TechSpot

Another Google Redirect Problem..

By Biggs3535
Apr 6, 2012
  1. Any help would be appreciated.

    After running an AVG scan with no luck, here is the malwarebytes log info:



    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.04.06.03

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Brett :: BRETT-PC [administrator]

    4/6/2012 9:05:57 AM
    mbam-log-2012-04-06 (09-05-57).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 325731
    Time elapsed: 1 hour(s), 4 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 3508 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\ProgramData\Microsoft\Windows\DRM\6C5A.tmp (Rootkit.ZeroAccess) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\DRM\6C7A.tmp (Rootkit.ZeroAccess) -> Quarantined and deleted successfully.
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)
     
  2. Biggs3535

    Biggs3535 TS Rookie Topic Starter Posts: 18

    Broni,

    After reading your other suggestions for this problem, here is the askMBR log:



    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-06 11:52:13
    -----------------------------
    11:52:13.319 OS Version: Windows x64 6.1.7600
    11:52:13.320 Number of processors: 4 586 0x2505
    11:52:13.321 ComputerName: BRETT-PC UserName: Brett
    11:52:16.038 Initialize success
    11:55:07.238 AVAST engine defs: 12040600
    11:59:51.490 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    11:59:51.492 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
    11:59:51.495 Device \Driver\iaStor -> MajorFunction fffffa80072735c4
    11:59:51.498 Disk 0 MBR read successfully
    11:59:51.499 Disk 0 MBR scan
    11:59:51.504 Disk 0 Windows VISTA default MBR code
    11:59:51.528 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14500 MB offset 2048
    11:59:51.558 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29698048
    11:59:51.579 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 595878 MB offset 29902848
    11:59:51.670 Disk 0 scanning C:\Windows\system32\drivers
    12:00:03.043 Service scanning
    12:00:54.207 Modules scanning
    12:00:54.225 Disk 0 trace - called modules:
    12:00:54.559 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80072735c4]<<
    12:00:54.564 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004be5060]
    12:00:54.576 3 CLASSPNP.SYS[fffff88001ab243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004919050]
    12:00:54.584 \Driver\iaStor[0xfffffa8004b0ae70] -> IRP_MJ_CREATE -> 0xfffffa80072735c4
    12:00:56.653 AVAST engine scan C:\Windows
    12:01:01.531 AVAST engine scan C:\Windows\system32
    12:05:17.677 AVAST engine scan C:\Windows\system32\drivers
    12:05:30.955 AVAST engine scan C:\Users\Brett
    12:07:16.512 Disk 0 MBR has been saved successfully to "C:\Users\Brett\Desktop\MBR.dat"
    12:07:16.596 The log file has been saved successfully to "C:\Users\Brett\Desktop\aswMBR.txt"
     
  3. Biggs3535

    Biggs3535 TS Rookie Topic Starter Posts: 18

    UPDATED SCAN:




    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-06 11:52:13
    -----------------------------
    11:52:13.319 OS Version: Windows x64 6.1.7600
    11:52:13.320 Number of processors: 4 586 0x2505
    11:52:13.321 ComputerName: BRETT-PC UserName: Brett
    11:52:16.038 Initialize success
    11:55:07.238 AVAST engine defs: 12040600
    11:59:51.490 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    11:59:51.492 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
    11:59:51.495 Device \Driver\iaStor -> MajorFunction fffffa80072735c4
    11:59:51.498 Disk 0 MBR read successfully
    11:59:51.499 Disk 0 MBR scan
    11:59:51.504 Disk 0 Windows VISTA default MBR code
    11:59:51.528 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14500 MB offset 2048
    11:59:51.558 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29698048
    11:59:51.579 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 595878 MB offset 29902848
    11:59:51.670 Disk 0 scanning C:\Windows\system32\drivers
    12:00:03.043 Service scanning
    12:00:54.207 Modules scanning
    12:00:54.225 Disk 0 trace - called modules:
    12:00:54.559 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80072735c4]<<
    12:00:54.564 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004be5060]
    12:00:54.576 3 CLASSPNP.SYS[fffff88001ab243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004919050]
    12:00:54.584 \Driver\iaStor[0xfffffa8004b0ae70] -> IRP_MJ_CREATE -> 0xfffffa80072735c4
    12:00:56.653 AVAST engine scan C:\Windows
    12:01:01.531 AVAST engine scan C:\Windows\system32
    12:05:17.677 AVAST engine scan C:\Windows\system32\drivers
    12:05:30.955 AVAST engine scan C:\Users\Brett
    12:07:16.512 Disk 0 MBR has been saved successfully to "C:\Users\Brett\Desktop\MBR.dat"
    12:07:16.596 The log file has been saved successfully to "C:\Users\Brett\Desktop\aswMBR.txt"
    12:14:23.115 File: C:\Users\Brett\AppData\Local\Temp\6D55.tmp **INFECTED** Win32:MalOb-HP [Cryp]
    12:15:01.088 File: C:\Users\Brett\AppData\Local\Temp\nsvAE8D.tmp\ezbdzgg.dll **INFECTED** Win32:Rootkit-gen [Rtk]
    12:15:59.157 File: C:\Users\Brett\AppData\Roaming\Nero\Nero\ezbdzgg.dll **INFECTED** Win32:Rootkit-gen [Rtk]
    12:17:01.724 AVAST engine scan C:\ProgramData
    12:18:50.346 Scan finished successfully
    12:44:07.911 Disk 0 MBR has been saved successfully to "C:\Users\Brett\Desktop\MBR.dat"
    12:44:07.916 The log file has been saved successfully to "C:\Users\Brett\Desktop\aswMBR.txt"
     
  4. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  5. Biggs3535

    Biggs3535 TS Rookie Topic Starter Posts: 18

    Step 1. Ran AVG Anti-Virus

    Step 2. Ran Malwarebytes. Here is the log:

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.04.06.03

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Brett :: BRETT-PC [administrator]

    4/6/2012 9:05:57 AM
    mbam-log-2012-04-06 (09-05-57).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 325731
    Time elapsed: 1 hour(s), 4 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 3508 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\ProgramData\Microsoft\Windows\DRM\6C5A.tmp (Rootkit.ZeroAccess) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\DRM\6C7A.tmp (Rootkit.ZeroAccess) -> Quarantined and deleted successfully.
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)
     
  6. Biggs3535

    Biggs3535 TS Rookie Topic Starter Posts: 18

    Step 3: Ran Gmer. No modifications were found.

    Step 4: Ran DDS. Here are the results:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29
    Run by Brett at 16:11:32 on 2012-04-06
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3764.977 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\lxdmcoms.exe
    C:\Windows\system32\lxducoms.exe
    C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    C:\Program Files (x86)\Lexmark 5000 Series\lxdmmon.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
    C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\SearchIndexer.exe
    -netsvcs
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86) (x86)\Lexmark 5000 Series\lxdmamon.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\HidFind.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\splwow64.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\taskhost.exe
    "C:\Windows\svchost.exe"
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.540wfla.com/mediaplayer/
    uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
    mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
    mStart Page = hxxp://www.bing.com/?pc=MAGW
    mURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [lxdmmon.exe] "C:\Program Files (x86) (x86)\Lexmark 5000 Series\lxdmmon.exe"
    mRun: [lxdmamon] "C:\Program Files (x86) (x86)\Lexmark 5000 Series\lxdmamon.exe"
    mRun: [Lexmark 5000 Series] "C:\Program Files (x86)\Lexmark 5000 Series\fm3032.exe" /s
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VIDEOW~1.LNK - C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 65.32.5.74 65.32.5.75
    TCP: Interfaces\{69ED98A7-74F3-473A-84E0-54224B181A66} : DhcpNameServer = 65.32.5.74 65.32.5.75
    TCP: Interfaces\{69ED98A7-74F3-473A-84E0-54224B181A66}\A45796369702E45647 : DhcpNameServer = 65.32.5.111 65.32.5.112
    TCP: Interfaces\{C2985464-82A7-4827-B34B-3C8B951B1A25} : DhcpNameServer = 192.168.2.1
    Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    BHO-X64: Yontoo Layers - No File
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
    mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [lxdmmon.exe] "C:\Program Files (x86) (x86)\Lexmark 5000 Series\lxdmmon.exe"
    mRun-x64: [lxdmamon] "C:\Program Files (x86) (x86)\Lexmark 5000 Series\lxdmamon.exe"
    mRun-x64: [Lexmark 5000 Series] "C:\Program Files (x86)\Lexmark 5000 Series\fm3032.exe" /s
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\5hdl8atb.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.theblaze.com/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Brett\AppData\Roaming\Mozilla\plugins\npatgpc.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extentions.y2layers.installId - fdb31a9c-961c-4819-b8ff-49371c87b686
    FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2008-10-27 759072]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-3-13 321104]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-3-13 868896]
    R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
    R2 lxdu_device;lxdu_device;C:\Windows\system32\lxducoms.exe -service --> C:\Windows\system32\lxducoms.exe -service [?]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-6-28 255744]
    R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-6-30 1248256]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-13 2320920]
    R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-11-20 243232]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 253600]
    S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-3-30 151064]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-04-06 15:02:37 -------- d-----w- C:\ProgramData\Sophos
    2012-04-06 15:02:14 73728 ----a-r- C:\Users\Brett\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2012-04-06 15:02:13 73728 ----a-r- C:\Users\Brett\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2012-04-06 15:02:13 73728 ----a-r- C:\Users\Brett\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
    2012-04-06 15:01:58 -------- d-----w- C:\Program Files (x86)\Sophos
    2012-04-06 14:37:02 20480 ----a-w- C:\Windows\svchost.exe
    2012-04-06 13:04:17 -------- d-----w- C:\Users\Brett\AppData\Roaming\Malwarebytes
    2012-04-06 13:04:04 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-04-06 13:04:03 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-04-06 13:04:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-04-04 15:06:38 -------- d--h--w- C:\$AVG
    2012-04-04 13:00:11 8767136 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-04 12:52:24 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-03-20 12:55:32 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
    2012-03-20 12:55:32 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
    2012-03-14 21:49:26 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-03-14 21:49:25 3957616 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-03-14 21:49:25 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-03-14 17:15:48 3143168 ----a-w- C:\Windows\System32\win32k.sys
    2012-03-14 17:15:45 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2012-03-14 17:15:45 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
    2012-03-14 17:15:45 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2012-03-14 17:15:44 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2012-03-14 17:15:44 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2012-03-14 17:15:44 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2012-03-14 17:15:44 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
    2012-03-14 17:15:44 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2012-03-14 17:15:44 1541120 ----a-w- C:\Windows\System32\DWrite.dll
    2012-03-14 17:15:44 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-03-14 12:56:12 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-03-14 12:56:12 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-03-14 12:56:12 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-03-14 12:56:10 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-03-14 12:56:10 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-03-14 12:56:10 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-03-14 12:56:10 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    .
    ==================== Find3M ====================
    .
    2012-04-04 13:00:25 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 16:12:23.10 ===============
     

    Attached Files:

  7. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please observe forum rules.
    All logs have to be pasted not attached.

