03-11 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-03-11 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-03-11 61712]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-03-11 931640]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 935480]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 10:24]
.
2012-06-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3624254568-3056061795-1300024035-1001Core.job
- c:\users\prnapper\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-28 19:31]
.
2012-06-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3624254568-3056061795-1300024035-1001UA.job
- c:\users\prnapper\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-28 19:31]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 14:29]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 14:29]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3624254568-3056061795-1300024035-1001Core.job
- c:\users\prnapper\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-21 15:51]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3624254568-3056061795-1300024035-1001UA.job
- c:\users\prnapper\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-21 15:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-29 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN112996368568762-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=4e27fe04000000000000b4749fd7b042
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\prnapper\AppData\Roaming\Mozilla\Firefox\Profiles\kzw87idh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN112996368568762-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=4e27fe04000000000000b4749fd7b042
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B00942def-bbde-4d86-929f-93b4f1a88227%7D&mid=773fdfd4ffd847d19821653dd93359b1-b39b7022330731295b0043d1437350097fdce96a&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2011-10-12%2018%3A41%3A24&sap=ku&q=
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm_i.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN112996368568762-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=4e27fe04000000000000b4749fd7b042
FF - user.js: extensions.zonealarm_i.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN112996368568762-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=4e27fe04000000000000b4749fd7b042&q={searchTerms}
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN112996368568762-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=4e27fe04000000000000b4749fd7b042
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN112996368568762-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=4e27fe04000000000000b4749fd7b042&q=
FF - user.js: extensions.zonealarm.id - 4e27fe04000000000000b4749fd7b042
FF - user.js: extensions.zonealarm.instlDay - 15473
FF - user.js: extensions.zonealarm.vrsn - 1.5.20.3
FF - user.js: extensions.zonealarm.vrsni - 1.5.20.3
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.20.323:10
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1600
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN112996368568762-1600
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
.
**************************************************************************
.
Completion time: 2012-06-22 21:26:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-22 20:26
.
Pre-Run: 40,626,454,528 bytes free
Post-Run: 40,270,557,184 bytes free
.
- - End Of File - - FE1EA176CCFF72BDBF3A6F24FAFC1E32

Thanks
prnapper is offline  
Old 06-22-2012, 05:53 PM   #10
Security Team
Trainee IV
 
Join Date: Sep 2010
Location: The eurozone.....eeek!
Posts: 535
OS: xp



Thanks for the logs, how is the computer running now? Any more audio issues?



Since you have Malwarebytes installed,
  • Open Malwarebytes' Anti-Malware, then check for updates before proceeding.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • Please post contents of that file in your next reply and let me know if things are still OK.



Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish, then click 'Finish'.
  • Use Notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Copy/paste that log as a reply to this topic.
woosh is offline  
Old 06-23-2012, 04:25 AM   #11
Registered Member
 
Join Date: Aug 2008
Posts: 34
OS: winxp



Websites working now - certificates are OK.
However, still got bit of an audio problem - randomly playing radio, or ads. Most of the time it doesn't though. Will give it 24 hours.

Malware found nothing - here's the log

Malwarebytes Anti-Malware 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: v2012.06.21.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
prnapper :: PRNAPPER-PC [administrator]

23/06/2012 10:28:11
mbam-log-2012-06-23 (10-28-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211732
Time elapsed: 6 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Still running other scanner.
prnapper is offline  
Old 06-23-2012, 01:32 PM   #12
Registered Member
 
Join Date: Aug 2008
Posts: 34
OS: winxp



I did the ESET scan, it said it found 3 infected files. But I can't find the log - it's not in the C drive.
prnapper is offline  
Old 06-23-2012, 03:50 PM   #13
Security Team
Trainee IV
 
Join Date: Sep 2010
Location: The eurozone.....eeek!
Posts: 535
OS: xp



Hi,

If you still have 'ESET Online Scanner' open you can save the log from the scan interface:

*When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
*Save that text file on your desktop, and then attach it to a reply for me.


If you have closed it down, I would be grateful if you could run ESET again as it's important I see what it found. Please use the following instuctions if you have to run it again:



Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.

============================

I also would like to see a different report that ComboFix made earlier.

Please go to Start > Run and copy/paste the following, then press Enter:

C:\QooBox\ComboFix-quarantined-files.txt

Post the contents of the logfile which will open.
woosh is offline  
Old 06-24-2012, 01:44 PM   #14
Registered Member
 
Join Date: Aug 2008
Posts: 34
OS: winxp



Results from ESET


C:\Qoobox\Quarantine\C\Windows\Installer\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94}\U\[email protected] Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94}\U\[email protected] Win64/Sirefef.AE trojan
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan
prnapper is offline  
Old 06-24-2012, 05:50 PM   #15
Security Team
Trainee IV
 
Join Date: Sep 2010
Location: The eurozone.....eeek!
Posts: 535
OS: xp



Quote:
I also would like to see a different report that ComboFix made earlier.

Please go to Start > Run and copy/paste the following, then press Enter:

C:\QooBox\ComboFix-quarantined-files.txt

Post the contents of the logfile which will open.
Did you miss this from my last post? I would still like to see the contents of that file.


Are you still hearing the audio that you mentioned earlier?



For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
woosh is offline  
Old 06-25-2012, 02:01 AM   #16
Registered Member
 
Join Date: Aug 2008
Posts: 34
OS: winxp



No random audio now.

