TechSpot

Iexplore processes running in background

By almightyrum
Jul 29, 2012
  1. I first noticed AVG giving me some warnings about excessive memory usage by IE, but didn't really pay much attention since I was watching streaming video with several tabs open, so I thought maybe that was the problem. Then I noticed that Google searches were being redirected, so I ran a full scan with AVG and Malwarebytes and deleted the several trojans that they found. I then noticed that even when I had not started IE that there were at least two and sometimes more processes running when I looked at Task Manager. One of the processes shows "-noframemerging -private -Embedding" in the command line in Task Manager, and the other usually shows SCODEF:xxxx CREDAT:xxxxxx (different numbers each time). When I tried to download tools from this website to start the process of generating logs my IE was also acting strange: it would start the downloading process, but when I selected "Save As" from the download notification at the bottom the popup window would immediately close and not let me designate where to save the files. After running AVG and Malwarebytes and fixing what was found there I have not had a repeat of this behavior, but I still have the IE processes running in the background.
    I hope this information helps, I will post the logs in the next post.
    Thanks for your help.
     
  2. almightyrum

    almightyrum TS Rookie Topic Starter Posts: 28

    AVG scan found nothing even on full scan...

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.07.29.09
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Matt :: MATT-NEWDELL [administrator]
    7/29/2012 3:08:12 PM
    mbam-log-2012-07-29 (15-08-12).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 217731
    Time elapsed: 2 minute(s), 49 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
    ================================================
    Initially GMER found nothing, but full scan gave results so I figured I should post them just in case since they were short...

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-29 15:34:36
    Windows 6.1.7601 Service Pack 1
    Running: 5rgdeemf.exe

    ---- Files - GMER 1.0.15 ----
    File C:\Users\Matt\Downloads\torrent downloads\Queen - Collection 1967-2011 57 ALBUMS + 65 SINGLES --TBS\Albums\2009 - Queen - Singles Collection Vol. 2 [Remaster 13CD]\1982 CD09 Las Palabras de Amor (The Words of Love) (CDS2009 Singles Collection Vol 2)(320)\Artwork\CD Label.jpg 6616632 bytes
    File C:\Users\Matt\Downloads\torrent downloads\Queen - Collection 1967-2011 57 ALBUMS + 65 SINGLES --TBS\Albums\2009 - Queen - Singles Collection Vol. 2 [Remaster 13CD]\1982 CD09 Las Palabras de Amor (The Words of Love) (CDS2009 Singles Collection Vol 2)(320)\Artwork\Papersleeve Back.jpg 11380809 bytes
    File C:\Users\Matt\Downloads\torrent downloads\Queen - Collection 1967-2011 57 ALBUMS + 65 SINGLES --TBS\Albums\2009 - Queen - Singles Collection Vol. 2 [Remaster 13CD]\1982 CD09 Las Palabras de Amor (The Words of Love) (CDS2009 Singles Collection Vol 2)(320)\Artwork\Papersleeve Front.jpg 8416795 bytes
    ---- EOF - GMER 1.0.15 ----
     
  3. almightyrum

    almightyrum TS Rookie Topic Starter Posts: 28

    And here are the DDS logs also: DDS.txt

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
    Run by Matt at 15:36:48 on 2012-07-29
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6315 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\lxedcoms.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe
    C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    uRun: [Google Update] "C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [Piriform] rundll32.exe C:\Users\Matt\AppData\Local\Piriform\bovtyzcr.dll,CPPDebug
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    LSP: mswsock.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP31-13320/event/ieatgpc1.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{9DB8065A-8FAF-4E58-959C-649A854EB9A6} : DhcpNameServer = 192.168.2.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    BHO-X64: Conduit Engine - No File
    BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO-X64: AVG Do Not Track - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    BHO-X64: Vuze Remote - No File
    BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun-x64: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-12-11 92160]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 lxed_device;lxed_device;C:\Windows\system32\lxedcoms.exe -service --> C:\Windows\system32\lxedcoms.exe -service [?]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-10 2348352]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
    R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-23 2886528]
    R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 lxedCATSCustConnectService;lxedCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\x64\3\lxedserv.exe [2010-5-23 45736]
    S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-07-29 20:07:30 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-29 20:07:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-28 17:22:01 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2012-07-23 01:08:42 839152 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-07-23 01:08:39 955888 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2012-07-23 01:07:44 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-07-22 03:07:44 992352 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\install_flashplayer.exe
    2012-07-11 02:27:26 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-11 01:27:52 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-07-10 01:48:39 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-07-10 01:48:39 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-07-10 01:48:39 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-07-10 01:48:39 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-07-10 01:48:39 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-07-10 01:48:39 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-07-10 01:48:30 3216384 ----a-w- C:\Windows\System32\msi.dll
    2012-07-10 01:48:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
    2012-07-10 01:48:28 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-07-10 01:48:27 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-07-10 01:48:27 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-07-09 21:00:46 -------- d-----w- C:\Users\Matt\AppData\Local\Piriform
    2012-07-09 18:48:55 -------- d-----w- C:\ProgramData\99058D5900007818038D573CB4EB2367
    .
    ==================== Find3M ====================
    .
    2012-07-23 01:07:27 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-06-10 00:56:14 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-10 00:56:14 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-04 23:04:20 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    .
    ============= FINISH: 15:37:11.97 ===============
     
  4. almightyrum

    almightyrum TS Rookie Topic Starter Posts: 28

    and DDS Attach.txt:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/27/2009 6:02:35 PM
    System Uptime: 7/29/2012 3:05:29 PM (0 hours ago)
    .
    Motherboard: DELL Inc. | | 0X501H
    Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 922 GiB total, 616.808 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is FIXED (NTFS) - 195 GiB total, 150.66 GiB free.
    G: is FIXED (NTFS) - 401 GiB total, 280.85 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP225: 7/9/2012 8:48:56 PM - Windows Update
    RP226: 7/10/2012 9:23:55 PM - Windows Update
    RP227: 7/18/2012 6:09:20 AM - Scheduled Checkpoint
    RP228: 7/22/2012 8:02:16 PM - Removed Java(TM) 6 Update 14 (64-bit)
    RP229: 7/22/2012 8:03:01 PM - Removed Java(TM) 6 Update 16
    RP230: 7/22/2012 8:03:27 PM - Removed Java(TM) 6 Update 31
    RP231: 7/22/2012 8:07:20 PM - Installed Java(TM) 7 Update 5
    RP232: 7/22/2012 8:08:16 PM - Installed Java(TM) 7 Update 5 (64-bit)
    .
    ==== Installed Programs ======================
    .
    ABBYY FineReader 6.0 Sprint
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.5.1
    Amazon Kindle
    AnyDVD
    Apple Application Support
    Apple Software Update
    AutoHotkey 1.0.48.05
    Banctec Service Agreement
    calibre
    CloneCD
    CloneDVD2
    CloneDVDmobile
    Conduit Engine
    D3DX10
    Darkspore™
    DC Universe Online
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell DataSafe Local Backup
    Dell Getting Started Guide
    Diablo III
    DirectXInstallService
    Dropbox
    Dungeon Defenders
    Elcomsoft Phone Password Breaker
    EMC 10 Content
    Google Chrome
    GoToAssist 8.0.0.514
    GoToMeeting 4.5.0.457
    HijackThis 2.0.2
    Java Auto Updater
    Java(TM) 7 Update 5
    Junk Mail filter update
    Lexmark Printable Web
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Thunderbird (3.0.4)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML4 Parser
    NVIDIA 3D Vision Controller Driver
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Portal
    Portal 2
    PowerDVD DX
    QuickTime
    Realtek High Definition Audio Driver
    Rise of Nations
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Easy CD and DVD Burning
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    Sonic CinePlayer Decoder Pack
    Steam
    System Requirements Lab
    TeamSpeak 2 RC2
    TeamSpeak 2 Server RC2
    TeamViewer 7
    Tixati
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Visual Studio 2008 x64 Redistributables
    VLC media player 1.1.11
    Vuze
    Vuze Remote Toolbar
    WebEx
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    World of Warcraft
    World of Warcraft Beta
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/29/2012 3:06:27 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    7/29/2012 3:06:27 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to
    start because of the following error: %%-2147024891
    7/29/2012 3:06:04 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an
    installed service.
    7/29/2012 3:06:02 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter
    7/29/2012 3:06:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxedCATSCustConnectService service to connect.
    7/29/2012 3:06:00 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    7/29/2012 3:06:00 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be
    installed.
    7/29/2012 3:06:00 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file
    specified.
    7/29/2012 3:06:00 PM, Error: Service Control Manager [7000] - The lxedCATSCustConnectService service failed to start due to the following error: The service did not respond
    to the start or control request in a timely fashion.
    7/28/2012 3:16:44 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be
    installed.
    .
    ==== End Of File ===========================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =======================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  6. almightyrum

    almightyrum TS Rookie Topic Starter Posts: 28

    Once RogueKiller has found things do I just close it or let it fix things first?

    Here is the log:RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: Matt [Admin rights]
    Mode: Scan -- Date: 07/29/2012 16:20:38
    ¤¤¤ Bad processes: 0 ¤¤¤
    ¤¤¤ Registry Entries: 10 ¤¤¤
    [BLACKLIST DLL] HKCU\[...]\Run : Piriform (rundll32.exe C:\Users\Matt\AppData\Local\Piriform\bovtyzcr.dll,CPPDebug) -> FOUND
    [BLACKLIST DLL] HKUS\S-1-5-21-658256594-2731304227-2091816638-1001[...]\Run : Piriform (rundll32.exe C:\Users\Matt\AppData\Local\Piriform\bovtyzcr.dll,CPPDebug) -> FOUND
    [ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Matt\AppData\Local\{2d514e81-00be-9e0b-704d-540a12e4265c}\n.) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : c:\windows\installer\{2d514e81-00be-9e0b-704d-540a12e4265c}\@ --> FOUND
    [ZeroAccess][FOLDER] U : c:\windows\installer\{2d514e81-00be-9e0b-704d-540a12e4265c}\U --> FOUND
    [ZeroAccess][FOLDER] L : c:\windows\installer\{2d514e81-00be-9e0b-704d-540a12e4265c}\L --> FOUND
    [ZeroAccess][FILE] @ : c:\users\matt\appdata\local\{2d514e81-00be-9e0b-704d-540a12e4265c}\@ --> FOUND
    [ZeroAccess][FOLDER] U : c:\users\matt\appdata\local\{2d514e81-00be-9e0b-704d-540a12e4265c}\U --> FOUND
    [ZeroAccess][FOLDER] L : c:\users\matt\appdata\local\{2d514e81-00be-9e0b-704d-540a12e4265c}\L --> FOUND
    ¤¤¤ Driver: [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    [...]

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG HD103UJ +++++
    --- User ---
    [MBR] 8a4a3475a8608b8f66a18455fb82f62b
    [BSP] 89a446c8ee907cef1f1b5e8950b873ac : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9342 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19214336 | Size: 944486 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: Maxtor OneTouch USB Device +++++
    --- User ---
    [MBR] aecb1ccd71dfde9f46bd200dbd4c6dd8
    [BSP] d54a6902366668122097ef84c0d6cb49 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1 | Size: 200000 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600001 | Size: 410479 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  7. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Just close it.
     
  8. almightyrum

    almightyrum TS Rookie Topic Starter Posts: 28

    Here is the aswMBR.txt:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-29 16:38:20
    -----------------------------
    16:38:20.146 OS Version: Windows x64 6.1.7601 Service Pack 1
    16:38:20.146 Number of processors: 8 586 0x1A05
    16:38:20.146 ComputerName: MATT-NEWDELL UserName: Matt
    16:38:23.484 Initialize success
    16:41:55.556 AVAST engine defs: 12072901
    16:43:15.615 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
    16:43:15.615 Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 953869MB BusType: 8
    16:43:15.646 Disk 0 MBR read successfully
    16:43:15.646 Disk 0 MBR scan
    16:43:15.662 Disk 0 Windows 7 default MBR code
    16:43:15.662 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    16:43:15.678 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 9342 MB offset 81920
    16:43:15.678 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 944486 MB offset 19214336
    16:43:15.709 Disk 0 scanning C:\Windows\system32\drivers
    16:43:24.289 Service scanning
    16:43:40.404 Modules scanning
    16:43:40.404 Disk 0 trace - called modules:
    16:43:40.419 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    16:43:40.435 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007da8790]
    16:43:40.435 3 CLASSPNP.SYS[fffff88001bbc43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8007b1e050]
    16:43:43.617 AVAST engine scan C:\Windows
    16:43:47.580 AVAST engine scan C:\Windows\system32
    16:46:22.004 AVAST engine scan C:\Windows\system32\drivers
    16:46:34.048 AVAST engine scan C:\Users\Matt
    16:52:05.845 AVAST engine scan C:\ProgramData
    16:55:25.385 Scan finished successfully
    16:57:40.356 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
    16:57:40.356 The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBR.txt"
     
  9. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  10. almightyrum

    almightyrum TS Rookie Topic Starter Posts: 28

    Ok, so I downloaded the program onto a flash drive.
    Put the flash drive into the computer and restarted.
    Kept hitting F8 until I got the Advanced Boot Options.
    Selected "Repair your computer", hit Enter.
    got a progress bar saying "Loading Windows Files" and it went to the login screen.
    No option to choose keyboard language, no other sign that it did anything.
    How then can I get to the System Recovery Options?
     
  11. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  12. almightyrum

    almightyrum TS Rookie Topic Starter Posts: 28

    so I used AppRemover to uninstall AVG then rebooted. since I was going to be using ComboFix, I disconnected my internet cable for the reboot before running ComboFix. AVG was sucessfully removed, but upon restart IE came up in fullscreen with the "Cannot Display Website" message. This was what was in the address bar that it was trying to display. Just FYI. (dots and http:// removed, I didn't want to post a link necessarily.)

    collector(dot)opswat(dot)com/feedback.cgi?hwid=L031KBNA&reportid=106468&id=174606&id=174607

    Anyway, here is the Combofix.txt:
    ==========================================
    ComboFix 12-07-29.02 - Matt 07/29/2012 20:13:35.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6713 [GMT -5:00]
    Running from: c:\users\Matt\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Matt\AppData\Local\assembly\tmp
    c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012
    c:\users\Matt\g2mdlhlpx.exe
    c:\users\Matt\GoToAssistDownloadHelper.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-29 20:07 . 2012-07-29 20:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-29 20:07 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-28 17:22 . 2012-07-28 17:22 -------- d-----w- c:\program files (x86)\Trend Micro
    2012-07-23 01:08 . 2012-07-23 01:08 839152 ----a-w- c:\windows\system32\deployJava1.dll
    2012-07-23 01:08 . 2012-07-23 01:08 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-07-23 01:08 . 2012-07-23 01:08 268784 ----a-w- c:\windows\system32\javaws.exe
    2012-07-23 01:08 . 2012-07-23 01:08 189424 ----a-w- c:\windows\system32\javaw.exe
    2012-07-23 01:08 . 2012-07-23 01:08 188912 ----a-w- c:\windows\system32\java.exe
    2012-07-23 01:08 . 2012-07-23 01:08 -------- d-----w- c:\program files\Java
    2012-07-23 01:07 . 2012-07-23 01:07 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-07-23 01:07 . 2012-07-23 01:07 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-07-22 03:07 . 2012-07-22 03:07 992352 ----a-w- c:\programdata\Microsoft\Windows\DRM\install_flashplayer.exe
    2012-07-11 02:27 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 01:27 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-10 01:48 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-07-10 01:48 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-07-10 01:48 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-07-10 01:48 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-07-10 01:48 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-07-10 01:48 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-07-10 01:48 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
    2012-07-10 01:48 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
    2012-07-10 01:48 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-07-10 01:48 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-07-10 01:48 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-07-09 21:00 . 2012-07-28 20:46 -------- d-----w- c:\users\Matt\AppData\Local\Piriform
    2012-07-09 18:48 . 2012-07-09 18:49 -------- d-----w- c:\programdata\99058D5900007818038D573CB4EB2367
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-23 01:07 . 2010-05-10 00:43 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-07-11 02:25 . 2009-12-29 02:27 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-10 00:56 . 2012-03-30 12:00 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-10 00:56 . 2011-05-20 00:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-02 22:19 . 2012-06-21 02:15 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 02:15 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 02:15 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 02:15 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 02:15 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 02:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 02:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 20:19 . 2012-06-21 02:15 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 20:15 . 2012-06-21 02:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-04 23:04 . 2012-04-14 00:51 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-04 11:06 . 2012-06-14 01:02 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-14 01:02 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-14 01:02 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    "Piriform"="c:\users\Matt\AppData\Local\Piriform\bovtyzcr.dll" [2012-07-28 411136]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 lxedCATSCustConnectService;lxedCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxedserv.exe [2010-04-15 45736]
    R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-10 1255736]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
    S2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe [2010-01-07 1052328]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-658256594-2731304227-2091816638-1001Core.job
    - c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-01 00:18]
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-658256594-2731304227-2091816638-1001UA.job
    - c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-01 00:18]
    .
    2012-07-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
    .
    2012-07-29 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    "lxedmon.exe"="c:\program files (x86)\Lexmark S600 Series\lxedmon.exe" [2010-01-18 770728]
    "EzPrint"="c:\program files (x86)\Lexmark S600 Series\ezprint.exe" [2010-01-18 139944]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.2.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
    Wow6432Node-HKLM-Run-HF_G_Jul - c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe
    Toolbar-Locked - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    AddRemove-HijackThis - c:\program files (x86)\Trend Micro\HijackThis\HijackThis.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-29 20:28:00 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-30 01:28
    .
    Pre-Run: 672,268,058,624 bytes free
    Post-Run: 672,018,108,416 bytes free
    .
    - - End Of File - - 1EB63583DB8EBAFA5D708635D260DE06
     
  13. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Folder::
    c:\users\matt\appdata\local\{2d514e81-00be-9e0b-704d-540a12e4265c}
    c:\windows\installer\{2d514e81-00be-9e0b-704d-540a12e4265c}
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  14. almightyrum

    almightyrum TS Rookie Topic Starter Posts: 28

    OK.. here is the new ComboFix.txt:

    ComboFix 12-07-29.02 - Matt 07/29/2012 21:00:55.2.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6813 [GMT -5:00]
    Running from: c:\users\Matt\Desktop\ComboFix.exe
    Command switches used :: c:\users\Matt\Desktop\CFScript.txt
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\matt\appdata\local\{2d514e81-00be-9e0b-704d-540a12e4265c}
    c:\users\matt\appdata\local\{2d514e81-00be-9e0b-704d-540a12e4265c}\@
    c:\windows\installer\{2d514e81-00be-9e0b-704d-540a12e4265c}
    c:\windows\installer\{2d514e81-00be-9e0b-704d-540a12e4265c}\@
    c:\windows\installer\{2d514e81-00be-9e0b-704d-540a12e4265c}\L\00000004.@
    c:\windows\installer\{2d514e81-00be-9e0b-704d-540a12e4265c}\L\1afb2d56
    c:\windows\installer\{2d514e81-00be-9e0b-704d-540a12e4265c}\L\201d3dde
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-30 02:05 . 2012-07-30 02:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-07-30 02:05 . 2012-07-30 02:05 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-29 20:07 . 2012-07-29 20:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-29 20:07 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-28 17:22 . 2012-07-28 17:22 -------- d-----w- c:\program files (x86)\Trend Micro
    2012-07-23 01:08 . 2012-07-23 01:08 839152 ----a-w- c:\windows\system32\deployJava1.dll
    2012-07-23 01:08 . 2012-07-23 01:08 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-07-23 01:08 . 2012-07-23 01:08 268784 ----a-w- c:\windows\system32\javaws.exe
    2012-07-23 01:08 . 2012-07-23 01:08 189424 ----a-w- c:\windows\system32\javaw.exe
    2012-07-23 01:08 . 2012-07-23 01:08 188912 ----a-w- c:\windows\system32\java.exe
    2012-07-23 01:08 . 2012-07-23 01:08 -------- d-----w- c:\program files\Java
    2012-07-23 01:07 . 2012-07-23 01:07 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-07-23 01:07 . 2012-07-23 01:07 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-07-22 03:07 . 2012-07-22 03:07 992352 ----a-w- c:\programdata\Microsoft\Windows\DRM\install_flashplayer.exe
    2012-07-11 02:27 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 01:27 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-10 01:48 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-07-10 01:48 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-07-10 01:48 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-07-10 01:48 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-07-10 01:48 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-07-10 01:48 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-07-10 01:48 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
    2012-07-10 01:48 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
    2012-07-10 01:48 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-07-10 01:48 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-07-10 01:48 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-07-09 21:00 . 2012-07-28 20:46 -------- d-----w- c:\users\Matt\AppData\Local\Piriform
    2012-07-09 18:48 . 2012-07-09 18:49 -------- d-----w- c:\programdata\99058D5900007818038D573CB4EB2367
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-23 01:07 . 2010-05-10 00:43 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-07-11 02:25 . 2009-12-29 02:27 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-10 00:56 . 2012-03-30 12:00 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-10 00:56 . 2011-05-20 00:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-02 22:19 . 2012-06-21 02:15 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 02:15 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 02:15 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 02:15 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 02:15 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 02:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 02:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 20:19 . 2012-06-21 02:15 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 20:15 . 2012-06-21 02:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-04 23:04 . 2012-04-14 00:51 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-04 11:06 . 2012-06-14 01:02 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-14 01:02 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-14 01:02 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-30_01.21.49 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-14 05:10 . 2012-07-30 01:34 34770 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-12-28 00:10 . 2012-07-30 01:34 16320 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-658256594-2731304227-2091816638-1001_UserData.bin
    + 2009-12-30 06:15 . 2012-07-30 01:31 3608 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2012-07-30 02:06 . 2012-07-30 02:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-07-30 01:21 . 2012-07-30 01:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-07-30 01:21 . 2012-07-30 01:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-07-30 02:06 . 2012-07-30 02:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 05:01 . 2012-07-30 01:20 452156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-07-30 02:05 452156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-04-20 12:45 . 2012-07-30 02:05 6564852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-658256594-2731304227-2091816638-1001-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    "Piriform"="c:\users\Matt\AppData\Local\Piriform\bovtyzcr.dll" [2012-07-28 411136]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 lxedCATSCustConnectService;lxedCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxedserv.exe [2010-04-15 45736]
    R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-10 1255736]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
    S2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe [2010-01-07 1052328]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-658256594-2731304227-2091816638-1001Core.job
    - c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-01 00:18]
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-658256594-2731304227-2091816638-1001UA.job
    - c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-01 00:18]
    .
    2012-07-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
    .
    2012-07-29 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    "lxedmon.exe"="c:\program files (x86)\Lexmark S600 Series\lxedmon.exe" [2010-01-18 770728]
    "EzPrint"="c:\program files (x86)\Lexmark S600 Series\ezprint.exe" [2010-01-18 139944]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.2.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-29 21:13:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-30 02:13
    ComboFix2.txt 2012-07-30 01:28
    .
    Pre-Run: 672,162,750,464 bytes free
    Post-Run: 671,825,469,440 bytes free
    .
    - - End Of File - - C87D50EE0A284A79AFC3C14E3F8C5172
     
  15. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Good :)

    How is iexplore.exe issue?
     
  16. almightyrum

    almightyrum TS Rookie Topic Starter Posts: 28

    Still have two processes running in the background according to Task Manager.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    With IE opened or closed?
     
  18. almightyrum

    almightyrum TS Rookie Topic Starter Posts: 28

    IE is closed. I also have not yet reinstalled any antivirus after removing AVG.
     
  19. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    You can reinstall AVG now.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  20. almightyrum

    almightyrum TS Rookie Topic Starter Posts: 28

    Gotta do it in two posts due to length:

    22:35:36.0768 0804 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    22:35:37.0096 0804 ============================================================
    22:35:37.0096 0804 Current date / time: 2012/07/29 22:35:37.0096
    22:35:37.0096 0804 SystemInfo:
    22:35:37.0096 0804
    22:35:37.0096 0804 OS Version: 6.1.7601 ServicePack: 1.0
    22:35:37.0096 0804 Product type: Workstation
    22:35:37.0096 0804 ComputerName: MATT-NEWDELL
    22:35:37.0096 0804 UserName: Matt
    22:35:37.0096 0804 Windows directory: C:\Windows
    22:35:37.0096 0804 System windows directory: C:\Windows
    22:35:37.0096 0804 Running under WOW64
    22:35:37.0096 0804 Processor architecture: Intel x64
    22:35:37.0096 0804 Number of processors: 8
    22:35:37.0096 0804 Page size: 0x1000
    22:35:37.0096 0804 Boot type: Normal boot
    22:35:37.0096 0804 ============================================================
    22:35:37.0455 0804 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:35:37.0470 0804 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    22:35:37.0470 0804 ============================================================
    22:35:37.0470 0804 \Device\Harddisk0\DR0:
    22:35:37.0470 0804 MBR partitions:
    22:35:37.0470 0804 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x123F000
    22:35:37.0470 0804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1253000, BlocksNum 0x734B3000
    22:35:37.0470 0804 \Device\Harddisk1\DR1:
    22:35:37.0470 0804 MBR partitions:
    22:35:37.0470 0804 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x1, BlocksNum 0x186A0000
    22:35:37.0470 0804 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x186A0001, BlocksNum 0x321B7800
    22:35:37.0470 0804 ============================================================
    22:35:37.0502 0804 C: <-> \Device\Harddisk0\DR0\Partition1
    22:35:37.0548 0804 F: <-> \Device\Harddisk1\DR1\Partition0
    22:35:37.0564 0804 G: <-> \Device\Harddisk1\DR1\Partition1
    22:35:37.0564 0804 ============================================================
    22:35:37.0564 0804 Initialize success
    22:35:37.0564 0804 ============================================================
    22:35:42.0696 3692 ============================================================
    22:35:42.0696 3692 Scan started
    22:35:42.0696 3692 Mode: Manual;
    22:35:42.0696 3692 ============================================================
    22:35:43.0164 3692 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    22:35:43.0180 3692 1394ohci - ok
    22:35:43.0196 3692 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    22:35:43.0196 3692 ACPI - ok
    22:35:43.0211 3692 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    22:35:43.0211 3692 AcpiPmi - ok
    22:35:43.0274 3692 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    22:35:43.0274 3692 adp94xx - ok
    22:35:43.0305 3692 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    22:35:43.0305 3692 adpahci - ok
    22:35:43.0320 3692 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    22:35:43.0320 3692 adpu320 - ok
    22:35:43.0352 3692 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    22:35:43.0352 3692 AeLookupSvc - ok
    22:35:43.0414 3692 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    22:35:43.0414 3692 AERTFilters - ok
    22:35:43.0476 3692 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    22:35:43.0476 3692 AFD - ok
    22:35:43.0492 3692 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    22:35:43.0492 3692 agp440 - ok
    22:35:43.0508 3692 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    22:35:43.0508 3692 ALG - ok
    22:35:43.0539 3692 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    22:35:43.0539 3692 aliide - ok
    22:35:43.0554 3692 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    22:35:43.0554 3692 amdide - ok
    22:35:43.0570 3692 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    22:35:43.0570 3692 AmdK8 - ok
    22:35:43.0570 3692 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    22:35:43.0570 3692 AmdPPM - ok
    22:35:43.0601 3692 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    22:35:43.0601 3692 amdsata - ok
    22:35:43.0632 3692 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    22:35:43.0632 3692 amdsbs - ok
    22:35:43.0648 3692 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    22:35:43.0648 3692 amdxata - ok
    22:35:43.0695 3692 AnyDVD (30682a098e12e2c85fa65518e1618195) C:\Windows\system32\Drivers\AnyDVD.sys
    22:35:43.0695 3692 AnyDVD - ok
    22:35:43.0742 3692 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    22:35:43.0742 3692 AppID - ok
    22:35:43.0742 3692 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    22:35:43.0742 3692 AppIDSvc - ok
    22:35:43.0788 3692 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    22:35:43.0788 3692 Appinfo - ok
    22:35:43.0929 3692 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    22:35:43.0929 3692 Apple Mobile Device - ok
    22:35:43.0944 3692 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    22:35:43.0944 3692 arc - ok
    22:35:43.0976 3692 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    22:35:43.0976 3692 arcsas - ok
    22:35:44.0022 3692 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
    22:35:44.0022 3692 aswFsBlk - ok
    22:35:44.0069 3692 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
    22:35:44.0069 3692 aswMonFlt - ok
    22:35:44.0100 3692 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys
    22:35:44.0100 3692 aswRdr - ok
    22:35:44.0178 3692 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
    22:35:44.0178 3692 aswSnx - ok
    22:35:44.0241 3692 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
    22:35:44.0241 3692 aswSP - ok
    22:35:44.0272 3692 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys
    22:35:44.0272 3692 aswTdi - ok
    22:35:44.0288 3692 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    22:35:44.0288 3692 AsyncMac - ok
    22:35:44.0319 3692 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    22:35:44.0319 3692 atapi - ok
    22:35:44.0397 3692 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    22:35:44.0397 3692 AudioEndpointBuilder - ok
    22:35:44.0397 3692 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    22:35:44.0412 3692 AudioSrv - ok
    22:35:44.0490 3692 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    22:35:44.0490 3692 avast! Antivirus - ok
    22:35:44.0553 3692 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    22:35:44.0553 3692 AxInstSV - ok
    22:35:44.0584 3692 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    22:35:44.0584 3692 b06bdrv - ok
    22:35:44.0615 3692 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    22:35:44.0615 3692 b57nd60a - ok
    22:35:44.0646 3692 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    22:35:44.0646 3692 BDESVC - ok
    22:35:44.0662 3692 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    22:35:44.0662 3692 Beep - ok
    22:35:44.0756 3692 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    22:35:44.0771 3692 BFE - ok
    22:35:44.0849 3692 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
    22:35:44.0849 3692 BITS - ok
    22:35:44.0880 3692 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    22:35:44.0880 3692 blbdrive - ok
    22:35:44.0974 3692 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    22:35:44.0974 3692 Bonjour Service - ok
    22:35:45.0021 3692 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    22:35:45.0021 3692 bowser - ok
    22:35:45.0021 3692 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    22:35:45.0021 3692 BrFiltLo - ok
    22:35:45.0036 3692 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    22:35:45.0036 3692 BrFiltUp - ok
    22:35:45.0068 3692 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    22:35:45.0068 3692 BridgeMP - ok
    22:35:45.0130 3692 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    22:35:45.0130 3692 Browser - ok
    22:35:45.0161 3692 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    22:35:45.0161 3692 Brserid - ok
    22:35:45.0177 3692 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    22:35:45.0177 3692 BrSerWdm - ok
    22:35:45.0177 3692 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    22:35:45.0177 3692 BrUsbMdm - ok
    22:35:45.0192 3692 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    22:35:45.0192 3692 BrUsbSer - ok
    22:35:45.0208 3692 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    22:35:45.0208 3692 BTHMODEM - ok
    22:35:45.0255 3692 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    22:35:45.0255 3692 bthserv - ok
    22:35:45.0255 3692 catchme - ok
    22:35:45.0270 3692 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    22:35:45.0270 3692 cdfs - ok
    22:35:45.0317 3692 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    22:35:45.0317 3692 cdrom - ok
    22:35:45.0364 3692 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    22:35:45.0364 3692 CertPropSvc - ok
    22:35:45.0395 3692 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    22:35:45.0395 3692 circlass - ok
    22:35:45.0426 3692 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    22:35:45.0426 3692 CLFS - ok
    22:35:45.0489 3692 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:35:45.0489 3692 clr_optimization_v2.0.50727_32 - ok
    22:35:45.0551 3692 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    22:35:45.0551 3692 clr_optimization_v2.0.50727_64 - ok
    22:35:45.0614 3692 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:35:45.0614 3692 clr_optimization_v4.0.30319_32 - ok
    22:35:45.0645 3692 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    22:35:45.0645 3692 clr_optimization_v4.0.30319_64 - ok
    22:35:45.0676 3692 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    22:35:45.0676 3692 CmBatt - ok
    22:35:45.0707 3692 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    22:35:45.0707 3692 cmdide - ok
    22:35:45.0754 3692 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
    22:35:45.0770 3692 CNG - ok
    22:35:45.0785 3692 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    22:35:45.0785 3692 Compbatt - ok
    22:35:45.0816 3692 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    22:35:45.0816 3692 CompositeBus - ok
    22:35:45.0832 3692 COMSysApp - ok
    22:35:45.0848 3692 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    22:35:45.0848 3692 crcdisk - ok
    22:35:45.0894 3692 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
    22:35:45.0894 3692 CryptSvc - ok
    22:35:45.0957 3692 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    22:35:45.0957 3692 DcomLaunch - ok
    22:35:46.0004 3692 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    22:35:46.0004 3692 defragsvc - ok
    22:35:46.0050 3692 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    22:35:46.0050 3692 DfsC - ok
    22:35:46.0082 3692 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    22:35:46.0082 3692 Dhcp - ok
    22:35:46.0082 3692 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    22:35:46.0082 3692 discache - ok
    22:35:46.0097 3692 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    22:35:46.0097 3692 Disk - ok
    22:35:46.0144 3692 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    22:35:46.0144 3692 Dnscache - ok
    22:35:46.0191 3692 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    22:35:46.0191 3692 dot3svc - ok
    22:35:46.0222 3692 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    22:35:46.0238 3692 DPS - ok
    22:35:46.0253 3692 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    22:35:46.0253 3692 drmkaud - ok
    22:35:46.0331 3692 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    22:35:46.0347 3692 DXGKrnl - ok
    22:35:46.0378 3692 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    22:35:46.0378 3692 EapHost - ok
    22:35:46.0581 3692 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    22:35:46.0596 3692 ebdrv - ok
    22:35:46.0690 3692 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    22:35:46.0690 3692 EFS - ok
    22:35:46.0752 3692 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    22:35:46.0768 3692 ehRecvr - ok
    22:35:46.0784 3692 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    22:35:46.0799 3692 ehSched - ok
    22:35:46.0877 3692 ElbyCDFL (9387a484d31209d7fc3f795a787294db) C:\Windows\system32\Drivers\ElbyCDFL.sys
    22:35:46.0877 3692 ElbyCDFL - ok
    22:35:46.0908 3692 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
    22:35:46.0908 3692 ElbyCDIO - ok
    22:35:46.0971 3692 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    22:35:46.0971 3692 elxstor - ok
    22:35:47.0002 3692 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    22:35:47.0002 3692 ErrDev - ok
    22:35:47.0064 3692 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    22:35:47.0064 3692 EventSystem - ok
    22:35:47.0096 3692 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    22:35:47.0096 3692 exfat - ok
    22:35:47.0111 3692 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    22:35:47.0111 3692 fastfat - ok
    22:35:47.0189 3692 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    22:35:47.0189 3692 Fax - ok
    22:35:47.0220 3692 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    22:35:47.0220 3692 fdc - ok
    22:35:47.0236 3692 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    22:35:47.0236 3692 fdPHost - ok
    22:35:47.0252 3692 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    22:35:47.0252 3692 FDResPub - ok
    22:35:47.0267 3692 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    22:35:47.0267 3692 FileInfo - ok
    22:35:47.0283 3692 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    22:35:47.0283 3692 Filetrace - ok
    22:35:47.0298 3692 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    22:35:47.0298 3692 flpydisk - ok
    22:35:47.0330 3692 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    22:35:47.0330 3692 FltMgr - ok
    22:35:47.0423 3692 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    22:35:47.0439 3692 FontCache - ok
    22:35:47.0517 3692 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    22:35:47.0517 3692 FontCache3.0.0.0 - ok
    22:35:47.0548 3692 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    22:35:47.0548 3692 FsDepends - ok
    22:35:47.0579 3692 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    22:35:47.0579 3692 Fs_Rec - ok
    22:35:47.0642 3692 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    22:35:47.0642 3692 fvevol - ok
    22:35:47.0657 3692 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    22:35:47.0657 3692 gagp30kx - ok
    22:35:47.0688 3692 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    22:35:47.0688 3692 GEARAspiWDM - ok
    22:35:47.0751 3692 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
    22:35:47.0751 3692 GoToAssist - ok
    22:35:47.0829 3692 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    22:35:47.0844 3692 gpsvc - ok
    22:35:47.0907 3692 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:35:47.0907 3692 gupdate - ok
    22:35:47.0922 3692 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:35:47.0922 3692 gupdatem - ok
    22:35:47.0985 3692 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    22:35:47.0985 3692 gusvc - ok
    22:35:48.0000 3692 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    22:35:48.0000 3692 hcw85cir - ok
    22:35:48.0032 3692 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    22:35:48.0032 3692 HDAudBus - ok
    22:35:48.0047 3692 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    22:35:48.0047 3692 HidBatt - ok
    22:35:48.0063 3692 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    22:35:48.0063 3692 HidBth - ok
    22:35:48.0094 3692 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    22:35:48.0094 3692 HidIr - ok
    22:35:48.0125 3692 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    22:35:48.0125 3692 hidserv - ok
    22:35:48.0156 3692 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    22:35:48.0156 3692 HidUsb - ok
    22:35:48.0188 3692 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    22:35:48.0188 3692 hkmsvc - ok
    22:35:48.0234 3692 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    22:35:48.0234 3692 HomeGroupListener - ok
    22:35:48.0266 3692 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    22:35:48.0266 3692 HomeGroupProvider - ok
    22:35:48.0281 3692 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    22:35:48.0281 3692 HpSAMD - ok
    22:35:48.0375 3692 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    22:35:48.0375 3692 HTTP - ok
    22:35:48.0406 3692 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    22:35:48.0406 3692 hwpolicy - ok
    22:35:48.0453 3692 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    22:35:48.0453 3692 i8042prt - ok
    22:35:48.0546 3692 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    22:35:48.0546 3692 IAANTMON - ok
    22:35:48.0609 3692 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
    22:35:48.0609 3692 iaStor - ok
    22:35:48.0656 3692 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    22:35:48.0656 3692 iaStorV - ok
    22:35:48.0765 3692 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    22:35:48.0765 3692 idsvc - ok
    22:35:48.0780 3692 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    22:35:48.0780 3692 iirsp - ok
    22:35:48.0858 3692 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    22:35:48.0874 3692 IKEEXT - ok
    22:35:48.0999 3692 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
    22:35:48.0999 3692 IntcAzAudAddService - ok
    22:35:49.0155 3692 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    22:35:49.0155 3692 intelide - ok
    22:35:49.0170 3692 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    22:35:49.0186 3692 intelppm - ok
    22:35:49.0202 3692 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    22:35:49.0202 3692 IPBusEnum - ok
    22:35:49.0248 3692 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:35:49.0264 3692 IpFilterDriver - ok
    22:35:49.0342 3692 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    22:35:49.0342 3692 iphlpsvc - ok
    22:35:49.0358 3692 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    22:35:49.0358 3692 IPMIDRV - ok
    22:35:49.0389 3692 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    22:35:49.0389 3692 IPNAT - ok
    22:35:49.0514 3692 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
    22:35:49.0514 3692 iPod Service - ok
    22:35:49.0529 3692 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    22:35:49.0529 3692 IRENUM - ok
    22:35:49.0545 3692 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    22:35:49.0545 3692 isapnp - ok
    22:35:49.0576 3692 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    22:35:49.0576 3692 iScsiPrt - ok
    22:35:49.0592 3692 JRAID (71235f7baa7e5e79d38157df7a0f806a) C:\Windows\system32\DRIVERS\jraid.sys
    22:35:49.0607 3692 JRAID - ok
    22:35:49.0638 3692 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    22:35:49.0638 3692 kbdclass - ok
    22:35:49.0654 3692 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    22:35:49.0654 3692 kbdhid - ok
    22:35:49.0685 3692 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    22:35:49.0685 3692 KeyIso - ok
    22:35:49.0716 3692 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
    22:35:49.0716 3692 KSecDD - ok
    22:35:49.0763 3692 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
    22:35:49.0763 3692 KSecPkg - ok
    22:35:49.0763 3692 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    22:35:49.0763 3692 ksthunk - ok
    22:35:49.0810 3692 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    22:35:49.0810 3692 KtmRm - ok
    22:35:49.0857 3692 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
    22:35:49.0857 3692 LanmanServer - ok
    22:35:49.0888 3692 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    22:35:49.0888 3692 LanmanWorkstation - ok
    22:35:49.0919 3692 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    22:35:49.0919 3692 lltdio - ok
    22:35:49.0966 3692 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    22:35:49.0966 3692 lltdsvc - ok
    22:35:49.0982 3692 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    22:35:49.0982 3692 lmhosts - ok
    22:35:50.0028 3692 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    22:35:50.0028 3692 LSI_FC - ok
    22:35:50.0044 3692 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    22:35:50.0044 3692 LSI_SAS - ok
    22:35:50.0060 3692 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    22:35:50.0060 3692 LSI_SAS2 - ok
    22:35:50.0075 3692 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    22:35:50.0075 3692 LSI_SCSI - ok
    22:35:50.0091 3692 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    22:35:50.0091 3692 luafv - ok
    22:35:50.0184 3692 lxedCATSCustConnectService (d6cdf198518b8428b66aad8f7babc3be) C:\Windows\system32\spool\DRIVERS\x64\3\\lxedserv.exe
    22:35:50.0184 3692 lxedCATSCustConnectService - ok
    22:35:50.0200 3692 lxed_device - ok
    22:35:50.0231 3692 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    22:35:50.0247 3692 Mcx2Svc - ok
    22:35:50.0247 3692 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    22:35:50.0247 3692 megasas - ok
    22:35:50.0278 3692 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    22:35:50.0278 3692 MegaSR - ok
    22:35:50.0309 3692 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    22:35:50.0309 3692 MMCSS - ok
    22:35:50.0325 3692 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    22:35:50.0325 3692 Modem - ok
    22:35:50.0356 3692 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    22:35:50.0356 3692 monitor - ok
    22:35:50.0387 3692 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    22:35:50.0387 3692 mouclass - ok
    22:35:50.0418 3692 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    22:35:50.0418 3692 mouhid - ok
    22:35:50.0450 3692 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    22:35:50.0450 3692 mountmgr - ok
    22:35:50.0481 3692 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    22:35:50.0481 3692 mpio - ok
    22:35:50.0496 3692 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    22:35:50.0496 3692 mpsdrv - ok
    22:35:50.0621 3692 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    22:35:50.0637 3692 MpsSvc - ok
    22:35:50.0668 3692 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    22:35:50.0668 3692 MRxDAV - ok
    22:35:50.0699 3692 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:35:50.0699 3692 mrxsmb - ok
    22:35:50.0746 3692 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:35:50.0746 3692 mrxsmb10 - ok
    22:35:50.0762 3692 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:35:50.0762 3692 mrxsmb20 - ok
    22:35:50.0777 3692 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    22:35:50.0777 3692 msahci - ok
    22:35:50.0808 3692 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    22:35:50.0808 3692 msdsm - ok
    22:35:50.0824 3692 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    22:35:50.0840 3692 MSDTC - ok
    22:35:50.0871 3692 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    22:35:50.0871 3692 Msfs - ok
    22:35:50.0886 3692 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    22:35:50.0886 3692 mshidkmdf - ok
    22:35:50.0902 3692 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    22:35:50.0902 3692 msisadrv - ok
    22:35:50.0918 3692 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    22:35:50.0933 3692 MSiSCSI - ok
    22:35:50.0933 3692 msiserver - ok
    22:35:50.0949 3692 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    22:35:50.0964 3692 MSKSSRV - ok
    22:35:50.0964 3692 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    22:35:50.0964 3692 MSPCLOCK - ok
    22:35:50.0964 3692 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    22:35:50.0964 3692 MSPQM - ok
    22:35:51.0027 3692 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    22:35:51.0027 3692 MsRPC - ok
    22:35:51.0058 3692 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    22:35:51.0058 3692 mssmbios - ok
    22:35:51.0058 3692 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    22:35:51.0074 3692 MSTEE - ok
    22:35:51.0074 3692 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    22:35:51.0074 3692 MTConfig - ok
    22:35:51.0089 3692 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    22:35:51.0089 3692 Mup - ok
     
  21. almightyrum

    almightyrum TS Rookie Topic Starter Posts: 28

    22:35:51.0152 3692 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    22:35:51.0152 3692 napagent - ok
    22:35:51.0198 3692 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    22:35:51.0198 3692 NativeWifiP - ok
    22:35:51.0276 3692 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    22:35:51.0292 3692 NDIS - ok
    22:35:51.0308 3692 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    22:35:51.0308 3692 NdisCap - ok
    22:35:51.0354 3692 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    22:35:51.0354 3692 NdisTapi - ok
    22:35:51.0386 3692 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    22:35:51.0386 3692 Ndisuio - ok
    22:35:51.0432 3692 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    22:35:51.0432 3692 NdisWan - ok
    22:35:51.0464 3692 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    22:35:51.0464 3692 NDProxy - ok
    22:35:51.0479 3692 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    22:35:51.0479 3692 NetBIOS - ok
    22:35:51.0510 3692 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    22:35:51.0510 3692 NetBT - ok
    22:35:51.0542 3692 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    22:35:51.0542 3692 Netlogon - ok
    22:35:51.0604 3692 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    22:35:51.0604 3692 Netman - ok
    22:35:51.0635 3692 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    22:35:51.0635 3692 netprofm - ok
    22:35:51.0713 3692 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:35:51.0713 3692 NetTcpPortSharing - ok
    22:35:51.0729 3692 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    22:35:51.0729 3692 nfrd960 - ok
    22:35:51.0791 3692 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    22:35:51.0791 3692 NlaSvc - ok
    22:35:51.0807 3692 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    22:35:51.0807 3692 Npfs - ok
    22:35:51.0854 3692 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    22:35:51.0854 3692 nsi - ok
    22:35:51.0869 3692 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    22:35:51.0869 3692 nsiproxy - ok
    22:35:51.0994 3692 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    22:35:52.0010 3692 Ntfs - ok
    22:35:52.0088 3692 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    22:35:52.0088 3692 Null - ok
    22:35:52.0134 3692 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
    22:35:52.0134 3692 NVHDA - ok
    22:35:52.0930 3692 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    22:35:52.0992 3692 nvlddmkm - ok
    22:35:53.0117 3692 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    22:35:53.0117 3692 nvraid - ok
    22:35:53.0133 3692 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    22:35:53.0133 3692 nvstor - ok
    22:35:53.0226 3692 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
    22:35:53.0226 3692 nvsvc - ok
    22:35:53.0476 3692 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    22:35:53.0492 3692 nvUpdatusService - ok
    22:35:53.0570 3692 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    22:35:53.0570 3692 nv_agp - ok
    22:35:53.0601 3692 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    22:35:53.0601 3692 ohci1394 - ok
    22:35:53.0679 3692 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:35:53.0679 3692 ose - ok
    22:35:54.0006 3692 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    22:35:54.0022 3692 osppsvc - ok
    22:35:54.0116 3692 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    22:35:54.0116 3692 p2pimsvc - ok
    22:35:54.0162 3692 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    22:35:54.0162 3692 p2psvc - ok
    22:35:54.0194 3692 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    22:35:54.0194 3692 Parport - ok
    22:35:54.0225 3692 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    22:35:54.0225 3692 partmgr - ok
    22:35:54.0240 3692 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    22:35:54.0240 3692 PcaSvc - ok
    22:35:54.0287 3692 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    22:35:54.0287 3692 pci - ok
    22:35:54.0303 3692 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    22:35:54.0303 3692 pciide - ok
    22:35:54.0334 3692 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    22:35:54.0334 3692 pcmcia - ok
    22:35:54.0350 3692 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    22:35:54.0350 3692 pcw - ok
    22:35:54.0396 3692 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    22:35:54.0396 3692 PEAUTH - ok
    22:35:54.0474 3692 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    22:35:54.0474 3692 PerfHost - ok
    22:35:54.0599 3692 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    22:35:54.0599 3692 pla - ok
    22:35:54.0677 3692 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    22:35:54.0677 3692 PlugPlay - ok
    22:35:54.0693 3692 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    22:35:54.0693 3692 PNRPAutoReg - ok
    22:35:54.0740 3692 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    22:35:54.0740 3692 PNRPsvc - ok
    22:35:54.0771 3692 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    22:35:54.0786 3692 PolicyAgent - ok
    22:35:54.0818 3692 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    22:35:54.0818 3692 Power - ok
    22:35:54.0896 3692 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    22:35:54.0896 3692 PptpMiniport - ok
    22:35:54.0927 3692 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    22:35:54.0927 3692 Processor - ok
    22:35:54.0974 3692 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
    22:35:54.0974 3692 ProfSvc - ok
    22:35:54.0989 3692 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    22:35:54.0989 3692 ProtectedStorage - ok
    22:35:55.0036 3692 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    22:35:55.0036 3692 Psched - ok
    22:35:55.0067 3692 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
    22:35:55.0067 3692 PxHlpa64 - ok
    22:35:55.0161 3692 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    22:35:55.0176 3692 ql2300 - ok
    22:35:55.0270 3692 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    22:35:55.0270 3692 ql40xx - ok
    22:35:55.0301 3692 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    22:35:55.0301 3692 QWAVE - ok
    22:35:55.0317 3692 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    22:35:55.0317 3692 QWAVEdrv - ok
    22:35:55.0332 3692 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    22:35:55.0332 3692 RasAcd - ok
    22:35:55.0364 3692 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    22:35:55.0364 3692 RasAgileVpn - ok
    22:35:55.0364 3692 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    22:35:55.0379 3692 RasAuto - ok
    22:35:55.0410 3692 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:35:55.0410 3692 Rasl2tp - ok
    22:35:55.0457 3692 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    22:35:55.0457 3692 RasMan - ok
    22:35:55.0473 3692 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    22:35:55.0473 3692 RasPppoe - ok
    22:35:55.0488 3692 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    22:35:55.0488 3692 RasSstp - ok
    22:35:55.0535 3692 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    22:35:55.0535 3692 rdbss - ok
    22:35:55.0566 3692 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    22:35:55.0566 3692 rdpbus - ok
    22:35:55.0582 3692 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:35:55.0582 3692 RDPCDD - ok
    22:35:55.0598 3692 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    22:35:55.0598 3692 RDPENCDD - ok
    22:35:55.0598 3692 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    22:35:55.0598 3692 RDPREFMP - ok
    22:35:55.0629 3692 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
    22:35:55.0629 3692 RDPWD - ok
    22:35:55.0676 3692 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    22:35:55.0676 3692 rdyboost - ok
    22:35:55.0707 3692 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    22:35:55.0707 3692 RemoteAccess - ok
    22:35:55.0738 3692 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    22:35:55.0738 3692 RemoteRegistry - ok
    22:35:55.0894 3692 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    22:35:55.0910 3692 RoxMediaDB10 - ok
    22:35:55.0925 3692 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    22:35:55.0925 3692 RpcEptMapper - ok
    22:35:55.0956 3692 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    22:35:55.0956 3692 RpcLocator - ok
    22:35:56.0003 3692 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    22:35:56.0019 3692 RpcSs - ok
    22:35:56.0066 3692 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    22:35:56.0081 3692 rspndr - ok
    22:35:56.0112 3692 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
    22:35:56.0112 3692 RSUSBSTOR - ok
    22:35:56.0144 3692 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
    22:35:56.0144 3692 RTL8167 - ok
    22:35:56.0144 3692 RxFilter - ok
    22:35:56.0175 3692 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    22:35:56.0175 3692 SamSs - ok
    22:35:56.0206 3692 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    22:35:56.0222 3692 sbp2port - ok
    22:35:56.0237 3692 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    22:35:56.0237 3692 SCardSvr - ok
    22:35:56.0268 3692 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    22:35:56.0268 3692 scfilter - ok
    22:35:56.0362 3692 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    22:35:56.0378 3692 Schedule - ok
    22:35:56.0409 3692 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    22:35:56.0409 3692 SCPolicySvc - ok
    22:35:56.0456 3692 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    22:35:56.0456 3692 SDRSVC - ok
    22:35:56.0549 3692 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    22:35:56.0549 3692 SeaPort - ok
    22:35:56.0612 3692 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    22:35:56.0612 3692 secdrv - ok
    22:35:56.0627 3692 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    22:35:56.0627 3692 seclogon - ok
    22:35:56.0658 3692 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    22:35:56.0674 3692 SENS - ok
    22:35:56.0674 3692 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    22:35:56.0690 3692 SensrSvc - ok
    22:35:56.0705 3692 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    22:35:56.0705 3692 Serenum - ok
    22:35:56.0721 3692 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    22:35:56.0736 3692 Serial - ok
    22:35:56.0768 3692 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    22:35:56.0768 3692 sermouse - ok
    22:35:56.0814 3692 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    22:35:56.0814 3692 SessionEnv - ok
    22:35:56.0830 3692 SessionLauncher - ok
    22:35:56.0861 3692 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    22:35:56.0861 3692 sffdisk - ok
    22:35:56.0877 3692 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    22:35:56.0877 3692 sffp_mmc - ok
    22:35:56.0892 3692 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    22:35:56.0892 3692 sffp_sd - ok
    22:35:56.0892 3692 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    22:35:56.0908 3692 sfloppy - ok
    22:35:56.0970 3692 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    22:35:56.0970 3692 SharedAccess - ok
    22:35:57.0002 3692 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    22:35:57.0017 3692 ShellHWDetection - ok
    22:35:57.0033 3692 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    22:35:57.0033 3692 SiSRaid2 - ok
    22:35:57.0048 3692 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    22:35:57.0048 3692 SiSRaid4 - ok
    22:35:57.0064 3692 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    22:35:57.0064 3692 Smb - ok
    22:35:57.0095 3692 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    22:35:57.0095 3692 SNMPTRAP - ok
    22:35:57.0111 3692 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    22:35:57.0111 3692 spldr - ok
    22:35:57.0158 3692 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    22:35:57.0158 3692 Spooler - ok
    22:35:57.0376 3692 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    22:35:57.0407 3692 sppsvc - ok
    22:35:57.0485 3692 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    22:35:57.0485 3692 sppuinotify - ok
    22:35:57.0563 3692 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    22:35:57.0563 3692 srv - ok
    22:35:57.0594 3692 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    22:35:57.0610 3692 srv2 - ok
    22:35:57.0626 3692 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    22:35:57.0626 3692 srvnet - ok
    22:35:57.0657 3692 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    22:35:57.0657 3692 SSDPSRV - ok
    22:35:57.0672 3692 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    22:35:57.0672 3692 SstpSvc - ok
    22:35:57.0750 3692 Steam Client Service - ok
    22:35:57.0844 3692 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    22:35:57.0844 3692 Stereo Service - ok
    22:35:57.0860 3692 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    22:35:57.0875 3692 stexstor - ok
    22:35:57.0938 3692 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    22:35:57.0953 3692 stisvc - ok
    22:35:57.0984 3692 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    22:35:57.0984 3692 stllssvr - ok
    22:35:58.0016 3692 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    22:35:58.0016 3692 swenum - ok
    22:35:58.0062 3692 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    22:35:58.0078 3692 swprv - ok
    22:35:58.0203 3692 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    22:35:58.0218 3692 SysMain - ok
    22:35:58.0312 3692 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    22:35:58.0312 3692 TabletInputService - ok
    22:35:58.0343 3692 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    22:35:58.0343 3692 TapiSrv - ok
    22:35:58.0359 3692 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    22:35:58.0359 3692 TBS - ok
    22:35:58.0530 3692 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    22:35:58.0546 3692 Tcpip - ok
    22:35:58.0686 3692 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    22:35:58.0702 3692 TCPIP6 - ok
    22:35:58.0764 3692 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    22:35:58.0764 3692 tcpipreg - ok
    22:35:58.0796 3692 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    22:35:58.0796 3692 TDPIPE - ok
    22:35:58.0827 3692 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    22:35:58.0827 3692 TDTCP - ok
    22:35:58.0858 3692 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    22:35:58.0858 3692 tdx - ok
    22:35:59.0123 3692 TeamViewer7 (74fc70ae64a7b7dabec9697ce0a1f4fa) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    22:35:59.0123 3692 TeamViewer7 - ok
    22:35:59.0217 3692 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    22:35:59.0217 3692 TermDD - ok
    22:35:59.0279 3692 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    22:35:59.0295 3692 TermService - ok
    22:35:59.0310 3692 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    22:35:59.0310 3692 Themes - ok
    22:35:59.0342 3692 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    22:35:59.0342 3692 THREADORDER - ok
    22:35:59.0357 3692 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    22:35:59.0357 3692 TrkWks - ok
    22:35:59.0420 3692 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    22:35:59.0420 3692 TrustedInstaller - ok
    22:35:59.0451 3692 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:35:59.0451 3692 tssecsrv - ok
    22:35:59.0498 3692 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    22:35:59.0498 3692 TsUsbFlt - ok
    22:35:59.0544 3692 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    22:35:59.0544 3692 tunnel - ok
    22:35:59.0576 3692 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    22:35:59.0576 3692 uagp35 - ok
    22:35:59.0622 3692 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    22:35:59.0622 3692 udfs - ok
    22:35:59.0638 3692 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    22:35:59.0638 3692 UI0Detect - ok
    22:35:59.0669 3692 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    22:35:59.0669 3692 uliagpkx - ok
    22:35:59.0716 3692 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    22:35:59.0716 3692 umbus - ok
    22:35:59.0732 3692 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    22:35:59.0732 3692 UmPass - ok
    22:35:59.0763 3692 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    22:35:59.0763 3692 upnphost - ok
    22:35:59.0794 3692 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
    22:35:59.0794 3692 USBAAPL64 - ok
    22:35:59.0825 3692 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    22:35:59.0825 3692 usbaudio - ok
    22:35:59.0856 3692 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    22:35:59.0872 3692 usbccgp - ok
    22:35:59.0888 3692 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    22:35:59.0888 3692 usbcir - ok
    22:35:59.0919 3692 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    22:35:59.0919 3692 usbehci - ok
    22:35:59.0950 3692 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    22:35:59.0950 3692 usbhub - ok
    22:35:59.0966 3692 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    22:35:59.0966 3692 usbohci - ok
    22:35:59.0981 3692 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    22:35:59.0981 3692 usbprint - ok
    22:35:59.0997 3692 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    22:35:59.0997 3692 usbscan - ok
    22:36:00.0044 3692 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    22:36:00.0044 3692 USBSTOR - ok
    22:36:00.0059 3692 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
    22:36:00.0059 3692 usbuhci - ok
    22:36:00.0075 3692 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    22:36:00.0075 3692 UxSms - ok
    22:36:00.0090 3692 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    22:36:00.0106 3692 VaultSvc - ok
    22:36:00.0137 3692 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    22:36:00.0137 3692 vdrvroot - ok
    22:36:00.0200 3692 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    22:36:00.0200 3692 vds - ok
    22:36:00.0215 3692 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    22:36:00.0231 3692 vga - ok
    22:36:00.0246 3692 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    22:36:00.0246 3692 VgaSave - ok
    22:36:00.0262 3692 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    22:36:00.0262 3692 vhdmp - ok
    22:36:00.0278 3692 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    22:36:00.0278 3692 viaide - ok
    22:36:00.0293 3692 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    22:36:00.0293 3692 volmgr - ok
    22:36:00.0324 3692 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    22:36:00.0324 3692 volmgrx - ok
    22:36:00.0356 3692 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    22:36:00.0371 3692 volsnap - ok
    22:36:00.0402 3692 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    22:36:00.0402 3692 vsmraid - ok
    22:36:00.0527 3692 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    22:36:00.0543 3692 VSS - ok
    22:36:00.0636 3692 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    22:36:00.0636 3692 vwifibus - ok
    22:36:00.0683 3692 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    22:36:00.0683 3692 W32Time - ok
    22:36:00.0699 3692 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    22:36:00.0699 3692 WacomPen - ok
    22:36:00.0746 3692 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    22:36:00.0746 3692 WANARP - ok
    22:36:00.0746 3692 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    22:36:00.0761 3692 Wanarpv6 - ok
    22:36:00.0870 3692 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    22:36:00.0886 3692 WatAdminSvc - ok
    22:36:00.0995 3692 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    22:36:01.0011 3692 wbengine - ok
    22:36:01.0089 3692 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    22:36:01.0104 3692 WbioSrvc - ok
    22:36:01.0151 3692 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    22:36:01.0151 3692 wcncsvc - ok
    22:36:01.0167 3692 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    22:36:01.0167 3692 WcsPlugInService - ok
    22:36:01.0198 3692 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    22:36:01.0198 3692 Wd - ok
    22:36:01.0245 3692 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    22:36:01.0245 3692 Wdf01000 - ok
    22:36:01.0260 3692 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    22:36:01.0260 3692 WdiServiceHost - ok
    22:36:01.0276 3692 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    22:36:01.0276 3692 WdiSystemHost - ok
    22:36:01.0292 3692 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    22:36:01.0307 3692 WebClient - ok
    22:36:01.0323 3692 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    22:36:01.0323 3692 Wecsvc - ok
    22:36:01.0338 3692 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    22:36:01.0354 3692 wercplsupport - ok
    22:36:01.0370 3692 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    22:36:01.0370 3692 WerSvc - ok
    22:36:01.0401 3692 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    22:36:01.0401 3692 WfpLwf - ok
    22:36:01.0432 3692 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
    22:36:01.0432 3692 WimFltr - ok
    22:36:01.0448 3692 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    22:36:01.0448 3692 WIMMount - ok
    22:36:01.0510 3692 WinDefend - ok
    22:36:01.0510 3692 WinHttpAutoProxySvc - ok
    22:36:01.0572 3692 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    22:36:01.0572 3692 Winmgmt - ok
    22:36:01.0728 3692 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    22:36:01.0744 3692 WinRM - ok
    22:36:01.0853 3692 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    22:36:01.0853 3692 WinUsb - ok
    22:36:01.0916 3692 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    22:36:01.0931 3692 Wlansvc - ok
    22:36:02.0103 3692 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    22:36:02.0118 3692 wlidsvc - ok
    22:36:02.0181 3692 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    22:36:02.0181 3692 WmiAcpi - ok
    22:36:02.0243 3692 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    22:36:02.0243 3692 wmiApSrv - ok
    22:36:02.0290 3692 WMPNetworkSvc - ok
    22:36:02.0306 3692 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    22:36:02.0306 3692 WPCSvc - ok
    22:36:02.0337 3692 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    22:36:02.0337 3692 WPDBusEnum - ok
    22:36:02.0368 3692 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    22:36:02.0368 3692 ws2ifsl - ok
    22:36:02.0399 3692 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
    22:36:02.0399 3692 wscsvc - ok
    22:36:02.0415 3692 WSearch - ok
    22:36:02.0602 3692 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    22:36:02.0618 3692 wuauserv - ok
    22:36:02.0727 3692 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    22:36:02.0727 3692 WudfPf - ok
    22:36:02.0758 3692 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    22:36:02.0758 3692 WUDFRd - ok
    22:36:02.0789 3692 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    22:36:02.0789 3692 wudfsvc - ok
    22:36:02.0820 3692 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    22:36:02.0820 3692 WwanSvc - ok
    22:36:02.0836 3692 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    22:36:03.0070 3692 \Device\Harddisk0\DR0 - ok
    22:36:03.0070 3692 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk1\DR1
    22:36:03.0086 3692 \Device\Harddisk1\DR1 - ok
    22:36:03.0086 3692 Boot (0x1200) (1012edbcbed4755699b031f71e78c4d6) \Device\Harddisk0\DR0\Partition0
    22:36:03.0086 3692 \Device\Harddisk0\DR0\Partition0 - ok
    22:36:03.0101 3692 Boot (0x1200) (813e8ef7d1777ca7d12b7cc1062ac7a6) \Device\Harddisk0\DR0\Partition1
    22:36:03.0101 3692 \Device\Harddisk0\DR0\Partition1 - ok
    22:36:03.0101 3692 Boot (0x1200) (fe0cf974603f5f3a65f97a4df63e168b) \Device\Harddisk1\DR1\Partition0
    22:36:03.0101 3692 \Device\Harddisk1\DR1\Partition0 - ok
    22:36:03.0101 3692 Boot (0x1200) (3eadcff754034e7c29ff0fe251791d00) \Device\Harddisk1\DR1\Partition1
    22:36:03.0101 3692 \Device\Harddisk1\DR1\Partition1 - ok
    22:36:03.0101 3692 ============================================================
    22:36:03.0101 3692 Scan finished
    22:36:03.0101 3692 ============================================================
    22:36:03.0117 3352 Detected object count: 0
    22:36:03.0117 3352 Actual detected object count: 0
    22:36:35.0653 4596 Deinitialize success
     
  22. almightyrum

    almightyrum TS Rookie Topic Starter Posts: 28

    Just FYI I installed and updated Avast instead of AVG since I had already downloaded the installer from this site and felt it was safe to install. Let me know if that is going to cause a problem.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    That's fine.

    Please post new RogueKiller log.
     
  24. almightyrum

    almightyrum TS Rookie Topic Starter Posts: 28

    OK so here is the new RogueKiller Log:

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: Matt [Admin rights]
    Mode: Scan -- Date: 07/30/2012 07:01:59
    ¤¤¤ Bad processes: 0 ¤¤¤
    ¤¤¤ Registry Entries: 9 ¤¤¤
    [BLACKLIST DLL] HKCU\[...]\Run : Piriform (rundll32.exe C:\Users\Matt\AppData\Local\Piriform\bovtyzcr.dll,CPPDebug) -> FOUND
    [BLACKLIST DLL] HKUS\S-1-5-21-658256594-2731304227-2091816638-1001[...]\Run : Piriform (rundll32.exe C:\Users\Matt\AppData\Local\Piriform\bovtyzcr.dll,CPPDebug) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver: [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG HD103UJ +++++
    --- User ---
    [MBR] 8a4a3475a8608b8f66a18455fb82f62b
    [BSP] 89a446c8ee907cef1f1b5e8950b873ac : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 9342 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19214336 | Size: 944486 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: Maxtor OneTouch USB Device +++++
    --- User ---
    [MBR] aecb1ccd71dfde9f46bd200dbd4c6dd8
    [BSP] d54a6902366668122097ef84c0d6cb49 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1 | Size: 200000 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600001 | Size: 410479 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
  25. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\users\Matt\AppData\Local\Piriform\bovtyzcr.dll
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Piriform"=-
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...