    When done with pasting Attach.txt.....

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  8. Biggs3535

    Biggs3535 TS Rookie Topic Starter Posts: 18

    Sorry, I thought it said to attach it. Here it is:


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/3/2011 3:48:27 AM
    System Uptime: 4/6/2012 11:09:25 AM (5 hours ago)
    .
    Motherboard: Gateway | | SJV71_CP
    Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz | CPU 1 | 2533/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 582 GiB total, 531.441 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP65: 3/7/2012 1:52:53 PM - Scheduled Checkpoint
    RP66: 3/13/2012 5:15:00 PM - Windows Update
    RP67: 3/14/2012 5:46:57 PM - Windows Update
    RP68: 3/22/2012 10:44:55 AM - Scheduled Checkpoint
    RP69: 3/29/2012 11:35:51 AM - Scheduled Checkpoint
    RP70: 4/6/2012 11:00:12 AM - Installed Sophos Virus Removal Tool.
    .
    ==== Installed Programs ======================
    .
    ABBYY FineReader 9.0 Professional Edition
    Acrobat.com
    Adobe AIR
    Adobe Reader 9.5.0 MUI
    Advertising Center
    Alcor Micro USB Card Reader
    Backup Manager Basic
    Coupon Printer for Windows
    CyberLink PowerDVD 9
    D3DX10
    Gateway InfoCentre
    Gateway MyBackup
    Gateway Power Management
    Gateway Recovery Management
    Gateway Registration
    Gateway ScreenSaver
    Gateway Updater
    Identity Card
    ImagXpress
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 29
    Junk Mail filter update
    Launch Manager
    Lexmark 5000 Series
    Lexmark Toolbar
    Malwarebytes Anti-Malware version 1.60.1.1000
    Mesh Runtime
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 11.0 (x86 en-US)
    Mozilla Thunderbird (8.0)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Nero 9 Essentials
    Nero ControlCenter
    Nero DiscSpeed
    Nero DiscSpeed Help
    Nero DriveSpeed
    Nero DriveSpeed Help
    Nero Express Help
    Nero InfoTool
    Nero InfoTool Help
    Nero Installer
    Nero Online Upgrade
    Nero StartSmart
    Nero StartSmart Help
    Nero StartSmart OEM
    NeroExpress
    neroxml
    QuickBooks
    QuickBooks Premier: Retail Edition 2011
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Skype Toolbars
    Skype™ 5.5
    Sophos Virus Removal Tool
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Video Web Camera
    Visual Studio 2008 x64 Redistributables
    WebEx
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/6/2012 8:58:14 AM, Error: Service Control Manager [7034] - The Intuit QuickBooks FCS service terminated unexpectedly. It has done this 1 time(s).
    4/6/2012 10:36:04 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxdmCATSCustConnectService service to connect.
    4/6/2012 10:36:04 AM, Error: Service Control Manager [7000] - The lxdmCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    4/4/2012 8:43:34 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    4/4/2012 8:43:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
    4/4/2012 8:43:29 AM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    4/3/2012 4:57:46 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Brett-PC\Brett SID (S-1-5-21-985189109-1070028810-608463575-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    .
    ==== End Of File ===========================
     
  9. Biggs3535

    Biggs3535 TS Rookie Topic Starter Posts: 18

    duplicate...
     