Sorry missed the other instruction:


2012-06-22 20:26:07 . 2012-06-22 20:26:07 1,380 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Adobe Shockwave Player.reg.dat
2012-06-22 20:25:57 . 2012-06-22 20:25:57 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-ETDCtrl.reg.dat
2012-06-22 20:25:56 . 2012-06-22 20:25:56 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2012-06-22 20:25:56 . 2012-06-22 20:25:56 78 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-10.reg.dat
2012-06-22 20:25:56 . 2012-06-22 20:25:56 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2012-06-22 20:25:38 . 2012-06-22 20:25:38 139 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-10.reg.dat
2012-06-22 20:25:38 . 2012-06-22 20:25:38 144 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2012-06-22 20:25:38 . 2012-06-22 20:25:38 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
2012-06-22 20:25:35 . 2012-06-22 20:25:36 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-URLSearchHooks-{91da5e8a-3318-4f8c-b67e-5964de3ab546}.reg.dat
2012-06-22 20:25:35 . 2012-06-22 20:25:35 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C}.reg.dat
2012-06-22 20:16:12 . 2012-06-22 20:16:12 8,782 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-06-22 19:58:38 . 2012-06-22 20:09:06 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-06-22 11:30:59 . 2012-06-22 11:30:59 74 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94}\L\55490ac4.vir
2012-06-21 19:14:54 . 2012-06-21 19:14:54 232,960 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94}\U\[email protected]
2012-06-21 09:55:12 . 2012-06-22 19:10:56 178 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94}\L\201d3dde.vir
2012-06-21 09:46:39 . 2012-06-21 09:46:39 63 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94}\L\1afb2d56.vir
2012-06-21 09:36:22 . 2012-06-22 19:45:38 804 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94}\L\[email protected]
2012-06-21 09:36:22 . 2012-06-22 10:56:08 88,064 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94}\U\[email protected]
2012-06-21 09:36:22 . 2012-06-22 10:56:09 81,408 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94}\U\[email protected]
2012-06-21 09:36:22 . 2012-06-21 09:36:22 16,896 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94}\U\[email protected]
2012-06-21 09:36:21 . 2012-06-21 11:45:42 1,632 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94}\U\[email protected]
2012-06-21 09:36:21 . 2012-06-21 09:36:21 2,048 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94}\U\[email protected]
2012-02-01 1749 . 2012-04-11 16:30:58 60,304 ----a-w- C:\Qoobox\Quarantine\C\Users\prnapper\g2mdlhlpx.exe.vir
2012-01-11 19:57:26 . 2011-11-17 06:41:18 2,048 ----a-w- C:\Qoobox\Quarantine\C\Windows\Installer\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94}\@.vir
2009-07-13 23:19:46 . 2009-07-14 01:39:37 328,704 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir


do you still want me to run the other programme?
prnapper is offline  
Old 06-25-2012, 02:35 AM   #17
Registered Member
 
Join Date: Aug 2008
Posts: 34
OS: winxp



FRST text log

Scan result of Farbar Recovery Scan Tool Version: 24-06-2012
Ran by SYSTEM at 25-06-2012 09:27:35
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [161304 2010-11-29] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [386584 2010-11-29] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [415256 2010-11-29] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2581384 2010-08-30] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" [87336 2010-09-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-11-01] (CyberLink)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-05-31] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1104440 2012-06-12] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKLM-x32\...\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [928096 2012-01-19] ()
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\prnapper\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2012-01-20] (Valve Corporation)
HKU\prnapper\...\Run: [Facebook Update] "C:\Users\prnapper\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2011-12-28] (Facebook Inc.)
HKU\prnapper\...\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [81912 2012-01-02] (PC Utilities Pro)
HKU\prnapper\...\Run: [Spotify Web Helper] "C:\Users\prnapper\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-05-27] ()
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\prnapper\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) ======