  10. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  11. Biggs3535

    Biggs3535 TS Rookie Topic Starter Posts: 18

    17:33:11.0697 6844 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
    17:33:13.0194 6844 ============================================================
    17:33:13.0194 6844 Current date / time: 2012/04/06 17:33:13.0194
    17:33:13.0194 6844 SystemInfo:
    17:33:13.0194 6844
    17:33:13.0194 6844 OS Version: 6.1.7600 ServicePack: 0.0
    17:33:13.0194 6844 Product type: Workstation
    17:33:13.0194 6844 ComputerName: BRETT-PC
    17:33:13.0194 6844 UserName: Brett
    17:33:13.0194 6844 Windows directory: C:\Windows
    17:33:13.0194 6844 System windows directory: C:\Windows
    17:33:13.0194 6844 Running under WOW64
    17:33:13.0194 6844 Processor architecture: Intel x64
    17:33:13.0194 6844 Number of processors: 4
    17:33:13.0194 6844 Page size: 0x1000
    17:33:13.0194 6844 Boot type: Normal boot
    17:33:13.0194 6844 ============================================================
    17:33:14.0376 6844 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:33:14.0396 6844 \Device\Harddisk0\DR0:
    17:33:14.0397 6844 MBR used
    17:33:14.0397 6844 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C52800, BlocksNum 0x32000
    17:33:14.0397 6844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C84800, BlocksNum 0x48BD32B0
    17:33:14.0430 6844 Initialize success
    17:33:14.0431 6844 ============================================================
    17:33:24.0472 3748 ============================================================
    17:33:24.0472 3748 Scan started
    17:33:24.0472 3748 Mode: Manual;
    17:33:24.0472 3748 ============================================================
    17:33:25.0556 3748 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    17:33:25.0561 3748 1394ohci - ok
    17:33:25.0686 3748 ABBYY.Licensing.FineReader.Professional.9.0 (368638508f3675f7c6e69381fa65339d) C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
    17:33:25.0704 3748 ABBYY.Licensing.FineReader.Professional.9.0 - ok
    17:33:25.0803 3748 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    17:33:25.0809 3748 ACPI - ok
    17:33:25.0863 3748 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    17:33:25.0865 3748 AcpiPmi - ok
    17:33:25.0992 3748 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    17:33:25.0997 3748 AdobeFlashPlayerUpdateSvc - ok
    17:33:26.0099 3748 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    17:33:26.0109 3748 adp94xx - ok
    17:33:26.0204 3748 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    17:33:26.0211 3748 adpahci - ok
    17:33:26.0252 3748 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    17:33:26.0256 3748 adpu320 - ok
    17:33:26.0299 3748 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    17:33:26.0301 3748 AeLookupSvc - ok
    17:33:26.0422 3748 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
    17:33:26.0431 3748 AFD - ok
    17:33:26.0517 3748 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    17:33:26.0519 3748 agp440 - ok
    17:33:26.0564 3748 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    17:33:26.0567 3748 ALG - ok
    17:33:26.0655 3748 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    17:33:26.0656 3748 aliide - ok
    17:33:26.0687 3748 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    17:33:26.0688 3748 amdide - ok
    17:33:26.0744 3748 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    17:33:26.0747 3748 AmdK8 - ok
    17:33:26.0776 3748 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    17:33:26.0779 3748 AmdPPM - ok
    17:33:26.0901 3748 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
    17:33:26.0904 3748 amdsata - ok
    17:33:26.0970 3748 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    17:33:26.0975 3748 amdsbs - ok
    17:33:27.0023 3748 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
    17:33:27.0025 3748 amdxata - ok
    17:33:27.0133 3748 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
    17:33:27.0135 3748 AmUStor - ok
    17:33:27.0239 3748 ApfiltrService (fab590e0fc28cb474b965f8267458e14) C:\Windows\system32\DRIVERS\Apfiltr.sys
    17:33:27.0245 3748 ApfiltrService - ok
    17:33:27.0324 3748 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    17:33:27.0370 3748 AppID - ok
    17:33:27.0469 3748 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    17:33:27.0471 3748 AppIDSvc - ok
    17:33:27.0546 3748 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
    17:33:27.0549 3748 Appinfo - ok
    17:33:27.0606 3748 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    17:33:27.0609 3748 arc - ok
    17:33:27.0702 3748 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    17:33:27.0705 3748 arcsas - ok
    17:33:27.0757 3748 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    17:33:27.0759 3748 AsyncMac - ok
    17:33:27.0882 3748 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    17:33:27.0884 3748 atapi - ok
    17:33:28.0006 3748 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
    17:33:28.0066 3748 athr - ok
    17:33:28.0169 3748 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    17:33:28.0180 3748 AudioEndpointBuilder - ok
    17:33:28.0194 3748 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    17:33:28.0202 3748 AudioSrv - ok
    17:33:28.0559 3748 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    17:33:28.0683 3748 AVGIDSAgent - ok
    17:33:28.0781 3748 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    17:33:28.0784 3748 AVGIDSDriver - ok
    17:33:28.0823 3748 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    17:33:28.0825 3748 AVGIDSEH - ok
    17:33:28.0877 3748 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    17:33:28.0879 3748 AVGIDSFilter - ok
    17:33:28.0986 3748 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
    17:33:28.0992 3748 Avgldx64 - ok
    17:33:29.0028 3748 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
    17:33:29.0031 3748 Avgmfx64 - ok
    17:33:29.0081 3748 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
    17:33:29.0083 3748 Avgrkx64 - ok
    17:33:29.0120 3748 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
    17:33:29.0126 3748 Avgtdia - ok
    17:33:29.0224 3748 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    17:33:29.0228 3748 avgwd - ok
    17:33:29.0330 3748 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
    17:33:29.0333 3748 AxInstSV - ok
    17:33:29.0399 3748 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    17:33:29.0407 3748 b06bdrv - ok
    17:33:29.0499 3748 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:33:29.0505 3748 b57nd60a - ok
    17:33:29.0558 3748 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
    17:33:29.0592 3748 BCM43XX - ok
    17:33:29.0686 3748 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    17:33:29.0689 3748 BDESVC - ok
    17:33:29.0751 3748 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    17:33:29.0753 3748 Beep - ok
    17:33:29.0875 3748 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
    17:33:29.0885 3748 BFE - ok
    17:33:29.0945 3748 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
    17:33:29.0965 3748 BITS - ok
    17:33:30.0058 3748 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    17:33:30.0060 3748 blbdrive - ok
    17:33:30.0116 3748 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
    17:33:30.0119 3748 bowser - ok
    17:33:30.0157 3748 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    17:33:30.0159 3748 BrFiltLo - ok
    17:33:30.0185 3748 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    17:33:30.0186 3748 BrFiltUp - ok
    17:33:30.0285 3748 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
    17:33:30.0288 3748 Browser - ok
    17:33:30.0325 3748 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    17:33:30.0331 3748 Brserid - ok
    17:33:30.0410 3748 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    17:33:30.0413 3748 BrSerWdm - ok
    17:33:30.0441 3748 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:33:30.0443 3748 BrUsbMdm - ok
    17:33:30.0469 3748 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    17:33:30.0471 3748 BrUsbSer - ok
    17:33:30.0494 3748 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    17:33:30.0497 3748 BTHMODEM - ok
    17:33:30.0607 3748 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    17:33:30.0611 3748 bthserv - ok
    17:33:30.0676 3748 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    17:33:30.0679 3748 cdfs - ok
    17:33:30.0758 3748 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    17:33:30.0762 3748 cdrom - ok
    17:33:30.0813 3748 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    17:33:30.0816 3748 CertPropSvc - ok
    17:33:30.0882 3748 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    17:33:30.0884 3748 circlass - ok
    17:33:30.0975 3748 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    17:33:30.0983 3748 CLFS - ok
    17:33:31.0068 3748 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    17:33:31.0071 3748 clr_optimization_v2.0.50727_32 - ok
    17:33:31.0111 3748 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    17:33:31.0114 3748 clr_optimization_v2.0.50727_64 - ok
    17:33:31.0194 3748 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    17:33:31.0197 3748 clr_optimization_v4.0.30319_32 - ok
    17:33:31.0218 3748 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    17:33:31.0221 3748 clr_optimization_v4.0.30319_64 - ok
    17:33:31.0306 3748 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    17:33:31.0308 3748 CmBatt - ok
    17:33:31.0369 3748 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    17:33:31.0371 3748 cmdide - ok
    17:33:31.0473 3748 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
    17:33:31.0481 3748 CNG - ok
    17:33:31.0578 3748 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    17:33:31.0580 3748 Compbatt - ok
    17:33:31.0619 3748 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    17:33:31.0621 3748 CompositeBus - ok
    17:33:31.0674 3748 COMSysApp - ok
    17:33:31.0704 3748 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    17:33:31.0706 3748 crcdisk - ok
    17:33:31.0793 3748 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
    17:33:31.0797 3748 CryptSvc - ok
    17:33:31.0919 3748 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    17:33:31.0927 3748 cvhsvc - ok
    17:33:32.0031 3748 dc3d (15c2afd86d8a58354fc100434c78b621) C:\Windows\system32\DRIVERS\dc3d.sys
    17:33:32.0040 3748 dc3d - ok
    17:33:32.0134 3748 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    17:33:32.0143 3748 DcomLaunch - ok
    17:33:32.0187 3748 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    17:33:32.0194 3748 defragsvc - ok
    17:33:32.0253 3748 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
    17:33:32.0256 3748 DfsC - ok
    17:33:32.0351 3748 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
    17:33:32.0357 3748 Dhcp - ok
    17:33:32.0405 3748 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    17:33:32.0407 3748 discache - ok
    17:33:32.0682 3748 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    17:33:32.0684 3748 Disk - ok
    17:33:32.0768 3748 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
    17:33:32.0772 3748 Dnscache - ok
    17:33:32.0804 3748 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
    17:33:32.0810 3748 dot3svc - ok
    17:33:32.0869 3748 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
    17:33:32.0872 3748 DPS - ok
    17:33:32.0950 3748 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    17:33:32.0952 3748 drmkaud - ok
    17:33:33.0050 3748 DsiWMIService (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    17:33:33.0055 3748 DsiWMIService - ok
    17:33:33.0148 3748 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
    17:33:33.0181 3748 DXGKrnl - ok
    17:33:33.0252 3748 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    17:33:33.0255 3748 EapHost - ok
    17:33:33.0367 3748 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    17:33:33.0448 3748 ebdrv - ok
    17:33:33.0582 3748 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
    17:33:33.0584 3748 EFS - ok
    17:33:33.0737 3748 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
    17:33:33.0753 3748 ehRecvr - ok
    17:33:33.0780 3748 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    17:33:33.0783 3748 ehSched - ok
    17:33:33.0864 3748 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    17:33:33.0873 3748 elxstor - ok
    17:33:33.0994 3748 ePowerSvc (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    17:33:34.0015 3748 ePowerSvc - ok
    17:33:34.0083 3748 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    17:33:34.0085 3748 ErrDev - ok
    17:33:34.0143 3748 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    17:33:34.0150 3748 EventSystem - ok
    17:33:34.0197 3748 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    17:33:34.0201 3748 exfat - ok
    17:33:34.0228 3748 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    17:33:34.0233 3748 fastfat - ok
    17:33:34.0315 3748 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
    17:33:34.0326 3748 Fax - ok
    17:33:34.0389 3748 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    17:33:34.0391 3748 fdc - ok
    17:33:34.0420 3748 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    17:33:34.0421 3748 fdPHost - ok
    17:33:34.0444 3748 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    17:33:34.0446 3748 FDResPub - ok
    17:33:34.0497 3748 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    17:33:34.0501 3748 FileInfo - ok
    17:33:34.0545 3748 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    17:33:34.0547 3748 Filetrace - ok
    17:33:34.0585 3748 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    17:33:34.0587 3748 flpydisk - ok
    17:33:34.0617 3748 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    17:33:34.0623 3748 FltMgr - ok
    17:33:34.0684 3748 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
    17:33:34.0717 3748 FontCache - ok
    17:33:34.0800 3748 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    17:33:34.0802 3748 FontCache3.0.0.0 - ok
    17:33:34.0862 3748 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    17:33:34.0864 3748 FsDepends - ok
    17:33:34.0903 3748 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    17:33:34.0905 3748 Fs_Rec - ok
    17:33:34.0997 3748 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    17:33:35.0002 3748 fvevol - ok
    17:33:35.0045 3748 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    17:33:35.0047 3748 gagp30kx - ok
    17:33:35.0103 3748 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
    17:33:35.0120 3748 gpsvc - ok
    17:33:35.0214 3748 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
    17:33:35.0215 3748 GREGService - ok
    17:33:35.0296 3748 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    17:33:35.0298 3748 hcw85cir - ok
    17:33:35.0385 3748 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    17:33:35.0391 3748 HdAudAddService - ok
    17:33:35.0419 3748 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    17:33:35.0422 3748 HDAudBus - ok
    17:33:35.0523 3748 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    17:33:35.0525 3748 HECIx64 - ok
    17:33:35.0573 3748 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    17:33:35.0575 3748 HidBatt - ok
    17:33:35.0649 3748 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    17:33:35.0651 3748 HidBth - ok
    17:33:35.0692 3748 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    17:33:35.0694 3748 HidIr - ok
    17:33:35.0730 3748 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    17:33:35.0732 3748 hidserv - ok
    17:33:35.0823 3748 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    17:33:35.0825 3748 HidUsb - ok
    17:33:35.0857 3748 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
    17:33:35.0861 3748 hkmsvc - ok
    17:33:35.0933 3748 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
    17:33:35.0939 3748 HomeGroupListener - ok
    17:33:35.0963 3748 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
    17:33:35.0968 3748 HomeGroupProvider - ok
    17:33:36.0082 3748 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    17:33:36.0085 3748 HpSAMD - ok
    17:33:36.0128 3748 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    17:33:36.0145 3748 HTTP - ok
    17:33:36.0241 3748 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    17:33:36.0244 3748 hwpolicy - ok
    17:33:36.0273 3748 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    17:33:36.0276 3748 i8042prt - ok
    17:33:36.0379 3748 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
    17:33:36.0384 3748 iaStor - ok
    17:33:36.0453 3748 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
    17:33:36.0462 3748 iaStorV - ok
    17:33:36.0593 3748 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    17:33:36.0626 3748 idsvc - ok
    17:33:36.0936 3748 igfx (2a22ab054f4630d2ef4bab2853f6d5f6) C:\Windows\system32\DRIVERS\igdkmd64.sys
    17:33:37.0150 3748 igfx - ok
    17:33:37.0281 3748 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    17:33:37.0284 3748 iirsp - ok
    17:33:37.0351 3748 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
    17:33:37.0368 3748 IKEEXT - ok
    17:33:37.0479 3748 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
    17:33:37.0484 3748 Impcd - ok
    17:33:37.0662 3748 IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
    17:33:37.0740 3748 IntcAzAudAddService - ok
    17:33:37.0849 3748 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
    17:33:37.0855 3748 IntcDAud - ok
    17:33:37.0891 3748 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    17:33:37.0893 3748 intelide - ok
    17:33:37.0915 3748 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    17:33:37.0917 3748 intelppm - ok
    17:33:37.0953 3748 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    17:33:37.0957 3748 IPBusEnum - ok
    17:33:37.0991 3748 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:33:37.0994 3748 IpFilterDriver - ok
    17:33:38.0034 3748 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
    17:33:38.0045 3748 iphlpsvc - ok
    17:33:38.0145 3748 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    17:33:38.0148 3748 IPMIDRV - ok
    17:33:38.0189 3748 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    17:33:38.0192 3748 IPNAT - ok
    17:33:38.0234 3748 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    17:33:38.0235 3748 IRENUM - ok
    17:33:38.0256 3748 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    17:33:38.0258 3748 isapnp - ok
    17:33:38.0284 3748 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    17:33:38.0289 3748 iScsiPrt - ok
    17:33:38.0413 3748 k57nd60a (12e27942dbb7c91880163634b0d8a776) C:\Windows\system32\DRIVERS\k57nd60a.sys
    17:33:38.0420 3748 k57nd60a - ok
    17:33:38.0496 3748 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    17:33:38.0498 3748 kbdclass - ok
    17:33:38.0544 3748 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    17:33:38.0546 3748 kbdhid - ok
    17:33:38.0593 3748 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    17:33:38.0595 3748 KeyIso - ok
    17:33:38.0633 3748 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
    17:33:38.0637 3748 KSecDD - ok
    17:33:38.0681 3748 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
    17:33:38.0685 3748 KSecPkg - ok
    17:33:39.0025 3748 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    17:33:39.0096 3748 ksthunk - ok
    17:33:39.0263 3748 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    17:33:39.0271 3748 KtmRm - ok
    17:33:39.0397 3748 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
    17:33:39.0400 3748 L1E - ok
    17:33:39.0453 3748 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
    17:33:39.0460 3748 LanmanServer - ok
    17:33:39.0559 3748 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
    17:33:39.0563 3748 LanmanWorkstation - ok
    17:33:39.0688 3748 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    17:33:39.0690 3748 lltdio - ok
    17:33:39.0735 3748 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    17:33:39.0742 3748 lltdsvc - ok
    17:33:39.0765 3748 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    17:33:39.0768 3748 lmhosts - ok
    17:33:39.0890 3748 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    17:33:39.0894 3748 LMS - ok
    17:33:40.0026 3748 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    17:33:40.0030 3748 LSI_FC - ok
    17:33:40.0090 3748 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    17:33:40.0093 3748 LSI_SAS - ok
    17:33:40.0209 3748 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    17:33:40.0212 3748 LSI_SAS2 - ok
    17:33:40.0282 3748 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    17:33:40.0286 3748 LSI_SCSI - ok
    17:33:40.0339 3748 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    17:33:40.0341 3748 luafv - ok
    17:33:40.0438 3748 lxdmCATSCustConnectService (310911630fb08f7e9d44fd76dc79e6f9) C:\Windows\system32\spool\DRIVERS\x64\3\\lxdmserv.exe
    17:33:40.0461 3748 lxdmCATSCustConnectService - ok
    17:33:40.0540 3748 lxdm_device - ok
    17:33:40.0595 3748 lxdu_device - ok
    17:33:40.0657 3748 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
    17:33:40.0661 3748 Mcx2Svc - ok
    17:33:40.0722 3748 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    17:33:40.0724 3748 megasas - ok
    17:33:40.0862 3748 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    17:33:40.0869 3748 MegaSR - ok
    17:33:40.0950 3748 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    17:33:40.0954 3748 MMCSS - ok
    17:33:41.0022 3748 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    17:33:41.0025 3748 Modem - ok
    17:33:41.0106 3748 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    17:33:41.0108 3748 monitor - ok
    17:33:41.0224 3748 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    17:33:41.0226 3748 mouclass - ok
    17:33:41.0305 3748 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    17:33:41.0307 3748 mouhid - ok
    17:33:41.0395 3748 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    17:33:41.0398 3748 mountmgr - ok
    17:33:41.0449 3748 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    17:33:41.0453 3748 mpio - ok
    17:33:41.0571 3748 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    17:33:41.0574 3748 mpsdrv - ok
    17:33:41.0681 3748 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
    17:33:41.0701 3748 MpsSvc - ok
    17:33:41.0834 3748 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    17:33:41.0838 3748 MRxDAV - ok
    17:33:41.0965 3748 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:33:41.0969 3748 mrxsmb - ok
    17:33:42.0040 3748 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:33:42.0046 3748 mrxsmb10 - ok
    17:33:42.0159 3748 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:33:42.0163 3748 mrxsmb20 - ok
    17:33:42.0242 3748 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    17:33:42.0244 3748 msahci - ok
    17:33:42.0314 3748 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    17:33:42.0317 3748 msdsm - ok
    17:33:42.0358 3748 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    17:33:42.0363 3748 MSDTC - ok
    17:33:42.0470 3748 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    17:33:42.0472 3748 Msfs - ok
    17:33:42.0550 3748 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    17:33:42.0553 3748 mshidkmdf - ok
    17:33:42.0602 3748 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    17:33:42.0604 3748 msisadrv - ok
    17:33:42.0846 3748 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    17:33:42.0851 3748 MSiSCSI - ok
    17:33:42.0862 3748 msiserver - ok
    17:33:43.0000 3748 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    17:33:43.0002 3748 MSKSSRV - ok
    17:33:43.0103 3748 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers
     