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5106744 2012-04-30] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
3 GameConsoleService; "C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe" [246520 2010-06-03] (WildTangent, Inc.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-05-31] (Symantec Corporation)
2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [931640 2012-03-11] (Trusteer Ltd.)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [244904 2009-11-30] ()
2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation)
3 Samsung UPD Service; "C:\windows\System32\SUPDSvc.exe" [166704 2010-08-09] (Samsung Electronics CO., LTD.)
2 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-13] (Microsoft Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2533400 2010-07-01] (Intel Corporation)
2 vToolbarUpdater11.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [935480 2012-06-12] ()
3 WinHttpAutoProxySvc; winhttp.dll [444416 2010-11-20] (Microsoft Corporation)
3 WinHttpAutoProxySvc; winhttp.dll [351232 2010-11-20] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-21] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-18] (AVG Technologies CZ, s.r.o.)
3 clwvd; C:\Windows\System32\Drivers\clwvd.sys [31088 2010-11-09] (CyberLink Corporation)
1 RapportCerberus_34302; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys [397520 2012-03-11] ()
1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55056 2012-03-11] (Trusteer Ltd.)
0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [63760 2012-03-11] (Trusteer Ltd.)
1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [61712 2012-03-11] (Trusteer Ltd.)
3 rtport; C:\Windows\SysWow64\Drivers\rtport.sys [15144 2011-07-19] (Windows (R) 2003 DDK 3790 provider)
1 SABI; C:\Windows\System32\Drivers\SABI.sys [13824 2010-10-06] (SAMSUNG ELECTRONICS)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-25 00:02 - 2012-06-25 00:02 - 01425489 ____A C:\Users\prnapper\Downloads\FRST64 (1).exe
2012-06-25 00:02 - 2012-06-25 00:02 - 01425489 ____A C:\Users\prnapper\Desktop\FRST64.exe
2012-06-24 11:42 - 2012-06-24 11:42 - 00000327 ____A C:\Users\prnapper\Desktop\eset.txt
2012-06-24 02:55 - 2012-06-24 02:55 - 02322184 ____A (ESET) C:\Users\prnapper\Downloads\esetsmartinstaller_enu (2).exe
2012-06-23 09:33 - 2012-06-23 09:33 - 02322184 ____A (ESET) C:\Users\prnapper\Downloads\esetsmartinstaller_enu (1).exe
2012-06-23 01:43 - 2012-06-23 01:43 - 02322184 ____A (ESET) C:\Users\prnapper\Downloads\esetsmartinstaller_enu.exe
2012-06-23 01:43 - 2012-06-23 01:43 - 00000000 ____D C:\Program Files (x86)\ESET
2012-06-22 12:27 - 2012-06-22 12:27 - 00022247 ____A C:\Users\prnapper\Desktop\combo.txt
2012-06-22 12:26 - 2012-06-22 12:26 - 00022247 ____A C:\ComboFix.txt
2012-06-22 11:58 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-22 11:58 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-22 11:58 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-22 11:58 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-22 11:58 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-22 11:58 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-22 11:58 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-22 11:58 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-22 11:50 - 2012-06-22 11:51 - 04563905 ____A (Swearware) C:\Users\prnapper\Downloads\ComboFix (1).exe
2012-06-22 11:42 - 2012-06-22 11:42 - 00013368 ____A C:\Users\prnapper\Desktop\ComboFix - Shortcut.lnk
2012-06-22 11:41 - 2012-06-22 12:27 - 00000000 ____D C:\Qoobox
2012-06-22 11:41 - 2012-06-22 12:25 - 00000000 ____D C:\Windows\erdnt
2012-06-22 11:40 - 2012-06-22 11:40 - 04565264 ____R (Swearware) C:\Users\prnapper\Downloads\ComboFix.exe
2012-06-22 00:11 - 2012-06-22 00:12 - 02128472 ____A (Kaspersky Lab ZAO) C:\Users\prnapper\Downloads\tdsskiller.exe
2012-06-22 00:10 - 2012-06-22 00:10 - 00000537 ____A C:\Users\prnapper\Desktop\MBR.zip
2012-06-22 00:09 - 2012-06-22 00:09 - 00001787 ____A C:\Users\prnapper\Desktop\aswMBR.txt
2012-06-22 00:09 - 2012-06-22 00:09 - 00000512 ____A C:\Users\prnapper\Desktop\MBR.dat
2012-06-22 00:08 - 2012-06-22 00:08 - 04731392 ____A (AVAST Software) C:\Users\prnapper\Downloads\aswMBR.exe
2012-06-21 23:59 - 2012-06-21 23:59 - 00920096 ____A C:\Users\prnapper\Downloads\Norton_Removal_Tool.exe
2012-06-21 11:17 - 2012-06-21 11:17 - 00000000 ____D C:\Users\prnapper\AppData\Roaming\Tific
2012-06-21 11:17 - 2012-06-21 11:17 - 00000000 ____D C:\Users\prnapper\AppData\Local\Symantec
2012-06-21 11:13 - 2012-06-25 00:21 - 00001746 ____A C:\Windows\setupact.log
2012-06-21 11:13 - 2012-06-22 12:20 - 00228202 ____A C:\Windows\PFRO.log
2012-06-21 11:13 - 2012-06-21 11:13 - 00000000 ____A C:\Windows\setuperr.log
2012-06-21 07:58 - 2012-06-21 07:58 - 00000000 ____D C:\Users\prnapper\AppData\Roaming\Malwarebytes
2012-06-21 07:57 - 2012-06-21 07:57 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-21 07:57 - 2012-06-21 07:57 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-21 07:57 - 2012-06-21 07:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-21 07:57 - 2012-04-04 06:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-21 07:56 - 2012-06-21 07:57 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\prnapper\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-21 07:51 - 2012-06-24 23:56 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3624254568-3056061795-1300024035-1001UA.job
2012-06-21 07:51 - 2012-06-24 07:56 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3624254568-3056061795-1300024035-1001Core.job
2012-06-21 07:42 - 2012-06-21 07:43 - 00739848 ____A (Google Inc.) C:\Users\prnapper\Downloads\ChromeSetup(1).exe
2012-06-21 03:00 - 2012-06-21 03:00 - 00002973 ____A C:\Users\prnapper\Desktop\Attach.zip
2012-06-21 02:47 - 2012-06-21 02:47 - 00007310 ____A C:\Users\prnapper\Desktop\Attach.txt
2012-06-21 02:46 - 2012-06-21 02:46 - 00030500 ____A C:\Users\prnapper\Desktop\DDS.txt
2012-06-21 02:41 - 2012-06-21 02:41 - 00607260 ____R (Swearware) C:\Users\prnapper\Downloads\dds.com
2012-06-21 02:01 - 2012-06-21 02:01 - 00070670 ____A C:\Users\prnapper\Documents\cc_20120621_110116.reg
2012-06-21 01:56 - 2012-06-21 01:56 - 03862112 ____A (Piriform Ltd) C:\Users\prnapper\Downloads\ccsetup319.exe
2012-06-21 01:46 - 2012-06-21 01:46 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-21 01:36 - 2012-06-24 12:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-21 01:36 - 2012-06-23 09:24 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-21 00:06 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 00:06 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 00:06 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 00:06 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 00:06 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 00:06 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 00:06 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 00:05 - 2012-06-02 06:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 00:05 - 2012-06-02 06:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 03:20 - 2012-06-20 05:48 - 00011589 ____A C:\Users\prnapper\Desktop\Cypin leads.xlsx
2012-06-16 09:02 - 2012-06-16 09:02 - 00000000 ____A C:\Windows\SysWOW64\shoE71B.tmp
2012-06-15 01:58 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-15 01:58 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-15 01:58 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-15 01:58 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-15 01:58 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-15 01:58 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-15 01:58 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-15 01:58 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-15 01:58 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-15 01:58 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-15 01:58 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-15 01:58 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-15 01:58 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-15 01:58 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-15 01:58 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-15 01:58 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-15 01:58 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-15 01:58 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-15 01:58 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-15 01:58 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-15 01:58 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-15 01:58 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-15 01:58 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-15 01:58 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-15 01:58 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-15 01:58 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-15 01:58 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-15 01:58 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 09:35 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 09:35 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 09:35 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 09:35 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 09:35 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 09:35 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 09:35 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 09:35 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 09:35 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 09:35 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 09:35 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 09:35 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 09:35 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 09:35 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 09:34 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 09:34 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 09:34 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-13 00:37 - 2012-06-13 00:37 - 01795576 ____A C:\Users\prnapper\Downloads\mcelorybb.wmv
2012-06-13 00:35 - 2012-06-13 00:35 - 06179312 ____A C:\Users\prnapper\Downloads\tourbb.wmv
2012-06-13 00:12 - 2012-06-13 00:12 - 00000000 ____D C:\Users\prnapper\AppData\Local\AVG Secure Search
2012-06-08 03:09 - 2012-06-08 03:09 - 00982808 ____A C:\Users\prnapper\Downloads\TB15_R&D in China_e (1).rtf
2012-05-30 07:12 - 2012-05-30 07:30 - 00000000 ____D C:\StealthBastard
2012-05-30 07:11 - 2012-05-30 07:11 - 20652432 ____A C:\Users\prnapper\Downloads\StealthBastard-1.09.exe


============ 3 Months Modified Files and Folders =============

2012-06-25 09:27 - 2012-06-25 09:27 - 00000000 ____D C:\FRST
2012-06-25 00:23 - 2011-09-26 01:36 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-25 00:21 - 2012-06-21 11:13 - 00001746 ____A C:\Windows\setupact.log
2012-06-25 00:21 - 2011-12-24 06:29 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-25 00:21 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-25 00:13 - 2011-04-12 15:10 - 01352405 ____A C:\Windows\WindowsUpdate.log
2012-06-25 00:08 - 2009-07-13 21:13 - 00727182 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-25 00:02 - 2012-06-25 00:02 - 01425489 ____A C:\Users\prnapper\Downloads\FRST64 (1).exe
2012-06-25 00:02 - 2012-06-25 00:02 - 01425489 ____A C:\Users\prnapper\Desktop\FRST64.exe
2012-06-25 00:00 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-25 00:00 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-24 23:56 - 2012-06-21 07:51 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3624254568-3056061795-1300024035-1001UA.job
2012-06-24 12:24 - 2012-06-21 01:36 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-24 12:19 - 2011-12-24 06:29 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-24 11:43 - 2011-08-18 10:44 - 00000000 ____D C:\Users\All Users\MFAData
2012-06-24 11:42 - 2012-06-24 11:42 - 00000327 ____A C:\Users\prnapper\Desktop\eset.txt
2012-06-24 11:41 - 2011-08-18 10:52 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-06-24 10:36 - 2011-12-28 11:31 - 00000940 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3624254568-3056061795-1300024035-1001UA.job
2012-06-24 10:36 - 2011-12-28 11:31 - 00000918 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3624254568-3056061795-1300024035-1001Core.job
2012-06-24 07:56 - 2012-06-21 07:51 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3624254568-3056061795-1300024035-1001Core.job
2012-06-24 02:55 - 2012-06-24 02:55 - 02322184 ____A (ESET) C:\Users\prnapper\Downloads\esetsmartinstaller_enu (2).exe
2012-06-23 09:33 - 2012-06-23 09:33 - 02322184 ____A (ESET) C:\Users\prnapper\Downloads\esetsmartinstaller_enu (1).exe
2012-06-23 09:24 - 2012-06-21 01:36 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-23 09:24 - 2011-11-20 14:26 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-23 09:01 - 2011-08-18 09:20 - 00068784 ____A C:\Users\prnapper\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-23 02:30 - 2011-08-18 10:40 - 00000000 ____D C:\Users\prnapper\AppData\Roaming\SoftGrid Client
2012-06-23 01:43 - 2012-06-23 01:43 - 02322184 ____A (ESET) C:\Users\prnapper\Downloads\esetsmartinstaller_enu.exe
2012-06-23 01:43 - 2012-06-23 01:43 - 00000000 ____D C:\Program Files (x86)\ESET
2012-06-22 12:27 - 2012-06-22 12:27 - 00022247 ____A C:\Users\prnapper\Desktop\combo.txt
2012-06-22 12:27 - 2012-06-22 11:41 - 00000000 ____D C:\Qoobox
2012-06-22 12:26 - 2012-06-22 12:26 - 00022247 ____A C:\ComboFix.txt
2012-06-22 12:25 - 2012-06-22 11:41 - 00000000 ____D C:\Windows\erdnt
2012-06-22 12:20 - 2012-06-21 11:13 - 00228202 ____A C:\Windows\PFRO.log
2012-06-22 12:20 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-06-22 12:18 - 2011-08-18 09:19 - 00000000 ____D C:\users\prnapper
2012-06-22 11:51 - 2012-06-22 11:50 - 04563905 ____A (Swearware) C:\Users\prnapper\Downloads\ComboFix (1).exe
2012-06-22 11:42 - 2012-06-22 11:42 - 00013368 ____A C:\Users\prnapper\Desktop\ComboFix - Shortcut.lnk
2012-06-22 11:40 - 2012-06-22 11:40 - 04565264 ____R (Swearware) C:\Users\prnapper\Downloads\ComboFix.exe
2012-06-22 11:38 - 2012-01-11 11:57 - 00000000 __SHD C:\Users\prnapper\AppData\Local\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94}
2012-06-22 04:06 - 2011-08-28 07:51 - 00000000 ____D C:\Users\prnapper\AppData\Local\CrashDumps
2012-06-22 00:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-06-22 00:12 - 2012-06-22 00:11 - 02128472 ____A (Kaspersky Lab ZAO) C:\Users\prnapper\Downloads\tdsskiller.exe
2012-06-22 00:10 - 2012-06-22 00:10 - 00000537 ____A C:\Users\prnapper\Desktop\MBR.zip
2012-06-22 00:09 - 2012-06-22 00:09 - 00001787 ____A C:\Users\prnapper\Desktop\aswMBR.txt
2012-06-22 00:09 - 2012-06-22 00:09 - 00000512 ____A C:\Users\prnapper\Desktop\MBR.dat
2012-06-22 00:08 - 2012-06-22 00:08 - 04731392 ____A (AVAST Software) C:\Users\prnapper\Downloads\aswMBR.exe
2012-06-21 23:59 - 2012-06-21 23:59 - 00920096 ____A C:\Users\prnapper\Downloads\Norton_Removal_Tool.exe
2012-06-21 23:55 - 2011-04-11 23:42 - 00000000 ____D C:\Users\All Users\Norton
2012-06-21 11:17 - 2012-06-21 11:17 - 00000000 ____D C:\Users\prnapper\AppData\Roaming\Tific
2012-06-21 11:17 - 2012-06-21 11:17 - 00000000 ____D C:\Users\prnapper\AppData\Local\Symantec
2012-06-21 11:13 - 2012-06-21 11:13 - 00000000 ____A C:\Windows\setuperr.log
2012-06-21 07:58 - 2012-06-21 07:58 - 00000000 ____D C:\Users\prnapper\AppData\Roaming\Malwarebytes
2012-06-21 07:57 - 2012-06-21 07:57 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-21 07:57 - 2012-06-21 07:57 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-21 07:57 - 2012-06-21 07:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-21 07:57 - 2012-06-21 07:56 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\prnapper\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-21 07:52 - 2011-08-18 10:14 - 00000000 ____D C:\Users\prnapper\AppData\Local\Google