  12. Biggs3535

    Biggs3535 TS Rookie Topic Starter Posts: 18

    \MSPCLOCK.sys
    17:33:43.0104 3748 MSPCLOCK - ok
    17:33:43.0168 3748 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    17:33:43.0169 3748 MSPQM - ok
    17:33:43.0229 3748 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    17:33:43.0235 3748 MsRPC - ok
    17:33:43.0328 3748 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    17:33:43.0330 3748 mssmbios - ok
    17:33:43.0426 3748 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    17:33:43.0428 3748 MSTEE - ok
    17:33:43.0477 3748 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    17:33:43.0479 3748 MTConfig - ok
    17:33:43.0525 3748 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    17:33:43.0527 3748 Mup - ok
    17:33:43.0566 3748 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
    17:33:43.0575 3748 napagent - ok
    17:33:43.0698 3748 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    17:33:43.0705 3748 NativeWifiP - ok
    17:33:43.0803 3748 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    17:33:43.0822 3748 NDIS - ok
    17:33:43.0946 3748 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    17:33:43.0948 3748 NdisCap - ok
    17:33:44.0055 3748 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    17:33:44.0057 3748 NdisTapi - ok
    17:33:44.0244 3748 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    17:33:44.0246 3748 Ndisuio - ok
    17:33:44.0358 3748 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    17:33:44.0362 3748 NdisWan - ok
    17:33:44.0473 3748 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    17:33:44.0475 3748 NDProxy - ok
    17:33:44.0608 3748 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    17:33:44.0631 3748 Nero BackItUp Scheduler 4.0 - ok
    17:33:44.0757 3748 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    17:33:44.0759 3748 NetBIOS - ok
    17:33:44.0823 3748 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    17:33:44.0828 3748 NetBT - ok
    17:33:44.0949 3748 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    17:33:44.0952 3748 Netlogon - ok
    17:33:45.0077 3748 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    17:33:45.0085 3748 Netman - ok
    17:33:45.0190 3748 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    17:33:45.0199 3748 netprofm - ok
    17:33:45.0334 3748 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    17:33:45.0337 3748 NetTcpPortSharing - ok
    17:33:45.0508 3748 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    17:33:45.0511 3748 nfrd960 - ok
    17:33:45.0651 3748 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
    17:33:45.0658 3748 NlaSvc - ok
    17:33:45.0813 3748 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    17:33:45.0815 3748 Npfs - ok
    17:33:45.0901 3748 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    17:33:45.0904 3748 nsi - ok
    17:33:46.0051 3748 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    17:33:46.0053 3748 nsiproxy - ok
    17:33:46.0205 3748 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
    17:33:46.0249 3748 Ntfs - ok
    17:33:46.0374 3748 NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
    17:33:46.0379 3748 NTI IScheduleSvc - ok
    17:33:46.0485 3748 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
    17:33:46.0487 3748 NTIDrvr - ok
    17:33:46.0631 3748 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
    17:33:46.0633 3748 NuidFltr - ok
    17:33:46.0761 3748 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    17:33:46.0764 3748 Null - ok
    17:33:46.0924 3748 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
    17:33:46.0928 3748 nvraid - ok
    17:33:47.0080 3748 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
    17:33:47.0084 3748 nvstor - ok
    17:33:47.0228 3748 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    17:33:47.0232 3748 nv_agp - ok
    17:33:47.0388 3748 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    17:33:47.0391 3748 ohci1394 - ok
    17:33:47.0462 3748 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    17:33:47.0466 3748 ose - ok
    17:33:47.0615 3748 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    17:33:47.0754 3748 osppsvc - ok
    17:33:47.0984 3748 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    17:33:47.0991 3748 p2pimsvc - ok
    17:33:48.0107 3748 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    17:33:48.0117 3748 p2psvc - ok
    17:33:48.0261 3748 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    17:33:48.0264 3748 Parport - ok
    17:33:48.0431 3748 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    17:33:48.0433 3748 partmgr - ok
    17:33:48.0658 3748 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    17:33:48.0664 3748 PcaSvc - ok
    17:33:48.0798 3748 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    17:33:48.0803 3748 pci - ok
    17:33:48.0938 3748 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    17:33:48.0940 3748 pciide - ok
    17:33:49.0053 3748 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    17:33:49.0057 3748 pcmcia - ok
    17:33:49.0194 3748 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    17:33:49.0196 3748 pcw - ok
    17:33:49.0500 3748 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    17:33:49.0550 3748 PEAUTH - ok
    17:33:49.0740 3748 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    17:33:49.0743 3748 PerfHost - ok
    17:33:49.0887 3748 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
    17:33:49.0920 3748 pla - ok
    17:33:50.0069 3748 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
    17:33:50.0077 3748 PlugPlay - ok
    17:33:50.0314 3748 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    17:33:50.0317 3748 PNRPAutoReg - ok
    17:33:50.0464 3748 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    17:33:50.0471 3748 PNRPsvc - ok
    17:33:50.0694 3748 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
    17:33:50.0696 3748 Point64 - ok
    17:33:50.0824 3748 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
    17:33:50.0834 3748 PolicyAgent - ok
    17:33:50.0981 3748 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    17:33:50.0987 3748 Power - ok
    17:33:51.0107 3748 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    17:33:51.0110 3748 PptpMiniport - ok
    17:33:51.0219 3748 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    17:33:51.0222 3748 Processor - ok
    17:33:51.0302 3748 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
    17:33:51.0307 3748 ProfSvc - ok
    17:33:51.0427 3748 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    17:33:51.0429 3748 ProtectedStorage - ok
    17:33:51.0595 3748 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    17:33:51.0597 3748 Psched - ok
    17:33:51.0716 3748 QBCFMonitorService (91195091f449699b176fe1305dad40da) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    17:33:51.0717 3748 QBCFMonitorService - ok
    17:33:51.0846 3748 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    17:33:51.0849 3748 QBFCService - ok
    17:33:52.0014 3748 QBVSS (78afb70dbe365bd6140e6740792ac3ea) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    17:33:52.0048 3748 QBVSS - ok
    17:33:52.0218 3748 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    17:33:52.0261 3748 ql2300 - ok
    17:33:52.0458 3748 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    17:33:52.0461 3748 ql40xx - ok
    17:33:52.0544 3748 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    17:33:52.0548 3748 QWAVE - ok
    17:33:52.0617 3748 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    17:33:52.0619 3748 QWAVEdrv - ok
    17:33:52.0682 3748 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    17:33:52.0684 3748 RasAcd - ok
    17:33:52.0764 3748 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:33:52.0767 3748 RasAgileVpn - ok
    17:33:52.0849 3748 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    17:33:52.0852 3748 RasAuto - ok
    17:33:52.0906 3748 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:33:52.0908 3748 Rasl2tp - ok
    17:33:53.0009 3748 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
    17:33:53.0014 3748 RasMan - ok
    17:33:53.0065 3748 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    17:33:53.0067 3748 RasPppoe - ok
    17:33:53.0082 3748 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    17:33:53.0084 3748 RasSstp - ok
    17:33:53.0111 3748 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    17:33:53.0115 3748 rdbss - ok
    17:33:53.0141 3748 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    17:33:53.0143 3748 rdpbus - ok
    17:33:53.0177 3748 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:33:53.0179 3748 RDPCDD - ok
    17:33:53.0200 3748 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    17:33:53.0201 3748 RDPENCDD - ok
    17:33:53.0311 3748 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    17:33:53.0312 3748 RDPREFMP - ok
    17:33:53.0379 3748 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
    17:33:53.0382 3748 RDPWD - ok
    17:33:53.0497 3748 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
    17:33:53.0500 3748 rdyboost - ok
    17:33:53.0604 3748 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    17:33:53.0607 3748 RemoteAccess - ok
    17:33:53.0633 3748 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    17:33:53.0636 3748 RemoteRegistry - ok
    17:33:53.0727 3748 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    17:33:53.0729 3748 RpcEptMapper - ok
    17:33:53.0769 3748 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    17:33:53.0771 3748 RpcLocator - ok
    17:33:53.0889 3748 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    17:33:53.0893 3748 RpcSs - ok
    17:33:53.0983 3748 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    17:33:53.0987 3748 rspndr - ok
    17:33:54.0060 3748 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    17:33:54.0062 3748 SamSs - ok
    17:33:54.0181 3748 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    17:33:54.0185 3748 sbp2port - ok
    17:33:54.0289 3748 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    17:33:54.0296 3748 SCardSvr - ok
    17:33:54.0385 3748 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    17:33:54.0387 3748 scfilter - ok
    17:33:54.0546 3748 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
    17:33:54.0578 3748 Schedule - ok
    17:33:54.0869 3748 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    17:33:54.0870 3748 SCPolicySvc - ok
    17:33:54.0929 3748 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
    17:33:54.0935 3748 SDRSVC - ok
    17:33:55.0045 3748 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    17:33:55.0047 3748 secdrv - ok
    17:33:55.0109 3748 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
    17:33:55.0114 3748 seclogon - ok
    17:33:55.0233 3748 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    17:33:55.0237 3748 SENS - ok
    17:33:55.0334 3748 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    17:33:55.0339 3748 SensrSvc - ok
    17:33:55.0428 3748 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    17:33:55.0430 3748 Serenum - ok
    17:33:55.0578 3748 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    17:33:55.0581 3748 Serial - ok
    17:33:55.0687 3748 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    17:33:55.0689 3748 sermouse - ok
    17:33:55.0753 3748 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
    17:33:55.0757 3748 SessionEnv - ok
    17:33:55.0793 3748 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    17:33:55.0795 3748 sffdisk - ok
    17:33:55.0848 3748 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    17:33:55.0850 3748 sffp_mmc - ok
    17:33:55.0880 3748 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
    17:33:55.0882 3748 sffp_sd - ok
    17:33:55.0920 3748 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    17:33:55.0923 3748 sfloppy - ok
    17:33:55.0990 3748 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
    17:33:56.0006 3748 Sftfs - ok
    17:33:56.0087 3748 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    17:33:56.0094 3748 sftlist - ok
    17:33:56.0216 3748 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
    17:33:56.0222 3748 Sftplay - ok
    17:33:56.0260 3748 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
    17:33:56.0262 3748 Sftredir - ok
    17:33:56.0287 3748 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
    17:33:56.0289 3748 Sftvol - ok
    17:33:56.0366 3748 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    17:33:56.0370 3748 sftvsa - ok
    17:33:56.0457 3748 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    17:33:56.0465 3748 SharedAccess - ok
    17:33:56.0583 3748 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
    17:33:56.0592 3748 ShellHWDetection - ok
    17:33:56.0727 3748 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    17:33:56.0730 3748 SiSRaid2 - ok
    17:33:56.0801 3748 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    17:33:56.0803 3748 SiSRaid4 - ok
    17:33:56.0931 3748 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    17:33:56.0934 3748 Smb - ok
    17:33:57.0047 3748 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    17:33:57.0051 3748 SNMPTRAP - ok
    17:33:57.0286 3748 SophosVirusRemovalTool (c2471399f95fef9941480f98ea7bc126) C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe
    17:33:57.0290 3748 SophosVirusRemovalTool - ok
    17:33:57.0364 3748 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    17:33:57.0366 3748 spldr - ok