2012-06-21 07:43 - 2012-06-21 07:42 - 00739848 ____A (Google Inc.) C:\Users\prnapper\Downloads\ChromeSetup(1).exe
2012-06-21 03:00 - 2012-06-21 03:00 - 00002973 ____A C:\Users\prnapper\Desktop\Attach.zip
2012-06-21 02:47 - 2012-06-21 02:47 - 00007310 ____A C:\Users\prnapper\Desktop\Attach.txt
2012-06-21 02:46 - 2012-06-21 02:46 - 00030500 ____A C:\Users\prnapper\Desktop\DDS.txt
2012-06-21 02:41 - 2012-06-21 02:41 - 00607260 ____R (Swearware) C:\Users\prnapper\Downloads\dds.com
2012-06-21 02:02 - 2011-04-11 23:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-21 02:01 - 2012-06-21 02:01 - 00070670 ____A C:\Users\prnapper\Documents\cc_20120621_110116.reg
2012-06-21 01:58 - 2012-02-20 22:48 - 00000000 ____D C:\Windows\Minidump
2012-06-21 01:56 - 2012-06-21 01:56 - 03862112 ____A (Piriform Ltd) C:\Users\prnapper\Downloads\ccsetup319.exe
2012-06-21 01:56 - 2011-11-12 09:21 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-06-21 01:56 - 2011-11-12 09:21 - 00000000 ____D C:\Program Files\CCleaner
2012-06-21 01:46 - 2012-06-21 01:46 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-21 01:09 - 2011-12-05 09:41 - 00000000 ____D C:\Users\prnapper\AppData\Roaming\Spotify
2012-06-20 23:54 - 2011-12-05 09:41 - 00000000 ____D C:\Users\prnapper\AppData\Local\Spotify
2012-06-20 05:48 - 2012-06-20 03:20 - 00011589 ____A C:\Users\prnapper\Desktop\Cypin leads.xlsx
2012-06-19 08:34 - 2011-10-27 06:03 - 00000000 ____D C:\Users\prnapper\Desktop\Amaze Events Administration
2012-06-19 08:32 - 2012-04-26 06:57 - 00000000 ____D C:\Users\prnapper\Desktop\For stick
2012-06-19 08:32 - 2012-02-14 09:59 - 00000000 ____D C:\Users\prnapper\Desktop\Existing Clients
2012-06-19 08:32 - 2012-02-14 09:46 - 00000000 ____D C:\Users\prnapper\Desktop\Bits and Bobs
2012-06-19 08:30 - 2012-02-14 10:00 - 00000000 ____D C:\Users\prnapper\Desktop\Past Clients
2012-06-19 08:30 - 2012-02-14 09:59 - 00000000 ____D C:\Users\prnapper\Desktop\New clients
2012-06-16 09:02 - 2012-06-16 09:02 - 00000000 ____A C:\Windows\SysWOW64\shoE71B.tmp
2012-06-14 03:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-13 23:53 - 2009-07-13 20:45 - 00302824 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 12:56 - 2011-09-06 04:39 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-13 00:37 - 2012-06-13 00:37 - 01795576 ____A C:\Users\prnapper\Downloads\mcelorybb.wmv
2012-06-13 00:35 - 2012-06-13 00:35 - 06179312 ____A C:\Users\prnapper\Downloads\tourbb.wmv
2012-06-13 00:12 - 2012-06-13 00:12 - 00000000 ____D C:\Users\prnapper\AppData\Local\AVG Secure Search
2012-06-12 00:50 - 2011-12-19 11:54 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-06-12 00:50 - 2011-10-12 09:41 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-06-08 03:09 - 2012-06-08 03:09 - 00982808 ____A C:\Users\prnapper\Downloads\TB15_R&D in China_e (1).rtf
2012-06-02 14:19 - 2012-06-21 00:06 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 00:06 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 00:06 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 00:06 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 00:06 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 00:06 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 00:06 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-21 00:05 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-06-21 00:05 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-30 07:30 - 2012-05-30 07:12 - 00000000 ____D C:\StealthBastard
2012-05-30 07:11 - 2012-05-30 07:11 - 20652432 ____A C:\Users\prnapper\Downloads\StealthBastard-1.09.exe
2012-05-29 00:33 - 2011-11-07 01:05 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-05-25 07:18 - 2012-03-12 04:41 - 00002682 ____A C:\Users\prnapper\Desktop\WorldPay - Login.lnk
2012-05-21 07:22 - 2012-05-21 07:20 - 00929792 ____A C:\Users\prnapper\Downloads\11001attjt-final.xls
2012-05-17 18:47 - 2012-06-15 01:58 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-15 01:58 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-15 01:58 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-15 01:58 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-15 01:58 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-15 01:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-15 01:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-15 01:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-15 01:58 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-15 01:58 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-15 01:58 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-15 01:58 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-15 01:58 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-15 01:58 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-15 01:58 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-15 01:58 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-15 01:58 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-15 01:58 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-15 01:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-15 01:58 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-15 01:58 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-15 01:58 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-15 01:58 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-15 01:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-15 01:58 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-15 01:58 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-15 01:58 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-15 01:58 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-16 23:48 - 2012-05-16 23:48 - 00000000 ____D C:\Users\All Users\Mozilla