    17:33:57.0433 3748 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
    17:33:57.0445 3748 Spooler - ok
    17:33:57.0625 3748 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
    17:33:57.0699 3748 sppsvc - ok
    17:33:57.0792 3748 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    17:33:57.0797 3748 sppuinotify - ok
    17:33:57.0899 3748 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
    17:33:57.0908 3748 srv - ok
    17:33:58.0094 3748 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
    17:33:58.0102 3748 srv2 - ok
    17:33:58.0141 3748 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
    17:33:58.0145 3748 srvnet - ok
    17:33:58.0247 3748 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    17:33:58.0253 3748 SSDPSRV - ok
    17:33:58.0289 3748 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    17:33:58.0294 3748 SstpSvc - ok
    17:33:58.0331 3748 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    17:33:58.0333 3748 stexstor - ok
    17:33:58.0433 3748 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
    17:33:58.0444 3748 stisvc - ok
    17:33:58.0511 3748 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    17:33:58.0513 3748 swenum - ok
    17:33:58.0575 3748 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    17:33:58.0585 3748 swprv - ok
    17:33:58.0720 3748 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
    17:33:58.0755 3748 SysMain - ok
    17:33:58.0822 3748 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
    17:33:58.0827 3748 TabletInputService - ok
    17:33:58.0849 3748 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
    17:33:58.0857 3748 TapiSrv - ok
    17:33:58.0880 3748 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    17:33:58.0883 3748 TBS - ok
    17:33:58.0963 3748 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
    17:33:59.0020 3748 Tcpip - ok
    17:33:59.0157 3748 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
    17:33:59.0174 3748 TCPIP6 - ok
    17:33:59.0209 3748 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    17:33:59.0211 3748 tcpipreg - ok
    17:33:59.0231 3748 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    17:33:59.0232 3748 TDPIPE - ok
    17:33:59.0273 3748 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
    17:33:59.0275 3748 TDTCP - ok
    17:33:59.0316 3748 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    17:33:59.0319 3748 tdx - ok
    17:33:59.0418 3748 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    17:33:59.0421 3748 TermDD - ok
    17:33:59.0524 3748 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
    17:33:59.0545 3748 TermService - ok
    17:33:59.0641 3748 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    17:33:59.0645 3748 Themes - ok
    17:33:59.0705 3748 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    17:33:59.0708 3748 THREADORDER - ok
    17:33:59.0812 3748 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    17:33:59.0817 3748 TrkWks - ok
    17:33:59.0878 3748 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
    17:33:59.0882 3748 TrustedInstaller - ok
    17:33:59.0964 3748 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:33:59.0966 3748 tssecsrv - ok
    17:34:00.0071 3748 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    17:34:00.0075 3748 tunnel - ok
    17:34:00.0117 3748 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    17:34:00.0119 3748 uagp35 - ok
    17:34:00.0181 3748 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
    17:34:00.0183 3748 UBHelper - ok
    17:34:00.0258 3748 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    17:34:00.0264 3748 udfs - ok
    17:34:00.0357 3748 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    17:34:00.0361 3748 UI0Detect - ok
    17:34:00.0477 3748 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    17:34:00.0479 3748 uliagpkx - ok
    17:34:00.0590 3748 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    17:34:00.0593 3748 umbus - ok
    17:34:00.0723 3748 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    17:34:00.0725 3748 UmPass - ok
    17:34:00.0912 3748 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    17:34:01.0014 3748 UNS - ok
    17:34:01.0108 3748 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    17:34:01.0114 3748 Updater Service - ok
    17:34:01.0182 3748 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    17:34:01.0192 3748 upnphost - ok
    17:34:01.0273 3748 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
    17:34:01.0276 3748 usbccgp - ok
    17:34:01.0349 3748 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    17:34:01.0352 3748 usbcir - ok
    17:34:01.0429 3748 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
    17:34:01.0431 3748 usbehci - ok
    17:34:01.0473 3748 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
    17:34:01.0479 3748 usbhub - ok
    17:34:01.0542 3748 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
    17:34:01.0545 3748 usbohci - ok
    17:34:01.0583 3748 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    17:34:01.0585 3748 usbprint - ok
    17:34:01.0695 3748 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    17:34:01.0697 3748 usbscan - ok
    17:34:01.0755 3748 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    17:34:01.0758 3748 USBSTOR - ok
    17:34:01.0817 3748 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
    17:34:01.0819 3748 usbuhci - ok
    17:34:01.0928 3748 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
    17:34:01.0933 3748 usbvideo - ok
    17:34:02.0016 3748 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    17:34:02.0020 3748 UxSms - ok
    17:34:02.0044 3748 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    17:34:02.0046 3748 VaultSvc - ok
    17:34:02.0154 3748 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    17:34:02.0156 3748 vdrvroot - ok
    17:34:02.0242 3748 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
    17:34:02.0253 3748 vds - ok
    17:34:02.0343 3748 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    17:34:02.0346 3748 vga - ok
    17:34:02.0411 3748 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    17:34:02.0413 3748 VgaSave - ok
    17:34:02.0437 3748 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    17:34:02.0442 3748 vhdmp - ok
    17:34:02.0522 3748 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    17:34:02.0524 3748 viaide - ok
    17:34:02.0547 3748 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    17:34:02.0549 3748 volmgr - ok
    17:34:02.0647 3748 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    17:34:02.0654 3748 volmgrx - ok
    17:34:02.0759 3748 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    17:34:02.0766 3748 volsnap - ok
    17:34:02.0828 3748 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    17:34:02.0832 3748 vsmraid - ok
    17:34:02.0940 3748 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
    17:34:02.0984 3748 VSS - ok
    17:34:03.0079 3748 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    17:34:03.0081 3748 vwifibus - ok
    17:34:03.0290 3748 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    17:34:03.0293 3748 vwififlt - ok
    17:34:03.0348 3748 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    17:34:03.0350 3748 vwifimp - ok
    17:34:03.0428 3748 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    17:34:03.0437 3748 W32Time - ok
    17:34:03.0533 3748 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    17:34:03.0535 3748 WacomPen - ok
    17:34:03.0600 3748 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    17:34:03.0603 3748 WANARP - ok
    17:34:03.0608 3748 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    17:34:03.0609 3748 Wanarpv6 - ok
    17:34:03.0783 3748 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    17:34:03.0812 3748 WatAdminSvc - ok
    17:34:03.0939 3748 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
    17:34:03.0983 3748 wbengine - ok
    17:34:04.0069 3748 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    17:34:04.0077 3748 WbioSrvc - ok
    17:34:04.0127 3748 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
    17:34:04.0135 3748 wcncsvc - ok
    17:34:04.0181 3748 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    17:34:04.0186 3748 WcsPlugInService - ok
    17:34:04.0244 3748 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    17:34:04.0246 3748 Wd - ok
    17:34:04.0335 3748 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    17:34:04.0351 3748 Wdf01000 - ok
    17:34:04.0408 3748 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    17:34:04.0412 3748 WdiServiceHost - ok
    17:34:04.0419 3748 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    17:34:04.0422 3748 WdiSystemHost - ok
    17:34:04.0470 3748 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
    17:34:04.0476 3748 WebClient - ok
    17:34:04.0504 3748 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    17:34:04.0510 3748 Wecsvc - ok
    17:34:04.0615 3748 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    17:34:04.0620 3748 wercplsupport - ok
    17:34:04.0756 3748 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    17:34:04.0761 3748 WerSvc - ok
    17:34:04.0854 3748 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    17:34:04.0856 3748 WfpLwf - ok
    17:34:04.0906 3748 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    17:34:04.0908 3748 WIMMount - ok
    17:34:04.0940 3748 WinDefend - ok
    17:34:04.0950 3748 WinHttpAutoProxySvc - ok
    17:34:05.0145 3748 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    17:34:05.0150 3748 Winmgmt - ok
    17:34:05.0306 3748 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
    17:34:05.0379 3748 WinRM - ok
    17:34:05.0502 3748 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    17:34:05.0535 3748 Wlansvc - ok
    17:34:05.0612 3748 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    17:34:05.0614 3748 wlcrasvc - ok
    17:34:05.0696 3748 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    17:34:05.0742 3748 wlidsvc - ok
    17:34:05.0867 3748 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    17:34:05.0869 3748 WmiAcpi - ok
    17:34:05.0970 3748 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    17:34:05.0974 3748 wmiApSrv - ok
    17:34:06.0018 3748 WMPNetworkSvc - ok
    17:34:06.0105 3748 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    17:34:06.0109 3748 WPCSvc - ok
    17:34:06.0171 3748 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
    17:34:06.0176 3748 WPDBusEnum - ok
    17:34:06.0237 3748 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    17:34:06.0239 3748 ws2ifsl - ok
    17:34:06.0352 3748 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
    17:34:06.0356 3748 wscsvc - ok
    17:34:06.0407 3748 WSearch - ok
    17:34:06.0492 3748 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
    17:34:06.0558 3748 wuauserv - ok
    17:34:06.0685 3748 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    17:34:06.0688 3748 WudfPf - ok
    17:34:06.0823 3748 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:34:06.0826 3748 WUDFRd - ok
    17:34:06.0885 3748 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
    17:34:06.0890 3748 wudfsvc - ok
    17:34:06.0913 3748 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    17:34:06.0920 3748 WwanSvc - ok
    17:34:06.0966 3748 MBR (0x1B8) (e9f67288208d53ef770f82e186904857) \Device\Harddisk0\DR0
    17:34:06.0993 3748 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    17:34:06.0993 3748 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    17:34:07.0026 3748 Boot (0x1200) (a90b22ff684b9b6d2f45f42fb933ac8f) \Device\Harddisk0\DR0\Partition0
    17:34:07.0028 3748 \Device\Harddisk0\DR0\Partition0 - ok
    17:34:07.0037 3748 Boot (0x1200) (b93d980943e45462b9c626d8facba0ab) \Device\Harddisk0\DR0\Partition1
    17:34:07.0039 3748 \Device\Harddisk0\DR0\Partition1 - ok
    17:34:07.0040 3748 ============================================================
    17:34:07.0040 3748 Scan finished
    17:34:07.0040 3748
    ============================================================
    17:34:07.0054 5296 Detected object count: 1
    17:34:07.0055 5296 Actual detected object count: 1
    17:38:03.0365 5296 \Device\Harddisk0\DR0\# - copied to quarantine
    17:38:03.0366 5296 \Device\Harddisk0\DR0 - copied to quarantine
    17:38:03.0429 5296 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    17:38:03.0432 5296 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    17:38:03.0439 5296 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    17:38:03.0446 5296 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    17:38:03.0479 5296 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    17:38:03.0492 5296 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    17:38:03.0494 5296 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    17:38:03.0496 5296 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    17:38:03.0498 5296 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    17:38:03.0502 5296 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    17:38:03.0506 5296 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    17:38:03.0509 5296 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    17:38:03.0539 5296 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    17:38:03.0541 5296 \Device\Harddisk0\DR0 - ok
    17:38:04.0145 5296 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    17:38:09.0314 6816 Deinitialize success
     
  13. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  14. Biggs3535

    Biggs3535 TS Rookie Topic Starter Posts: 18

    ComboFix 12-04-06.03 - Brett 04/06/2012 19:25:12.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3764.2429 [GMT -4:00]
    Running from: c:\users\Brett\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VideoWebCamera.exe.lnk
    c:\programdata\Tarma Installer
    c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll
    c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
    c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
    c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe
    c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
    c:\windows\svchost.exe
    c:\windows\Temp\log.txt
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-06 23:30 . 2012-04-06 23:30 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-06 21:38 . 2012-04-06 21:38 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-04-06 15:02 . 2012-04-06 15:02 -------- d-----w- c:\programdata\Sophos
    2012-04-06 15:02 . 2012-04-06 15:02 73728 ----a-r- c:\users\Brett\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2012-04-06 15:02 . 2012-04-06 15:02 73728 ----a-r- c:\users\Brett\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2012-04-06 15:02 . 2012-04-06 15:02 73728 ----a-r- c:\users\Brett\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
    2012-04-06 15:01 . 2012-04-06 15:01 -------- d-----w- c:\program files (x86)\Sophos
    2012-04-06 13:04 . 2012-04-06 13:04 -------- d-----w- c:\users\Brett\AppData\Roaming\Malwarebytes
    2012-04-06 13:04 . 2012-04-06 14:37 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-06 13:04 . 2012-04-06 13:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-04-06 13:04 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-04 15:06 . 2012-04-04 15:06 -------- d-----w- C:\$AVG
    2012-04-04 13:00 . 2012-04-04 13:00 8767136 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-04 12:59 . 2012-04-04 12:59 -------- d-----w- c:\windows\Sun
    2012-04-04 12:52 . 2012-04-04 13:00 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-03-20 12:55 . 2012-03-20 12:55 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
    2012-03-20 12:55 . 2012-03-20 12:55 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
    2012-03-14 21:49 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-14 21:49 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-03-14 21:49 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-03-14 17:15 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 17:15 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-03-14 17:15 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
    2012-03-14 17:15 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2012-03-14 17:15 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 17:15 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-03-14 17:15 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-03-14 17:15 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-03-14 17:15 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
    2012-03-14 17:15 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2012-03-14 17:15 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2012-03-14 12:56 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-14 12:56 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-14 12:56 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-14 12:56 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-14 12:56 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-03-14 12:56 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-14 12:56 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-04 13:00 . 2011-05-18 13:03 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2010-06-28 258304]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-11 975952]
    "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
    "lxdmmon.exe"="c:\program files (x86) (x86)\Lexmark 5000 Series\lxdmmon.exe" [2010-02-12 455336]
    "lxdmamon"="c:\program files (x86) (x86)\Lexmark 5000 Series\lxdmamon.exe" [2010-02-12 25256]
    "Lexmark 5000 Series"="c:\program files (x86)\Lexmark 5000 Series\fm3032.exe" [2010-02-12 307880]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-11-9 5923672]
    QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-9 1156968]
    QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2011\QBW32.EXE [2011-11-9 1178984]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 253600]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
    R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-03-30 151064]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2008-10-27 759072]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-11 321104]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-06-11 868896]
    S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
    S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [x]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-06-28 255744]
    S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
    S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-29 243232]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 13:00]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-22 325120]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608]
    "Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-06-11 861216]
    "lxdmmon.exe"="c:\program files (x86)\Lexmark 5000 Series\lxdmmon.exe" [2010-02-12 455336]
    "lxdmamon"="c:\program files (x86)\Lexmark 5000 Series\lxdmamon.exe" [2010-02-12 25256]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.540wfla.com/mediaplayer/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.bing.com/?pc=MAGW
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
    FF - ProfilePath - c:\users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\5hdl8atb.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.theblaze.com/
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: extentions.y2layers.installId - fdb31a9c-961c-4819-b8ff-49371c87b686
    FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    AddRemove-Lexmark 5000 Series - c:\program files (x86) (x86)\Lexmark 5000 Series\Install\x64\Uninst.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\program files (x86)\Launch Manager\LMworker.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-06 19:37:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-06 23:37
    .
    Pre-Run: 571,335,786,496 bytes free
    Post-Run: 571,926,188,032 bytes free
    .
    - - End Of File - - 96A925B36767F6885281ABA9CE6565AD
     
  15. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Looks good.

    Any current issues?

    You can reinstall AVG now.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  16. Biggs3535

    Biggs3535 TS Rookie Topic Starter Posts: 18

    Yes!!! Everything is working great. You are awesome. Here are the OTL logs:



    OTL logfile created on: 4/6/2012 8:08:11 PM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Brett\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.68 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 67.03% Memory free
    7.35 Gb Paging File | 6.02 Gb Available in Paging File | 81.95% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.91 Gb Total Space | 532.73 Gb Free Space | 91.55% Space Free | Partition Type: NTFS

    Computer Name: BRETT-PC | User Name: Brett | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/04/06 20:06:23 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Brett\Downloads\OTL.exe
    PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    PRC - [2011/11/09 17:40:04 | 001,156,968 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    PRC - [2011/11/09 17:38:16 | 001,178,984 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
    PRC - [2011/11/04 17:27:48 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    PRC - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    PRC - [2010/08/10 21:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
    PRC - [2010/08/10 21:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    PRC - [2010/08/10 21:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
    PRC - [2010/06/28 19:23:18 | 000,258,304 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
    PRC - [2010/06/28 19:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
    PRC - [2010/03/03 18:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/03/03 18:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/02/12 16:34:26 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5000 Series\lxdmamon.exe
    PRC - [2010/02/12 16:34:22 | 000,455,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5000 Series\lxdmmon.exe
    PRC - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
    PRC - [2008/10/27 18:03:46 | 000,759,072 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/02/16 10:02:50 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll
    MOD - [2012/02/16 10:02:43 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll
    MOD - [2012/02/16 10:02:24 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\e7eca51cb6c1feb15b585bdf11694630\System.Xml.ni.dll
    MOD - [2012/02/16 10:02:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
    MOD - [2012/02/16 10:02:19 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
    MOD - [2011/11/09 17:39:24 | 000,125,800 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBMAPILibrary.dll
    MOD - [2011/11/09 17:39:18 | 000,020,840 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBCompressor.DLL
    MOD - [2011/11/09 17:39:02 | 000,042,344 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\mbpopup.dll
    MOD - [2011/11/09 17:38:34 | 000,268,648 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
    MOD - [2011/11/09 17:38:34 | 000,176,488 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
    MOD - [2011/11/09 17:38:32 | 000,348,008 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\BackupLib.dll
    MOD - [2011/10/14 08:51:02 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
    MOD - [2010/06/28 19:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
    MOD - [2010/02/12 16:34:26 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5000 Series\lxdmamon.exe
    MOD - [2010/02/12 16:34:22 | 000,455,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5000 Series\lxdmmon.exe
    MOD - [2010/02/09 07:41:50 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5000 Series\app4r.monitor.core.dll
    MOD - [2010/02/09 07:41:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5000 Series\app4r.monitor.common.dll
    MOD - [2010/02/09 07:40:56 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5000 Series\app4r.devmons.mcmdevmon.dll
    MOD - [2009/05/20 18:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
    MOD - [2008/06/06 06:45:50 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5000 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
    MOD - [2007/05/22 17:57:22 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5000 Series\lxdmscw.dll
    MOD - [2007/05/03 10:39:32 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5000 Series\lxdmdatr.dll
    MOD - [2006/12/28 10:47:42 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5000 Series\lxdmcats.dll
    MOD - [2005/07/19 23:18:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\zlib1.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/06/11 18:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
    SRV:64bit: - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
    SRV:64bit: - [2009/10/16 16:06:40 | 001,039,360 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxducoms.exe -- (lxdu_device)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2007/06/07 20:05:40 | 001,053,104 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdmcoms.exe -- (lxdm_device)
    SRV:64bit: - [2007/06/07 20:05:32 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdmserv.exe -- (lxdmCATSCustConnectService)
    SRV - [2012/04/04 09:00:25 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/03/30 17:35:36 | 000,151,064 | ---- | M] (Sophos Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe -- (SophosVirusRemovalTool)
    SRV - [2011/11/04 17:27:48 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
    SRV - [2010/08/10 21:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
    SRV - [2010/06/28 19:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/03 18:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/03/03 18:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010/01/15 18:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
    SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/10/27 18:03:46 | 000,759,072 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)
    SRV - [2007/06/07 20:05:52 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdmcoms.exe -- (lxdm_device)
    SRV - [2007/06/07 20:05:32 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdmserv.exe -- (lxdmCATSCustConnectService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
    DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
    DRV:64bit: - [2011/04/08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/06/10 16:57:20 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
    DRV:64bit: - [2010/06/08 08:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
    DRV:64bit: - [2010/05/11 22:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010/04/21 15:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/03/03 23:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/02/26 20:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/02/03 10:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2009/10/22 00:55:06 | 000,272,432 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/19 22:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
    DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/05 20:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV:64bit: - [2009/05/05 20:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-985189109-1070028810-608463575-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.540wfla.com/mediaplayer/
    IE - HKU\S-1-5-21-985189109-1070028810-608463575-1000\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    IE - HKU\S-1-5-21-985189109-1070028810-608463575-1000\..\SearchScopes\{2C6DE53C-166D-46E3-9B8E-22513213E698}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-985189109-1070028810-608463575-1000\..\SearchScopes\{CA11113E-4993-4B44-86A7-3AAB5BB7EC8A}: "URL" = http://search.avg.com/route/?d=4dc063d6&v=6.103.18.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
    IE - HKU\S-1-5-21-985189109-1070028810-608463575-1000\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=0&v=7.8.31.1&i=&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
    IE - HKU\S-1-5-21-985189109-1070028810-608463575-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.theblaze.com/"
    FF - prefs.js..network.proxy.type: 0


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/01 10:29:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/20 08:55:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/02 09:57:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/09/06 09:28:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/04/02 09:57:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ [2011/12/23 10:22:21 | 000,000,000 | ---D | M]

    [2011/05/03 16:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brett\AppData\Roaming\Mozilla\Extensions
    [2012/03/29 12:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\5hdl8atb.default\extensions
    [2012/02/06 10:03:30 | 000,000,000 | ---D | M] (Facebook Friend Request, Notifications &amp; Messages Alerts + Facebook Like Button) -- C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\5hdl8atb.default\extensions\{30A7232F-77C9-4bd3-A812-3036704DB7AC}
    [2011/12/03 22:24:54 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\5hdl8atb.default\extensions\plugin@yontoo.com
    [2012/01/18 15:56:44 | 000,002,281 | ---- | M] () -- C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\5hdl8atb.default\searchplugins\s-amazon.xml
    [2012/01/09 10:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/06/20 09:33:34 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/03/20 08:55:32 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/10/20 13:31:46 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
    [2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
    [2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2011/10/04 09:21:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/11/08 16:29:09 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/04/06 19:31:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-985189109-1070028810-608463575-1000\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
    O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [lxdmamon] C:\Program Files (x86)\Lexmark 5000 Series\lxdmamon.exe ()
    O4:64bit: - HKLM..\Run: [lxdmmon.exe] C:\Program Files (x86)\Lexmark 5000 Series\lxdmmon.exe ()
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
    O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
    O4 - HKLM..\Run: [Lexmark 5000 Series] C:\Program Files (x86)\Lexmark 5000 Series\fm3032.exe ()
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [lxdmamon] C:\Program Files (x86) (x86)\Lexmark 5000 Series\lxdmamon.exe ()
    O4 - HKLM..\Run: [lxdmmon.exe] C:\Program Files (x86) (x86)\Lexmark 5000 Series\lxdmmon.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-985189109-1070028810-608463575-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-985189109-1070028810-608463575-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69ED98A7-74F3-473A-84E0-54224B181A66}: DhcpNameServer = 65.32.5.111 65.32.5.112
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2985464-82A7-4827-B34B-3C8B951B1A25}: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\intu-help-qb4 - No CLSID value found
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/06 20:03:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/04/06 19:22:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/04/06 19:22:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/04/06 19:22:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/04/06 19:22:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/04/06 19:22:24 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/06 19:20:49 | 004,450,572 | R--- | C] (Swearware) -- C:\Users\Brett\Desktop\ComboFix.exe
    [2012/04/06 17:38:03 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/04/06 11:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
    [2012/04/06 11:02:14 | 000,000,000 | ---D | C] -- C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
    [2012/04/06 11:01:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
    [2012/04/06 09:04:17 | 000,000,000 | ---D | C] -- C:\Users\Brett\AppData\Roaming\Malwarebytes
    [2012/04/06 09:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/04/06 09:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/04/06 09:04:03 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/04/06 09:04:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/04/04 19:55:36 | 002,073,136 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Brett\Desktop\TDSSKiller.exe
    [2012/04/04 11:06:38 | 000,000,000 | ---D | C] -- C:\$AVG
    [2012/04/04 08:59:29 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2012/03/22 14:35:39 | 000,000,000 | ---D | C] -- C:\Users\Brett\Desktop\Blackburn's Interiors, Inc Tax Forms

    ========== Files - Modified Within 30 Days ==========

    [2012/04/06 20:11:06 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/04/06 20:11:06 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/04/06 20:03:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/04/06 20:03:22 | 2960,470,016 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/06 19:31:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/04/06 19:20:57 | 004,450,572 | R--- | M] (Swearware) -- C:\Users\Brett\Desktop\ComboFix.exe
    [2012/04/06 17:39:23 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/04/06 17:19:13 | 114,262,016 | R--- | M] () -- C:\Users\Brett\Desktop\Blackburn's Interiors, Inc.QBW
    [2012/04/06 17:19:13 | 000,000,355 | ---- | M] () -- C:\Users\Brett\Desktop\Blackburn's Interiors, Inc.QBW.ND
    [2012/04/06 17:19:12 | 000,327,680 | R--- | M] () -- C:\Users\Brett\Desktop\Blackburn's Interiors, Inc.QBW.TLG
    [2012/04/06 12:44:07 | 000,000,512 | ---- | M] () -- C:\Users\Brett\Desktop\MBR.dat
    [2012/04/06 11:02:14 | 000,003,205 | ---- | M] () -- C:\Users\Brett\Desktop\Sophos Virus Removal Tool.lnk
    [2012/04/06 09:04:04 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/04/06 08:57:35 | 093,978,413 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2012/04/04 19:55:36 | 002,073,136 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Brett\Desktop\TDSSKiller.exe
    [2012/04/03 17:12:56 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/04/03 17:12:56 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/04/03 17:12:56 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/04/02 09:57:07 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2012/03/30 11:52:43 | 000,017,624 | ---- | M] () -- C:\Users\Brett\Desktop\Latest CenterState Statement.pdf
    [2012/03/30 11:49:52 | 000,315,187 | ---- | M] () -- C:\Users\Brett\Desktop\Latest BB&T Statement.pdf
    [2012/03/28 17:04:06 | 000,328,886 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
    [2012/03/15 10:59:26 | 000,281,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/03/12 13:38:16 | 002,074,410 | ---- | M] () -- C:\Users\Brett\Desktop\Appraisal.pdf

    ========== Files Created - No Company Name ==========

    [2012/04/06 19:22:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/04/06 19:22:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/04/06 19:22:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/04/06 19:22:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/04/06 19:22:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/04/06 12:07:16 | 000,000,512 | ---- | C] () -- C:\Users\Brett\Desktop\MBR.dat
    [2012/04/06 11:02:14 | 000,003,205 | ---- | C] () -- C:\Users\Brett\Desktop\Sophos Virus Removal Tool.lnk
    [2012/04/06 09:04:04 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/04/04 08:52:27 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/03/30 11:52:43 | 000,017,624 | ---- | C] () -- C:\Users\Brett\Desktop\Latest CenterState Statement.pdf
    [2012/03/30 11:49:52 | 000,315,187 | ---- | C] () -- C:\Users\Brett\Desktop\Latest BB&T Statement.pdf
    [2012/03/12 13:38:16 | 002,074,410 | ---- | C] () -- C:\Users\Brett\Desktop\Appraisal.pdf
    [2011/05/03 17:31:03 | 001,200,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmserv.dll
    [2011/05/03 17:31:03 | 000,950,272 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmusb1.dll
    [2011/05/03 17:31:03 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmcomc.dll
    [2011/05/03 17:31:03 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmhbn3.dll
    [2011/05/03 17:31:03 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmpmui.dll
    [2011/05/03 17:31:03 | 000,598,960 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmcoms.exe
    [2011/05/03 17:31:03 | 000,565,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmlmpm.dll
    [2011/05/03 17:31:03 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdmcomx.dll
    [2011/05/03 17:31:03 | 000,365,488 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmcfg.exe
    [2011/05/03 17:31:03 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmcomm.dll
    [2011/05/03 17:31:03 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdminpa.dll
    [2011/05/03 17:31:03 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdminst.dll
    [2011/05/03 17:31:03 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmiesc.dll
    [2011/05/03 17:31:03 | 000,320,432 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmih.exe
    [2011/05/03 17:31:03 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdmprox.dll
    [2011/05/03 16:16:41 | 000,743,582 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/05/03 15:38:25 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
    [2011/03/13 01:16:17 | 000,000,000 | ---- | C] () -- C:\Windows\Setup.INI
    [2011/03/13 01:01:52 | 000,000,267 | ---- | C] () -- C:\Windows\LaunApp.ini
    [2011/03/13 00:56:52 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2011/03/13 00:56:52 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2011/03/13 00:56:52 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2011/03/13 00:56:52 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2011/03/13 00:56:51 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2011/03/13 00:56:27 | 000,001,701 | ---- | C] () -- C:\Windows\WPatchProgress.ini
    [2010/11/20 00:16:14 | 000,000,079 | ---- | C] () -- C:\Windows\WISGAPas.ini
    [2010/11/19 23:51:36 | 000,000,321 | ---- | C] () -- C:\Windows\Prelaunch.ini
    [2010/11/19 23:51:36 | 000,000,271 | ---- | C] () -- C:\Windows\WisPriority.ini
    [2010/11/19 23:51:36 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
     
  17. Biggs3535

    Biggs3535 TS Rookie Topic Starter Posts: 18

    ========== LOP Check ==========

    [2011/05/09 17:06:23 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\5000 Series
    [2011/09/23 09:12:44 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\AVG2012
    [2011/10/20 13:31:46 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\Catalina Marketing Corp
    [2011/05/09 15:21:12 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\DriverCure
    [2011/05/05 09:49:37 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\Lexmark Productivity Studio
    [2012/04/06 17:38:12 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\SoftGrid Client
    [2011/09/06 09:28:27 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\Thunderbird
    [2011/05/03 16:17:21 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\TP
    [2011/12/09 15:41:57 | 000,000,000 | ---D | M] -- C:\Users\Brett\AppData\Roaming\webex
    [2012/03/09 11:00:35 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2009/07/27 16:40:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012/04/06 19:37:43 | 000,018,945 | ---- | M] () -- C:\ComboFix.txt
    [2012/04/06 20:03:22 | 2960,470,016 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/06 20:03:21 | 3947,294,720 | -HS- | M] () -- C:\pagefile.sys
    [2011/02/17 02:51:25 | 000,003,459 | RHS- | M] () -- C:\Patch.rev
    [2011/05/03 03:48:42 | 000,000,185 | RHS- | M] () -- C:\Preload.rev
    [2011/03/13 01:12:38 | 000,002,142 | ---- | M] () -- C:\RHDSetup.log
    [2012/04/06 17:38:09 | 000,129,212 | ---- | M] () -- C:\TDSSKiller.2.7.26.0_06.04.2012_17.33.11_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/06/04 10:50:55 | 000,000,221 | -HS- | M] () -- C:\Users\Brett\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/04/06 19:20:57 | 004,450,572 | R--- | M] (Swearware) -- C:\Users\Brett\Desktop\ComboFix.exe
    [2011/05/03 04:29:13 | 572,373,952 | ---- | M] (Intuit, Inc. ) -- C:\Users\Brett\Desktop\QuickBooksPremier2011.exe
    [2012/04/04 19:55:36 | 002,073,136 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Brett\Desktop\TDSSKiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/04/06 17:39:23 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/04/06 20:03:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/03/09 11:00:35 | 000,032,584 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/16 10:01:33 | 000,000,402 | -HS- | M] () -- C:\Users\Brett\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/05/04 09:48:00 | 000,002,697 | ---- | M] () -- C:\ProgramData\lxdu.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < End of report >
     
  18. Biggs3535

    Biggs3535 TS Rookie Topic Starter Posts: 18

    OTL Extras logfile created on: 4/6/2012 8:08:11 PM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Brett\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.68 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 67.03% Memory free
    7.35 Gb Paging File | 6.02 Gb Available in Paging File | 81.95% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.91 Gb Total Space | 532.73 Gb Free Space | 91.55% Space Free | Partition Type: NTFS

    Computer Name: BRETT-PC | User Name: Brett | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-985189109-1070028810-608463575-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
    "{B6D40BDA-5023-438D-B347-BE870E5F6F10}" = AVG 2012
    "{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "AVG" = AVG 2012
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{028dfa5d-88fa-4049-b9b2-e66394fc0d9a}" = Nero 9 Essentials
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
    "{11E0AC7D-6825-4F67-865F-EE1C13D28C38}" = QuickBooks Premier: Retail Edition 2011
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
    "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
    "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
    "{83299633-1261-47A3-84F3-6F02B4B8CDB1}" = Video Web Camera
    "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI
    "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
    "{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
    "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
    "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
    "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
    "{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
    "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
    "Gateway InfoCentre" = Gateway InfoCentre
    "Gateway Registration" = Gateway Registration
    "Gateway Screensaver" = Gateway ScreenSaver
    "Identity Card" = Identity Card
    "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
    "Lexmark 5000 Series" = Lexmark 5000 Series
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
    "Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-985189109-1070028810-608463575-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "ActiveTouchMeetingClient" = WebEx

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/3/2012 9:42:07 AM | Computer Name = Brett-PC | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 4/3/2012 10:50:02 AM | Computer Name = Brett-PC | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 4/3/2012 10:50:02 AM | Computer Name = Brett-PC | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 4/3/2012 10:50:02 AM | Computer Name = Brett-PC | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 4/3/2012 3:02:50 PM | Computer Name = Brett-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 4/4/2012 8:43:00 AM | Computer Name = Brett-PC | Source = PerfNet | ID = 2004
    Description =

    Error - 4/4/2012 8:44:05 AM | Computer Name = Brett-PC | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 4/4/2012 8:44:05 AM | Computer Name = Brett-PC | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 4/4/2012 8:44:05 AM | Computer Name = Brett-PC | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 4/4/2012 1:39:54 PM | Computer Name = Brett-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    [ System Events ]
    Error - 3/21/2012 8:39:41 AM | Computer Name = Brett-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the lxdmCATSCustConnectService
    service to connect.

    Error - 3/21/2012 8:39:41 AM | Computer Name = Brett-PC | Source = Service Control Manager | ID = 7000
    Description = The lxdmCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 3/22/2012 9:13:10 AM | Computer Name = Brett-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the lxdmCATSCustConnectService
    service to connect.

    Error - 3/22/2012 9:13:10 AM | Computer Name = Brett-PC | Source = Service Control Manager | ID = 7000
    Description = The lxdmCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 3/23/2012 8:18:56 AM | Computer Name = Brett-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the lxdmCATSCustConnectService
    service to connect.

    Error - 3/23/2012 8:18:56 AM | Computer Name = Brett-PC | Source = Service Control Manager | ID = 7000
    Description = The lxdmCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 3/26/2012 8:37:18 AM | Computer Name = Brett-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the lxdmCATSCustConnectService
    service to connect.

    Error - 3/26/2012 8:37:18 AM | Computer Name = Brett-PC | Source = Service Control Manager | ID = 7000
    Description = The lxdmCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 3/27/2012 8:37:52 AM | Computer Name = Brett-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the lxdmCATSCustConnectService
    service to connect.

    Error - 3/27/2012 8:37:52 AM | Computer Name = Brett-PC | Source = Service Control Manager | ID = 7000
    Description = The lxdmCATSCustConnectService service failed to start due to the
    following error: %%1053


    < End of report >
     
  19. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Good news :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  20. Biggs3535

    Biggs3535 TS Rookie Topic Starter Posts: 18

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Brett
    ->Temp folder emptied: 2476 bytes
    ->Temporary Internet Files folder emptied: 71509713 bytes
    ->Java cache emptied: 9820680 bytes
    ->FireFox cache emptied: 567997484 bytes
    ->Flash cache emptied: 640 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 619.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Brett
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Brett
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.39.2 log created on 04062012_204016

    Files\Folders moved on Reboot...
    C:\Users\Brett\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  21. Biggs3535

    Biggs3535 TS Rookie Topic Starter Posts: 18

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Sophos Virus Removal Tool
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 31
    Mozilla Firefox (x86 en-US..)
    Mozilla Thunderbird (8.0.)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVG avgwdsvc.exe
    AVG avgtray.exe
    ``````````End of Log````````````
     
  22. Biggs3535

    Biggs3535 TS Rookie Topic Starter Posts: 18

    Farbar Service Scanner Version: 01-03-2012
    Ran by Brett (administrator) on 06-04-2012 at 21:00:24
    Running from "C:\Users\Brett\Downloads"
    Microsoft Windows 7 Home Premium (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys
    [2012-02-15 15:16] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll
    [2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll
    [2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll
    [2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  23. Biggs3535

    Biggs3535 TS Rookie Topic Starter Posts: 18

    C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\06.04.2012_17.33.13\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\06.04.2012_17.33.13\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\06.04.2012_17.33.13\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\06.04.2012_17.33.13\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\06.04.2012_17.33.13\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KS trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\06.04.2012_17.33.13\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\06.04.2012_17.33.13\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\06.04.2012_17.33.13\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
     
  24. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current (including Service Pack 1 installation!!!)

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  25. Biggs3535

    Biggs3535 TS Rookie Topic Starter Posts: 18

    Broni,

    Thanks again for all of your help. I can't say how wonderful your help has been. I didn't bring the power cord home from church, so the laptop that was infected has died now. I'll work on those final steps on Monday (when I get the power cord) and let you know if there are any problems.

    Again, many thanks to you. God Bless.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...