2012-05-16 23:48 - 2012-05-16 23:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-16 23:48 - 2011-10-23 13:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-16 22:36 - 2012-05-16 22:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-16 22:36 - 2012-05-16 22:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-16 10:34 - 2012-05-16 10:34 - 00516136 ____A (Bandoo Media Inc) C:\Users\prnapper\Downloads\iLividSetupV1 (2).exe
2012-05-16 10:33 - 2012-05-16 10:33 - 00516136 ____A (Bandoo Media Inc) C:\Users\prnapper\Downloads\iLividSetupV1 (1).exe
2012-05-16 05:37 - 2012-05-16 05:37 - 00982808 ____A C:\Users\prnapper\Downloads\TB15_R&D in China_e.rtf
2012-05-16 00:32 - 2011-10-24 11:01 - 00000000 ____D C:\$AVG
2012-05-14 17:32 - 2012-06-13 09:35 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-13 14:10 - 2012-05-13 14:10 - 04586776 ____A (Check Point Software Technologies LTD) C:\Users\prnapper\Downloads\zaSetupWeb_101_101_000_en (1).exe
2012-05-13 14:10 - 2012-05-13 14:10 - 00000126 ____A C:\user.js
2012-05-13 14:10 - 2011-12-11 23:07 - 00000000 ____D C:\Users\prnapper\AppData\Roaming\CheckPoint
2012-05-13 14:07 - 2012-05-13 14:07 - 04586776 ____A (Check Point Software Technologies LTD) C:\Users\prnapper\Downloads\zaSetupWeb_101_101_000_en.exe
2012-05-09 23:52 - 2011-04-12 14:43 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-08 07:11 - 2012-05-08 07:11 - 00020246 ____A C:\Users\prnapper\Downloads\Sponsor Pipeline (2).xlsx
2012-05-04 11:25 - 2012-05-04 11:25 - 00000000 ____D C:\Users\prnapper\AppData\Local\{CA8E29EB-56CA-4C67-86C4-212F1BB5830E}
2012-05-04 11:24 - 2012-05-04 11:24 - 00000000 ____D C:\Users\prnapper\AppData\Local\{B1ABC7DB-FA2C-420C-A024-E5CCFE63CF1D}
2012-05-04 11:24 - 2012-05-04 11:24 - 00000000 ____D C:\Users\prnapper\AppData\Local\{1FD42FE5-C7B0-4B1A-ABA8-8A06FE9D064E}
2012-05-04 11:23 - 2012-01-27 11:21 - 00000000 ____D C:\Users\prnapper\AppData\Local\Windows Live
2012-05-04 11:19 - 2012-05-04 11:18 - 00000000 ____D C:\Users\prnapper\AppData\Local\{264BF48E-B57B-45A0-828F-33B033D56B5F}
2012-05-04 11:13 - 2012-05-04 11:13 - 00001976 ____A C:\Users\prnapper\Desktop\DVD Decrypter.lnk
2012-05-04 11:13 - 2012-05-04 11:13 - 00000000 ____D C:\Program Files (x86)\DVD Decrypter
2012-05-04 11:12 - 2012-05-04 11:12 - 00899414 ____A C:\Users\prnapper\Downloads\SetupDVDDecrypter_3.5.4.0.exe
2012-05-04 10:58 - 2012-05-04 10:17 - 00000000 ___AD C:\Users\prnapper\Desktop\VIDEO_TS
2012-05-04 03:06 - 2012-06-13 09:35 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 09:35 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 09:35 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 03:52 - 2011-08-18 09:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-05-01 23:25 - 2012-05-01 23:25 - 00009222 ____A C:\Users\prnapper\Documents\cc_20120502_082520.reg
2012-05-01 23:23 - 2011-08-17 11:14 - 00000000 ____D C:\Users\prnapper\AppData\Roaming\Skype
2012-05-01 23:17 - 2012-05-01 23:17 - 03654896 ____A (Piriform Ltd) C:\Users\prnapper\Downloads\ccsetup318 (4).exe
2012-05-01 23:17 - 2012-05-01 23:16 - 03654896 ____A (Piriform Ltd) C:\Users\prnapper\Downloads\ccsetup318 (3).exe
2012-05-01 23:16 - 2012-05-01 23:16 - 03654896 ____A (Piriform Ltd) C:\Users\prnapper\Downloads\ccsetup318.exe
2012-05-01 23:16 - 2012-05-01 23:16 - 03654896 ____A (Piriform Ltd) C:\Users\prnapper\Downloads\ccsetup318 (2).exe
2012-05-01 23:16 - 2012-05-01 23:16 - 03654896 ____A (Piriform Ltd) C:\Users\prnapper\Downloads\ccsetup318 (1).exe
2012-05-01 09:07 - 2011-11-20 14:26 - 00000000 ____D C:\Users\All Users\McAfee Security Scan
2012-05-01 09:07 - 2011-08-18 09:34 - 00000000 ____D C:\Users\prnapper\AppData\Roaming\Adobe
2012-05-01 09:07 - 2011-08-18 09:27 - 00000000 ____D C:\Users\prnapper\AppData\Local\Adobe
2012-05-01 09:07 - 2011-04-11 23:37 - 00000000 ____D C:\Users\All Users\WinClon
2012-05-01 09:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-05-01 09:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2012-05-01 09:06 - 2011-08-18 10:45 - 00000000 ___RD C:\MSOCache
2012-04-30 21:40 - 2012-06-13 09:35 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 09:34 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 03:21 - 2012-04-27 03:21 - 00173810 ____A C:\Users\prnapper\Downloads\NAPPERLLPR-20120427.ofx
2012-04-26 12:10 - 2012-04-26 12:10 - 00000000 ____D C:\Users\prnapper\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2012-04-26 12:10 - 2011-08-18 09:26 - 00000000 ____D C:\Users\All Users\Adobe
2012-04-26 12:09 - 2012-04-26 12:09 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-04-26 12:09 - 2012-04-26 12:09 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-04-25 21:41 - 2012-06-13 09:35 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 09:35 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 09:35 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-13 09:35 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 09:35 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 09:35 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 09:35 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 09:35 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 09:35 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 07:47 - 2012-04-23 07:47 - 00020246 ____A C:\Users\prnapper\Downloads\Sponsor Pipeline.xlsx
2012-04-23 07:47 - 2012-04-23 07:47 - 00020246 ____A C:\Users\prnapper\Downloads\Sponsor Pipeline (1).xlsx
2012-04-19 12:12 - 2012-04-19 12:12 - 00708262 ____A C:\Users\prnapper\Downloads\x_p_us_beq.xml.gz
2012-04-18 19:50 - 2012-04-18 19:50 - 00028480 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
2012-04-18 11:02 - 2012-04-18 11:02 - 00374272 ____A C:\Users\prnapper\Downloads\Delegate List.xls
2012-04-16 10:50 - 2011-12-26 12:41 - 00000000 ____D C:\Users\prnapper\Documents\Youcam
2012-04-16 01:46 - 2012-04-16 01:46 - 00016776 ____A C:\Users\prnapper\Downloads\Financing Transport - record for speaker invites (1).xlsx
2012-04-16 01:43 - 2012-04-16 01:43 - 00031744 ____A C:\Users\prnapper\Downloads\Delegate List 1 (1).xls
2012-04-16 01:42 - 2012-04-16 01:42 - 00031744 ____A C:\Users\prnapper\Downloads\Delegate List 1.xls
2012-04-15 23:15 - 2012-04-15 23:15 - 00016776 ____A C:\Users\prnapper\Downloads\Financing Transport - record for speaker invites.xlsx
2012-04-13 06:46 - 2012-04-13 06:46 - 00210396 ____A C:\Users\prnapper\Downloads\Data (1)
2012-04-13 06:46 - 2012-04-13 06:46 - 00210396 ____A C:\Users\prnapper\Downloads\Data
2012-04-13 00:10 - 2009-07-13 21:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-11 10:32 - 2012-04-11 10:32 - 00002592 ____A C:\Users\prnapper\Documents\ChatLog MARKET ACCESS_ PRICING_ AND REIMBURSEMENT STRATEGIES _FOCUS_ BRAZIL_ RUSSIA_ CHINA_ 2012_04_11 19_32.rtf
2012-04-11 01:47 - 2012-04-11 01:47 - 00000000 ____D C:\Users\prnapper\AppData\Roaming\Optimizer Pro
2012-04-11 01:45 - 2012-04-11 01:45 - 00001066 ____A C:\Users\prnapper\Desktop\Optimizer Pro.lnk
2012-04-11 01:45 - 2012-04-11 01:45 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2012-04-11 01:45 - 2012-03-30 05:19 - 00000000 ____D C:\Users\All Users\InstallMate
2012-04-10 07:57 - 2012-04-10 07:57 - 00000162 ___AH C:\Users\prnapper\Desktop\~$w Rich Text Document.rtf
2012-04-09 14:20 - 2012-04-09 14:20 - 00000000 ____A C:\Windows\SysWOW64\shoCD94.tmp
2012-04-07 04:31 - 2012-06-13 09:34 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-13 09:34 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-05 09:25 - 2012-04-05 09:25 - 00000692 ____A C:\Users\prnapper\Documents\ChatLog _REHEARSAL_ MARKET ACCESS_ PRICING_ AND REIMBURSEMENT STRATEGIES _FOCUS_ BRAZIL_ RUSSIA_ CHINA_ 2012_04_05 18_25.rtf
2012-04-05 08:31 - 2012-04-05 08:31 - 00104456 ____A (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\prnapper\Downloads\g2m_download.exe
2012-04-05 08:30 - 2011-11-20 14:26 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-05 08:30 - 2011-11-20 14:26 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-05 08:30 - 2011-11-20 14:26 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-05 08:30 - 2011-08-19 06:40 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-05 08:28 - 2012-04-05 08:28 - 00908576 ____A (Sun Microsystems, Inc.) C:\Users\prnapper\Downloads\chromeinstall-6u31.exe
2012-04-05 08:28 - 2012-04-05 08:28 - 00908576 ____A (Sun Microsystems, Inc.) C:\Users\prnapper\Downloads\chromeinstall-6u31 (1).exe
2012-04-04 06:56 - 2012-06-21 07:57 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 06:02 - 2012-04-04 01:38 - 00048479 ____A C:\Users\prnapper\Downloads\ppitandc.rtf
2012-04-04 01:39 - 2012-04-04 01:39 - 00053834 ____A C:\Users\prnapper\Downloads\ppitandc (1).rtf
2012-03-30 05:20 - 2012-03-30 05:20 - 00000000 ____D C:\Users\All Users\Premium
2012-03-30 03:35 - 2012-05-09 00:07 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-28 09:02 - 2012-03-28 09:02 - 00033792 ____A C:\Users\prnapper\Downloads\03n-0203-ts00012-SHAMES.ppt
2012-03-28 08:45 - 2012-03-28 08:45 - 00000360 ____A C:\Users\prnapper\Downloads\calendar (2)
2012-03-28 02:24 - 2012-03-28 02:05 - 00000000 ____D C:\Users\prnapper\AppData\Local\HP
2012-03-28 02:12 - 2012-03-28 02:12 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-03-28 02:10 - 2012-03-28 02:10 - 00000000 ____D C:\Users\prnapper\AppData\Roaming\HpUpdate
2012-03-28 02:10 - 2012-03-28 02:08 - 00000000 ____D C:\Program Files (x86)\HP
2012-03-28 02:09 - 2012-03-28 02:09 - 00002176 ____A C:\Users\Public\Desktop\HP Officejet 7500 E910.lnk
2012-03-28 02:09 - 2012-03-28 02:09 - 00001868 ____A C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 7500 E910.lnk
2012-03-28 02:09 - 2012-03-28 02:09 - 00001196 ____A C:\Users\Public\Desktop\HP Officejet 7500 E910 Scan.lnk
2012-03-28 02:08 - 2012-03-28 02:08 - 00000000 ____D C:\Users\All Users\HP
2012-03-28 02:06 - 2012-03-28 02:06 - 00000000 ____D C:\Program Files\HP

ZeroAccess:
C:\Windows\Installer\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94}
C:\Windows\Installer\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94}\L
C:\Windows\Installer\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94}\U

ZeroAccess:
C:\Users\prnapper\AppData\Local\978327bc
C:\Users\prnapper\AppData\Local\978327bc\@
C:\Users\prnapper\AppData\Local\978327bc\U

ZeroAccess:
C:\Users\prnapper\AppData\Local\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94}
C:\Users\prnapper\AppData\Local\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94}\@
C:\Users\prnapper\AppData\Local\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94}\L
C:\Users\prnapper\AppData\Local\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 2932.56 MB
Available physical RAM: 2370.97 MB
Total Pagefile: 2930.76 MB
Available Pagefile: 2358.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:111 GB) (Free:36.96 GB) NTFS
2 Drive d: () (Fixed) (Total:165.36 GB) (Free:128.36 GB) NTFS
3 Drive f: (SAMSUNG_REC) (Fixed) (Total:21.63 GB) (Free:0.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive h: () (Removable) (Total:3.74 GB) (Free:3.73 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB
Disk 1 Online 3835 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 111 GB 101 MB
Partition 0 Extended 165 GB 111 GB
Partition 4 Logical 165 GB 111 GB
Partition 3 Recovery 21 GB 276 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 111 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 165 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F SAMSUNG_REC NTFS Partition 21 GB Healthy Hidden

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3827 MB 19 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 3827 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-08 10:49

======================= End Of Log ==========================
prnapper is offline  
Old 06-25-2012, 11:09 AM   #18
Security Team
Trainee IV
 
Join Date: Sep 2010
Location: The eurozone.....eeek!
Posts: 535
OS: xp



We look to be making progress now.


Did you install or do you use Optimizer Pro?


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

Code:
C:\Windows\Installer\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94}
C:\Users\prnapper\AppData\Local\978327bc
C:\Users\prnapper\AppData\Local\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94}
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
woosh is offline  
Old 06-25-2012, 01:12 PM   #19
Registered Member
 
Join Date: Aug 2008
Posts: 34
OS: winxp



Optimiser Pro is a right nuisance, it keeps asking if I want to register it - can't find it anywhere to remove.

Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 24-06-2012
Ran by SYSTEM at 2012-06-25 2047 Run:1
Running from H:\

==============================================

C:\Windows\Installer\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94} moved successfully.
C:\Users\prnapper\AppData\Local\978327bc moved successfully.
C:\Users\prnapper\AppData\Local\{78548b6f-9ea0-c855-d1c4-99b3a2f61b94} moved successfully.

==== End of Fixlog ====
prnapper is offline  
Old 06-25-2012, 03:20 PM   #20
Security Team
Trainee IV
 
Join Date: Sep 2010
Location: The eurozone.....eeek!
Posts: 535
OS: xp



We will deal with Optimizer Pro now. After you complete the following let me know how things are with the computer.



Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs):

Java(TM) 6 Update 22
Java(TM) 6 Update 31


These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > java.com: Java + You
  • After the install is complete, go back to your Control Panel(using Classic View) and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.


=================


The installed version of Adobe Reader is also outdated and needs to be uninstalled.

Adobe Reader 9.1

The latest version can be downloaded from here: Adobe - Adobe Reader download - All versions

*When downloading the latest version of Adobe Reader, untick "Security Scan Plus"


===============


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote:
File::
C:\Users\prnapper\Desktop\Optimizer Pro.lnk

Folder::
C:\Users\prnapper\AppData\Roaming\Optimizer Pro
C:\Program Files (x86)\Optimizer Pro

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Optimizer Pro"=-
Save this as CFScript.txt, in the same location as ComboFix.exe





Referring to the picture above, drag CFScript into ComboFix.exe

When finished, please post the C:\ComboFix.txt for further review and let me know how the computer is running.
woosh is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Google redirect
I have some kind of virus that is causing my computer to run very slowly whenever I am connected to the internet. (Everything I do when disconnected from my [email protected] DSL line seems fine) The virus also causes redirects on Goole searches. I have run scans with Microsoft Internet Essentials, Spybot...
uptowndowntown Resolved HJT Threads 30 01-30-2012 04:20 AM
Malware diverts Google to Ads
A Google search will provide various websites but when I click on one, I am diverted to adware. A common one is GimmeAnswers (get-answers-fast.com). I suspect Frostwire although it could be coincidence. I had not used Frostwire for over a year but did a search a couple of months ago. I got a...
SanJuan Resolved HJT Threads 11 12-15-2011 09:32 AM
Desktop.ini (Trojan) found
I was infected about 2 weeks ago with a virus that was redirecting me when I selected links in my google searches and giving me fake Security Center popups. At the time, I had only Adaware installed which reported finding something like a "win32agent." I then installed other AV programs...
remo26 Virus/Trojan/Spyware Help 24 12-11-2011 12:53 PM
Alureon infection/erased settings
I recently turned on my computer and found that when starting up into windows there was a black screen replacing my background and all my preferences had been removed or hidden. The start menu was empty and the task bar was even empty. I restarted the computer into safe mode and had a similar...
grunt422 Inactive Malware Help Topics 16 06-26-2011 01:47 PM
antispyis.com, trojan horse generic 20.bqlt
antispyis.com attacked me a couple days ago. spent an evening trying to fix. Finally gave up and shut down. Next morning after starting up AVG (free edition 2011) came up right away and said it had quaranteened, files associated with antispyis.com, namely pupflyulajb.exe and two registry lines...
binky400 Resolved HJT Threads 13 01-19-2011 04:07 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:00 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts