TechSpot

Trojan.Sirefef.fy and Trojan.Generic - Steps followed with logs

By Vicker
Jun 30, 2012
  1. Hi,

    I am facing a very similar issue to what some have reported , with the dreaded Trojan.sirefef.fy and trojan.Generic being detected in my beloved laptop. The issue is similar to the thread at:

    http://www.techspot.com/community/topics/trojan-generic-trojan-sirefef.181501/

    I have followed the steps listed out too (till ComboFix), and pasted as much information from the runs. Here is a summary:

    1. Antivirus Run -BitDefender total security 2013 : kept detecting the Trojans :
    C:\windows\assembly\GAC_64\Desktop.ini : Trojan.sirefef.fy
    c:\windows\system32\smss.exe :Trojan.sirefef.fy
    C:\windows\assembly\GAC_32\Desktop.ini : Trojan.generic. 7552xxx (some numbers)

    It would keep detecting these Trojans on reboot and give constant warnings. It will claim to have deleted most except 1 or 2 Trojans (sirefef.fy) which simply doesn't get deleted and keeps appearing every time I turn on the laptop . I guess this causes the other trojans to get created/appear every time or something.

    I have performed the following steps , and I will be copy pasting all the logs information collected :

    2. Malwarebytes (didn't detect any infected files)

    3. GMER

    4. DDS

    5. Bootkit Remover

    6.aswMBR

    7. TDSS Killer

    8. FixTDSS

    9. ComboFIX


    Thank you so much in advance for your assistance.
     
  2. Vicker

    Vicker TS Rookie Topic Starter Posts: 18

    2. Step 2: Malwarebytes:

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.27.09

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Vicky :: VICKY-ACER [administrator]

    6/30/2012 7:49:42 AM
    mbam-log-2012-06-30 (07-49-42).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 209666
    Time elapsed: 4 minute(s), 54 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    -----------------------

    Step 3: GMER Log:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-06-30 08:38:53
    Windows 6.1.7600
    Running: itgu0iwk.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@CriticalSectionTimeout 2592000
    Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@GlobalFlag 0
    Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@HeapDeCommitFreeBlockThreshold 0
    Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@HeapDeCommitTotalFreeThreshold 0
    Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@HeapSegmentCommit 0
    Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@HeapSegmentReserve 0
    Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@ProcessorControl 2
    Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@ResourceTimeoutCount 648000
    Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@BootExecute autocheck autochk *?
    Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@ExcludeFromKnownDlls
    Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@ObjectDirectories \Windows?\RPC Control?
    Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@ProtectionMode 1
    Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@NumberOfInitialSessions 2
    Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@SetupExecute
    Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@PendingFileRenameOperations \??\C:\Windows\assembly\GAC_64\Desktop.ini??\??\C:\Windows\assembly\GAC_32\Desktop.ini??

    ---- EOF - GMER 1.0.15 ----
     
  3. Vicker

    Vicker TS Rookie Topic Starter Posts: 18

    Step 5: DDS

    Shows random characters (similar to the thread:
    http://www.techspot.com/community/topics/trojan-generic-trojan-sirefef.181501/ )

    MZ   ÿÿ ¸ @ Ø º ´Í!¸LÍ!This program cannot be run in DOS mode.$ 1¸„:uÙêiuÙêiuÙêI¶ÖµiwÙêiuÙëIîÙêI¶Ö·idÙêI!úÚIÙêI²ßìitÙêiRichuÙêI PE L ÆãK à   P   0ó °  @        í €      `    ` UPX0    € àUPX1 P ° F  @ à.rsrc    J @ À ----->and lots of more signs like this


    ---------------------------------------------------------

    Step 6: Bootkit Remover log:


    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`32d00000
    Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...

    ---------------------------------------------------

    Step 7: aswMBR log:


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-30 08:47:37
    -----------------------------
    08:47:37.778 OS Version: Windows x64 6.1.7600
    08:47:37.778 Number of processors: 4 586 0x2505
    08:47:37.778 ComputerName: VICKY-ACER UserName: Vicky
    08:47:39.026 Initialize success
    08:47:54.173 AVAST engine download error: 0
    08:47:56.451 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    08:47:56.451 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
    08:47:56.466 Disk 0 MBR read successfully
    08:47:56.466 Disk 0 MBR scan
    08:47:56.466 Disk 0 Windows VISTA default MBR code
    08:47:56.482 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13000 MB offset 2048
    08:47:56.513 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26626048
    08:47:56.529 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 235041 MB offset 26830848
    08:47:56.529 Disk 0 Partition - 00 0F Extended LBA 228796 MB offset 508196864
    08:47:56.560 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 228795 MB offset 508198912
    08:47:56.575 Disk 0 scanning C:\Windows\system32\drivers
    08:48:02.004 Service scanning
    08:48:04.859 Service BdfNdisf c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys **LOCKED** 5
    08:48:04.921 Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5
    08:48:22.565 Modules scanning
    08:48:22.565 Disk 0 trace - called modules:
    08:48:22.596 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    08:48:22.612 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b6c060]
    08:48:22.612 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004922050]
    08:48:22.628 Scan finished successfully
    08:49:00.177 Disk 0 MBR has been saved successfully to "C:\Users\Vicky\Desktop\Malware Removal\07 ASWMBR\MBR.dat"
    08:49:00.224 The log file has been saved successfully to "C:\Users\Vicky\Desktop\Malware Removal\07 ASWMBR\aswMBR.txt"


    --------------------------------------------------------------------------------------------
     
  4. Vicker

    Vicker TS Rookie Topic Starter Posts: 18

    Step 8: TDSS Killer log:

    08:49:35.0564 4696 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
    08:49:35.0595 4696 ============================================================
    08:49:35.0595 4696 Current date / time: 2012/06/30 08:49:35.0595
    08:49:35.0595 4696 SystemInfo:
    08:49:35.0595 4696
    08:49:35.0595 4696 OS Version: 6.1.7600 ServicePack: 0.0
    08:49:35.0595 4696 Product type: Workstation
    08:49:35.0595 4696 ComputerName: VICKY-ACER
    08:49:35.0595 4696 UserName: Vicky
    08:49:35.0595 4696 Windows directory: C:\Windows
    08:49:35.0595 4696 System windows directory: C:\Windows
    08:49:35.0595 4696 Running under WOW64
    08:49:35.0595 4696 Processor architecture: Intel x64
    08:49:35.0595 4696 Number of processors: 4
    08:49:35.0595 4696 Page size: 0x1000
    08:49:35.0595 4696 Boot type: Normal boot
    08:49:35.0595 4696 ============================================================
    08:49:36.0079 4696 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    08:49:36.0157 4696 Drive \Device\Harddisk1\DR2 - Size: 0x78800000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    08:49:36.0157 4696 ============================================================
    08:49:36.0157 4696 \Device\Harddisk0\DR0:
    08:49:36.0157 4696 MBR partitions:
    08:49:36.0157 4696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
    08:49:36.0157 4696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x1CB10830
    08:49:36.0172 4696 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E4A8000, BlocksNum 0x1BEDD800
    08:49:36.0172 4696 \Device\Harddisk1\DR2:
    08:49:36.0172 4696 MBR partitions:
    08:49:36.0172 4696 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x3C2000
    08:49:36.0172 4696 ============================================================
    08:49:36.0219 4696 C: <-> \Device\Harddisk0\DR0\Partition1
    08:49:36.0297 4696 E: <-> \Device\Harddisk0\DR0\Partition2
    08:49:36.0297 4696 ============================================================
    08:49:36.0297 4696 Initialize success
    08:49:36.0297 4696 ============================================================
    08:49:47.0841 3632 ============================================================
    08:49:47.0841 3632 Scan started
    08:49:47.0841 3632 Mode: Manual;
    08:49:47.0841 3632 ============================================================
    08:49:48.0496 3632 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    08:49:48.0496 3632 1394ohci - ok
    08:49:48.0574 3632 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    08:49:48.0574 3632 ACPI - ok
    08:49:48.0590 3632 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    08:49:48.0590 3632 AcpiPmi - ok
    08:49:48.0637 3632 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    08:49:48.0652 3632 adp94xx - ok
    08:49:48.0699 3632 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    08:49:48.0715 3632 adpahci - ok
    08:49:48.0746 3632 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    08:49:48.0746 3632 adpu320 - ok
    08:49:48.0793 3632 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    08:49:48.0793 3632 AeLookupSvc - ok
    08:49:48.0886 3632 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
    08:49:48.0902 3632 AFD - ok
    08:49:48.0933 3632 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    08:49:48.0949 3632 agp440 - ok
    08:49:49.0354 3632 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll
    08:49:49.0354 3632 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
    08:49:49.0370 3632 Akamai ( HiddenFile.Multi.Generic ) - warning
    08:49:49.0370 3632 Akamai - detected HiddenFile.Multi.Generic (1)
    08:49:49.0479 3632 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    08:49:49.0479 3632 ALG - ok
    08:49:49.0542 3632 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    08:49:49.0542 3632 aliide - ok
    08:49:49.0557 3632 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    08:49:49.0573 3632 amdide - ok
    08:49:49.0588 3632 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    08:49:49.0604 3632 AmdK8 - ok
    08:49:49.0620 3632 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    08:49:49.0620 3632 AmdPPM - ok
    08:49:49.0651 3632 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    08:49:49.0666 3632 amdsata - ok
    08:49:49.0682 3632 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    08:49:49.0682 3632 amdsbs - ok
    08:49:49.0713 3632 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    08:49:49.0713 3632 amdxata - ok
    08:49:49.0760 3632 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
    08:49:49.0760 3632 AmUStor - ok
    08:49:49.0822 3632 ApfiltrService (6f9ef180bb9cec92d3e8ec9163748de5) C:\Windows\system32\DRIVERS\Apfiltr.sys
    08:49:49.0822 3632 ApfiltrService - ok
    08:49:49.0885 3632 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    08:49:49.0885 3632 AppID - ok
    08:49:49.0916 3632 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    08:49:49.0916 3632 AppIDSvc - ok
    08:49:49.0932 3632 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
    08:49:49.0932 3632 Appinfo - ok
    08:49:49.0963 3632 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    08:49:49.0963 3632 arc - ok
    08:49:49.0978 3632 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    08:49:49.0978 3632 arcsas - ok
    08:49:50.0010 3632 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    08:49:50.0010 3632 AsyncMac - ok
    08:49:50.0041 3632 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    08:49:50.0041 3632 atapi - ok
    08:49:50.0212 3632 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
    08:49:50.0244 3632 athr - ok
    08:49:50.0384 3632 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    08:49:50.0384 3632 AudioEndpointBuilder - ok
    08:49:50.0400 3632 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    08:49:50.0400 3632 AudioSrv - ok
    08:49:50.0493 3632 Autodesk Licensing Service (32a5defddc3562bf89d73586f5915b34) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    08:49:50.0493 3632 Autodesk Licensing Service - ok
    08:49:50.0587 3632 avc3 (f57de310bf3bd9df0f7d301c1d7f5432) C:\Windows\system32\DRIVERS\avc3.sys
    08:49:50.0602 3632 avc3 - ok
    08:49:50.0634 3632 avchv (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys
    08:49:50.0634 3632 avchv - ok
    08:49:50.0680 3632 avckf (6dc4cca415bbf2fc629beb532aa0e6cd) C:\Windows\system32\DRIVERS\avckf.sys
    08:49:50.0680 3632 avckf - ok
    08:49:50.0727 3632 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
    08:49:50.0727 3632 AxInstSV - ok
    08:49:50.0790 3632 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    08:49:50.0790 3632 b06bdrv - ok
    08:49:50.0836 3632 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    08:49:50.0836 3632 b57nd60a - ok
    08:49:50.0930 3632 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
    08:49:50.0946 3632 BCM43XX - ok
    08:49:51.0024 3632 BdDesktopParental (52c16890a91168a6c720a8c3e63322fb) C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe
    08:49:51.0024 3632 BdDesktopParental - ok
    08:49:51.0133 3632 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    08:49:51.0133 3632 BDESVC - ok
    08:49:51.0226 3632 BdfNdisf (707ac68f86f97c17c30498aaf3c7e27e) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
    08:49:51.0242 3632 BdfNdisf - ok
    08:49:51.0289 3632 bdfwfpf (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
    08:49:51.0289 3632 bdfwfpf - ok
    08:49:51.0336 3632 BDSandBox (31571d77c6186ad228f52ee4ebdf8ee9) C:\Windows\system32\drivers\bdsandbox.sys
    08:49:51.0336 3632 BDSandBox - ok
    08:49:51.0367 3632 BDVEDISK (50f796cb1e8c80f3d19435cb50c3dab5) C:\Windows\system32\DRIVERS\bdvedisk.sys
    08:49:51.0382 3632 BDVEDISK - ok
    08:49:51.0398 3632 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    08:49:51.0414 3632 Beep - ok
    08:49:51.0476 3632 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
    08:49:51.0492 3632 BITS - ok
    08:49:51.0523 3632 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    08:49:51.0523 3632 blbdrive - ok
    08:49:51.0570 3632 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
    08:49:51.0570 3632 bowser - ok
    08:49:51.0601 3632 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    08:49:51.0601 3632 BrFiltLo - ok
    08:49:51.0632 3632 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    08:49:51.0632 3632 BrFiltUp - ok
    08:49:51.0663 3632 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
    08:49:51.0663 3632 Browser - ok
    08:49:51.0694 3632 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    08:49:51.0710 3632 Brserid - ok
    08:49:51.0726 3632 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    08:49:51.0726 3632 BrSerWdm - ok
    08:49:51.0741 3632 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    08:49:51.0741 3632 BrUsbMdm - ok
    08:49:51.0757 3632 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    08:49:51.0757 3632 BrUsbSer - ok
    08:49:51.0788 3632 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    08:49:51.0788 3632 BTHMODEM - ok
    08:49:51.0835 3632 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    08:49:51.0835 3632 bthserv - ok
    08:49:51.0850 3632 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    08:49:51.0866 3632 cdfs - ok
    08:49:51.0882 3632 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    08:49:51.0897 3632 cdrom - ok
    08:49:51.0913 3632 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    08:49:51.0913 3632 CertPropSvc - ok
    08:49:51.0928 3632 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    08:49:51.0928 3632 circlass - ok
    08:49:51.0960 3632 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    08:49:51.0975 3632 CLFS - ok
    08:49:52.0038 3632 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    08:49:52.0038 3632 clr_optimization_v2.0.50727_32 - ok
    08:49:52.0084 3632 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    08:49:52.0084 3632 clr_optimization_v2.0.50727_64 - ok
    08:49:52.0116 3632 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    08:49:52.0116 3632 CmBatt - ok
    08:49:52.0147 3632 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    08:49:52.0147 3632 cmdide - ok
    08:49:52.0194 3632 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
    08:49:52.0209 3632 CNG - ok
    08:49:52.0225 3632 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    08:49:52.0225 3632 Compbatt - ok
    08:49:52.0256 3632 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    08:49:52.0256 3632 CompositeBus - ok
    08:49:52.0272 3632 COMSysApp - ok
    08:49:52.0303 3632 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    08:49:52.0303 3632 crcdisk - ok
    08:49:52.0334 3632 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
    08:49:52.0350 3632 CryptSvc - ok
    08:49:52.0412 3632 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    08:49:52.0412 3632 DcomLaunch - ok
    08:49:52.0459 3632 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    08:49:52.0474 3632 defragsvc - ok
    08:49:52.0506 3632 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
    08:49:52.0506 3632 DfsC - ok
    08:49:52.0568 3632 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
    08:49:52.0568 3632 Dhcp - ok
    08:49:52.0599 3632 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    08:49:52.0599 3632 discache - ok
    08:49:52.0646 3632 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    08:49:52.0646 3632 Disk - ok
    08:49:52.0693 3632 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
    08:49:52.0693 3632 Dnscache - ok
    08:49:52.0724 3632 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
    08:49:52.0724 3632 dot3svc - ok
    08:49:52.0755 3632 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
    08:49:52.0755 3632 DPS - ok
    08:49:52.0786 3632 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    08:49:52.0786 3632 drmkaud - ok
    08:49:52.0864 3632 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
    08:49:52.0880 3632 DXGKrnl - ok
    08:49:52.0927 3632 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    08:49:52.0927 3632 EapHost - ok
    08:49:53.0145 3632 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    08:49:53.0192 3632 ebdrv - ok
    08:49:53.0301 3632 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
    08:49:53.0301 3632 EFS - ok
    08:49:53.0410 3632 ehRecvr (3d69fae60ede442e004611a4ee4db44c) C:\Windows\ehome\ehRecvr.exe
    08:49:53.0426 3632 ehRecvr - ok
    08:49:53.0457 3632 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    08:49:53.0457 3632 ehSched - ok
    08:49:53.0535 3632 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    08:49:53.0535 3632 elxstor - ok
    08:49:53.0676 3632 ePowerSvc (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    08:49:53.0691 3632 ePowerSvc - ok
    08:49:53.0785 3632 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    08:49:53.0785 3632 ErrDev - ok
    08:49:53.0863 3632 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    08:49:53.0863 3632 EventSystem - ok
    08:49:53.0910 3632 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    08:49:53.0910 3632 exfat - ok
    08:49:53.0941 3632 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    08:49:53.0956 3632 fastfat - ok
    08:49:54.0003 3632 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
    08:49:54.0019 3632 Fax - ok
    08:49:54.0050 3632 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    08:49:54.0050 3632 fdc - ok
    08:49:54.0097 3632 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    08:49:54.0097 3632 fdPHost - ok
    08:49:54.0112 3632 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    08:49:54.0112 3632 FDResPub - ok
    08:49:54.0112 3632 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    08:49:54.0128 3632 FileInfo - ok
    08:49:54.0144 3632 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    08:49:54.0144 3632 Filetrace - ok
    08:49:54.0144 3632 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    08:49:54.0144 3632 flpydisk - ok
    08:49:54.0175 3632 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    08:49:54.0175 3632 FltMgr - ok
    08:49:54.0268 3632 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
    08:49:54.0284 3632 FontCache - ok
    08:49:54.0346 3632 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    08:49:54.0346 3632 FontCache3.0.0.0 - ok
    08:49:54.0487 3632 FortiSslvpnDaemon (b4654909ab91283c196bafb901bbd510) C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
    08:49:54.0502 3632 FortiSslvpnDaemon - ok
    08:49:54.0596 3632 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    08:49:54.0596 3632 FsDepends - ok
    08:49:54.0612 3632 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
    08:49:54.0612 3632 Fs_Rec - ok
    08:49:54.0674 3632 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    08:49:54.0674 3632 fvevol - ok
    08:49:54.0705 3632 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    08:49:54.0705 3632 gagp30kx - ok
    08:49:54.0768 3632 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
    08:49:54.0783 3632 gpsvc - ok
    08:49:54.0861 3632 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    08:49:54.0861 3632 GREGService - ok
    08:49:54.0924 3632 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    08:49:54.0924 3632 gupdate - ok
    08:49:54.0970 3632 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    08:49:54.0970 3632 gupdatem - ok
    08:49:54.0986 3632 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    08:49:54.0986 3632 gusvc - ok
    08:49:55.0048 3632 gzflt (07177b5a8c277074c30ac515febd4f37) C:\Windows\system32\DRIVERS\gzflt.sys
    08:49:55.0048 3632 gzflt - ok
    08:49:55.0080 3632 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    08:49:55.0080 3632 hcw85cir - ok
    08:49:55.0111 3632 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    08:49:55.0126 3632 HdAudAddService - ok
    08:49:55.0158 3632 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    08:49:55.0158 3632 HDAudBus - ok
    08:49:55.0189 3632 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    08:49:55.0189 3632 HECIx64 - ok
    08:49:55.0204 3632 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    08:49:55.0204 3632 HidBatt - ok
    08:49:55.0220 3632 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    08:49:55.0220 3632 HidBth - ok
    08:49:55.0251 3632 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    08:49:55.0251 3632 HidIr - ok
    08:49:55.0267 3632 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    08:49:55.0267 3632 hidserv - ok
    08:49:55.0314 3632 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    08:49:55.0314 3632 HidUsb - ok
    08:49:55.0345 3632 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
    08:49:55.0345 3632 hkmsvc - ok
    08:49:55.0376 3632 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
    08:49:55.0392 3632 HomeGroupListener - ok
    08:49:55.0423 3632 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
    08:49:55.0423 3632 HomeGroupProvider - ok
    08:49:55.0470 3632 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    08:49:55.0470 3632 HpSAMD - ok
    08:49:55.0532 3632 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    08:49:55.0548 3632 HTTP - ok
    08:49:55.0594 3632 hwdatacard - ok
    08:49:55.0626 3632 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    08:49:55.0626 3632 hwpolicy - ok
    08:49:55.0657 3632 hwusbdev (b45b3647ba32749b94fa689175ec8c26) C:\Windows\system32\DRIVERS\ewusbdev.sys
    08:49:55.0657 3632 hwusbdev - ok
    08:49:55.0704 3632 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    08:49:55.0704 3632 i8042prt - ok
    08:49:55.0766 3632 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
    08:49:55.0766 3632 iaStor - ok
    08:49:55.0828 3632 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    08:49:55.0828 3632 iaStorV - ok
    08:49:55.0938 3632 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    08:49:55.0953 3632 idsvc - ok
    08:49:56.0577 3632 igfx (2a22ab054f4630d2ef4bab2853f6d5f6) C:\Windows\system32\DRIVERS\igdkmd64.sys
    08:49:56.0780 3632 igfx - ok
    08:49:56.0920 3632 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    08:49:56.0920 3632 iirsp - ok
    08:49:57.0030 3632 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
    08:49:57.0045 3632 IKEEXT - ok
    08:49:57.0076 3632 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
    08:49:57.0076 3632 Impcd - ok
    08:49:57.0264 3632 IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
    08:49:57.0295 3632 IntcAzAudAddService - ok
    08:49:57.0451 3632 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
    08:49:57.0451 3632 IntcDAud - ok
    08:49:57.0498 3632 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    08:49:57.0498 3632 intelide - ok
    08:49:57.0529 3632 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    08:49:57.0529 3632 intelppm - ok
    08:49:57.0560 3632 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    08:49:57.0560 3632 IPBusEnum - ok
    08:49:57.0591 3632 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    08:49:57.0591 3632 IpFilterDriver - ok
    08:49:57.0607 3632 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    08:49:57.0607 3632 IPMIDRV - ok
    08:49:57.0638 3632 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    08:49:57.0638 3632 IPNAT - ok
    08:49:57.0654 3632 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    08:49:57.0654 3632 IRENUM - ok
    08:49:57.0700 3632 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    08:49:57.0700 3632 isapnp - ok
    08:49:57.0732 3632 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    08:49:57.0732 3632 iScsiPrt - ok
    08:49:57.0778 3632 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    08:49:57.0778 3632 kbdclass - ok
    08:49:57.0810 3632 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    08:49:57.0810 3632 kbdhid - ok
    08:49:57.0856 3632 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    08:49:57.0856 3632 KeyIso - ok
    08:49:57.0888 3632 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
    08:49:57.0888 3632 KSecDD - ok
    08:49:57.0903 3632 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
    08:49:57.0919 3632 KSecPkg - ok
    08:49:57.0934 3632 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    08:49:57.0934 3632 ksthunk - ok
    08:49:57.0997 3632 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    08:49:57.0997 3632 KtmRm - ok
    08:49:58.0044 3632 L1C (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys
    08:49:58.0044 3632 L1C - ok
    08:49:58.0075 3632 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
    08:49:58.0075 3632 L1E - ok
    08:49:58.0106 3632 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
    08:49:58.0122 3632 LanmanServer - ok
    08:49:58.0137 3632 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
    08:49:58.0153 3632 LanmanWorkstation - ok
    08:49:58.0184 3632 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    08:49:58.0184 3632 lltdio - ok
    08:49:58.0246 3632 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    08:49:58.0246 3632 lltdsvc - ok
    08:49:58.0262 3632 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    08:49:58.0262 3632 lmhosts - ok
    08:49:58.0371 3632 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel(R) Management
     
  5. Vicker

    Vicker TS Rookie Topic Starter Posts: 18

    Step 8: TDSS KIller log continued:


    Engine Components\LMS\LMS.exe
    08:49:58.0371 3632 LMS - ok
    08:49:58.0418 3632 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    08:49:58.0418 3632 LSI_FC - ok
    08:49:58.0434 3632 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    08:49:58.0434 3632 LSI_SAS - ok
    08:49:58.0465 3632 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    08:49:58.0465 3632 LSI_SAS2 - ok
    08:49:58.0480 3632 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    08:49:58.0480 3632 LSI_SCSI - ok
    08:49:58.0512 3632 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    08:49:58.0512 3632 luafv - ok
    08:49:58.0558 3632 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
    08:49:58.0574 3632 Mcx2Svc - ok
    08:49:58.0590 3632 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    08:49:58.0590 3632 megasas - ok
    08:49:58.0621 3632 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    08:49:58.0636 3632 MegaSR - ok
    08:49:58.0699 3632 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    08:49:58.0699 3632 Microsoft Office Groove Audit Service - ok
    08:49:58.0746 3632 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    08:49:58.0746 3632 MMCSS - ok
    08:49:58.0777 3632 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    08:49:58.0777 3632 Modem - ok
    08:49:58.0792 3632 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    08:49:58.0792 3632 monitor - ok
    08:49:58.0808 3632 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    08:49:58.0808 3632 mouclass - ok
    08:49:58.0855 3632 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    08:49:58.0855 3632 mouhid - ok
    08:49:58.0870 3632 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    08:49:58.0870 3632 mountmgr - ok
    08:49:58.0964 3632 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    08:49:58.0964 3632 MozillaMaintenance - ok
    08:49:58.0995 3632 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    08:49:58.0995 3632 mpio - ok
    08:49:59.0026 3632 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    08:49:59.0026 3632 mpsdrv - ok
    08:49:59.0058 3632 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    08:49:59.0058 3632 MRxDAV - ok
    08:49:59.0089 3632 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    08:49:59.0089 3632 mrxsmb - ok
    08:49:59.0136 3632 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    08:49:59.0136 3632 mrxsmb10 - ok
    08:49:59.0167 3632 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    08:49:59.0167 3632 mrxsmb20 - ok
    08:49:59.0182 3632 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    08:49:59.0182 3632 msahci - ok
    08:49:59.0229 3632 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    08:49:59.0229 3632 msdsm - ok
    08:49:59.0260 3632 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    08:49:59.0260 3632 MSDTC - ok
    08:49:59.0292 3632 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    08:49:59.0292 3632 Msfs - ok
    08:49:59.0323 3632 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    08:49:59.0323 3632 mshidkmdf - ok
    08:49:59.0338 3632 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    08:49:59.0338 3632 msisadrv - ok
    08:49:59.0385 3632 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    08:49:59.0385 3632 MSiSCSI - ok
    08:49:59.0385 3632 msiserver - ok
    08:49:59.0432 3632 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    08:49:59.0432 3632 MSKSSRV - ok
    08:49:59.0432 3632 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    08:49:59.0432 3632 MSPCLOCK - ok
    08:49:59.0479 3632 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    08:49:59.0479 3632 MSPQM - ok
    08:49:59.0510 3632 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    08:49:59.0510 3632 MsRPC - ok
    08:49:59.0541 3632 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    08:49:59.0541 3632 mssmbios - ok
    08:49:59.0572 3632 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    08:49:59.0572 3632 MSTEE - ok
    08:49:59.0588 3632 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    08:49:59.0588 3632 MTConfig - ok
    08:49:59.0604 3632 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    08:49:59.0604 3632 Mup - ok
    08:49:59.0666 3632 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
    08:49:59.0666 3632 napagent - ok
    08:49:59.0728 3632 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    08:49:59.0728 3632 NativeWifiP - ok
    08:49:59.0822 3632 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    08:49:59.0838 3632 NDIS - ok
    08:49:59.0869 3632 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    08:49:59.0869 3632 NdisCap - ok
    08:49:59.0900 3632 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    08:49:59.0900 3632 NdisTapi - ok
    08:49:59.0931 3632 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    08:49:59.0931 3632 Ndisuio - ok
    08:49:59.0963 3632 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    08:49:59.0963 3632 NdisWan - ok
    08:49:59.0994 3632 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    08:49:59.0994 3632 NDProxy - ok
    08:50:00.0041 3632 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    08:50:00.0041 3632 NetBIOS - ok
    08:50:00.0072 3632 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    08:50:00.0072 3632 NetBT - ok
    08:50:00.0119 3632 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    08:50:00.0119 3632 Netlogon - ok
    08:50:00.0197 3632 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    08:50:00.0212 3632 Netman - ok
    08:50:00.0243 3632 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    08:50:00.0259 3632 netprofm - ok
    08:50:00.0337 3632 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    08:50:00.0337 3632 NetTcpPortSharing - ok
    08:50:00.0384 3632 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    08:50:00.0384 3632 nfrd960 - ok
    08:50:00.0431 3632 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
    08:50:00.0446 3632 NlaSvc - ok
    08:50:00.0727 3632 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    08:50:00.0758 3632 NOBU - ok
    08:50:00.0883 3632 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    08:50:00.0883 3632 Npfs - ok
    08:50:00.0899 3632 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    08:50:00.0899 3632 nsi - ok
    08:50:00.0914 3632 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    08:50:00.0914 3632 nsiproxy - ok
    08:50:01.0023 3632 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    08:50:01.0055 3632 Ntfs - ok
    08:50:01.0148 3632 NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    08:50:01.0148 3632 NTI IScheduleSvc - ok
    08:50:01.0257 3632 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
    08:50:01.0257 3632 NTIDrvr - ok
    08:50:01.0273 3632 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    08:50:01.0289 3632 Null - ok
    08:50:01.0320 3632 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    08:50:01.0320 3632 nvraid - ok
    08:50:01.0351 3632 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    08:50:01.0351 3632 nvstor - ok
    08:50:01.0382 3632 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    08:50:01.0382 3632 nv_agp - ok
    08:50:01.0523 3632 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    08:50:01.0523 3632 odserv - ok
    08:50:01.0569 3632 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    08:50:01.0569 3632 ohci1394 - ok
    08:50:01.0601 3632 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    08:50:01.0601 3632 ose - ok
    08:50:01.0694 3632 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    08:50:01.0710 3632 p2pimsvc - ok
    08:50:01.0757 3632 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    08:50:01.0772 3632 p2psvc - ok
    08:50:01.0788 3632 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    08:50:01.0788 3632 Parport - ok
    08:50:01.0835 3632 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
    08:50:01.0835 3632 partmgr - ok
    08:50:01.0866 3632 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    08:50:01.0866 3632 PcaSvc - ok
    08:50:01.0897 3632 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    08:50:01.0897 3632 pci - ok
    08:50:01.0913 3632 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    08:50:01.0913 3632 pciide - ok
    08:50:01.0944 3632 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    08:50:01.0944 3632 pcmcia - ok
    08:50:01.0975 3632 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    08:50:01.0975 3632 pcw - ok
    08:50:02.0022 3632 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    08:50:02.0037 3632 PEAUTH - ok
    08:50:02.0115 3632 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    08:50:02.0115 3632 PerfHost - ok
    08:50:02.0225 3632 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
    08:50:02.0256 3632 pla - ok
    08:50:02.0318 3632 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
    08:50:02.0318 3632 PlugPlay - ok
    08:50:02.0349 3632 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    08:50:02.0349 3632 PNRPAutoReg - ok
    08:50:02.0381 3632 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    08:50:02.0396 3632 PNRPsvc - ok
    08:50:02.0443 3632 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
    08:50:02.0443 3632 PolicyAgent - ok
    08:50:02.0490 3632 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    08:50:02.0490 3632 Power - ok
    08:50:02.0599 3632 pppop (b0e7d5d2cfaa6ed5f20eb8b84a35e593) C:\Windows\system32\DRIVERS\pppop64.sys
    08:50:02.0599 3632 pppop - ok
    08:50:02.0630 3632 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    08:50:02.0646 3632 PptpMiniport - ok
    08:50:02.0661 3632 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    08:50:02.0661 3632 Processor - ok
    08:50:02.0693 3632 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
    08:50:02.0693 3632 ProfSvc - ok
    08:50:02.0739 3632 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    08:50:02.0739 3632 ProtectedStorage - ok
    08:50:02.0771 3632 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    08:50:02.0771 3632 Psched - ok
    08:50:02.0895 3632 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    08:50:02.0911 3632 ql2300 - ok
    08:50:03.0051 3632 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    08:50:03.0051 3632 ql40xx - ok
    08:50:03.0083 3632 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    08:50:03.0098 3632 QWAVE - ok
    08:50:03.0114 3632 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    08:50:03.0114 3632 QWAVEdrv - ok
    08:50:03.0129 3632 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    08:50:03.0129 3632 RasAcd - ok
    08:50:03.0176 3632 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    08:50:03.0176 3632 RasAgileVpn - ok
    08:50:03.0192 3632 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    08:50:03.0192 3632 RasAuto - ok
    08:50:03.0223 3632 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    08:50:03.0223 3632 Rasl2tp - ok
    08:50:03.0285 3632 RasMan (db71d159446014c302fa59531be2c4b7) C:\Windows\System32\rasmans.dll
    08:50:03.0301 3632 RasMan - ok
    08:50:03.0332 3632 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    08:50:03.0332 3632 RasPppoe - ok
    08:50:03.0348 3632 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    08:50:03.0348 3632 RasSstp - ok
    08:50:03.0379 3632 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    08:50:03.0395 3632 rdbss - ok
    08:50:03.0410 3632 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    08:50:03.0410 3632 rdpbus - ok
    08:50:03.0410 3632 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    08:50:03.0410 3632 RDPCDD - ok
    08:50:03.0441 3632 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    08:50:03.0441 3632 RDPENCDD - ok
    08:50:03.0457 3632 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    08:50:03.0457 3632 RDPREFMP - ok
    08:50:03.0504 3632 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
    08:50:03.0504 3632 RDPWD - ok
    08:50:03.0551 3632 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
    08:50:03.0551 3632 rdyboost - ok
    08:50:03.0582 3632 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    08:50:03.0597 3632 RemoteAccess - ok
    08:50:03.0629 3632 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    08:50:03.0629 3632 RemoteRegistry - ok
    08:50:03.0660 3632 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    08:50:03.0660 3632 RpcEptMapper - ok
    08:50:03.0691 3632 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    08:50:03.0691 3632 RpcLocator - ok
    08:50:03.0738 3632 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    08:50:03.0738 3632 RpcSs - ok
    08:50:03.0769 3632 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    08:50:03.0769 3632 rspndr - ok
    08:50:03.0863 3632 RS_Service (7cb9f0fdd730f4a4ecf6cde15ea12e8a) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
    08:50:03.0863 3632 RS_Service - ok
    08:50:03.0956 3632 SafeBox (92c63b7d2a4cdfa188019b5ba5d12847) C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
    08:50:03.0956 3632 SafeBox - ok
    08:50:03.0987 3632 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    08:50:04.0003 3632 SamSs - ok
    08:50:04.0034 3632 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    08:50:04.0034 3632 sbp2port - ok
    08:50:04.0081 3632 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    08:50:04.0081 3632 SCardSvr - ok
    08:50:04.0128 3632 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
    08:50:04.0128 3632 SCDEmu - ok
    08:50:04.0143 3632 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    08:50:04.0143 3632 scfilter - ok
    08:50:04.0253 3632 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
    08:50:04.0268 3632 Schedule - ok
    08:50:04.0299 3632 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    08:50:04.0299 3632 SCPolicySvc - ok
    08:50:04.0346 3632 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
    08:50:04.0346 3632 SDRSVC - ok
    08:50:04.0409 3632 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    08:50:04.0409 3632 secdrv - ok
    08:50:04.0424 3632 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
    08:50:04.0424 3632 seclogon - ok
    08:50:04.0440 3632 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    08:50:04.0440 3632 SENS - ok
    08:50:04.0487 3632 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    08:50:04.0487 3632 SensrSvc - ok
    08:50:04.0502 3632 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    08:50:04.0502 3632 Serenum - ok
    08:50:04.0549 3632 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    08:50:04.0549 3632 Serial - ok
    08:50:04.0580 3632 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    08:50:04.0580 3632 sermouse - ok
    08:50:04.0611 3632 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
    08:50:04.0627 3632 SessionEnv - ok
    08:50:04.0643 3632 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    08:50:04.0643 3632 sffdisk - ok
    08:50:04.0674 3632 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    08:50:04.0674 3632 sffp_mmc - ok
    08:50:04.0689 3632 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
    08:50:04.0689 3632 sffp_sd - ok
    08:50:04.0705 3632 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    08:50:04.0705 3632 sfloppy - ok
    08:50:04.0767 3632 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
    08:50:04.0783 3632 ShellHWDetection - ok
    08:50:04.0814 3632 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    08:50:04.0814 3632 SiSRaid2 - ok
    08:50:04.0845 3632 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    08:50:04.0845 3632 SiSRaid4 - ok
    08:50:04.0861 3632 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    08:50:04.0877 3632 Smb - ok
    08:50:04.0908 3632 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    08:50:04.0908 3632 SNMPTRAP - ok
    08:50:04.0923 3632 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    08:50:04.0923 3632 spldr - ok
    08:50:04.0986 3632 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
    08:50:05.0001 3632 Spooler - ok
    08:50:05.0204 3632 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
    08:50:05.0251 3632 sppsvc - ok
    08:50:05.0360 3632 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    08:50:05.0376 3632 sppuinotify - ok
    08:50:05.0423 3632 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
    08:50:05.0438 3632 srv - ok
    08:50:05.0501 3632 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
    08:50:05.0501 3632 srv2 - ok
    08:50:05.0547 3632 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
    08:50:05.0563 3632 srvnet - ok
    08:50:05.0625 3632 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    08:50:05.0625 3632 SSDPSRV - ok
    08:50:05.0657 3632 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    08:50:05.0657 3632 SstpSvc - ok
    08:50:05.0688 3632 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    08:50:05.0688 3632 stexstor - ok
    08:50:05.0766 3632 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
    08:50:05.0766 3632 stisvc - ok
    08:50:05.0781 3632 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    08:50:05.0781 3632 swenum - ok
    08:50:05.0844 3632 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    08:50:05.0859 3632 swprv - ok
    08:50:05.0969 3632 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
    08:50:05.0984 3632 SysMain - ok
    08:50:06.0093 3632 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
    08:50:06.0093 3632 TabletInputService - ok
    08:50:06.0140 3632 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
    08:50:06.0140 3632 TapiSrv - ok
    08:50:06.0156 3632 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    08:50:06.0171 3632 TBS - ok
    08:50:06.0327 3632 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
    08:50:06.0359 3632 Tcpip - ok
    08:50:06.0593 3632 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
    08:50:06.0624 3632 TCPIP6 - ok
    08:50:06.0749 3632 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    08:50:06.0749 3632 tcpipreg - ok
    08:50:06.0764 3632 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    08:50:06.0764 3632 TDPIPE - ok
    08:50:06.0795 3632 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
    08:50:06.0795 3632 TDTCP - ok
    08:50:06.0842 3632 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    08:50:06.0842 3632 tdx - ok
    08:50:06.0858 3632 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    08:50:06.0858 3632 TermDD - ok
    08:50:06.0920 3632 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
    08:50:06.0936 3632 TermService - ok
    08:50:06.0951 3632 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    08:50:06.0951 3632 Themes - ok
    08:50:06.0983 3632 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    08:50:06.0983 3632 THREADORDER - ok
    08:50:07.0014 3632 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    08:50:07.0029 3632 TrkWks - ok
    08:50:07.0076 3632 trufos (df219721ddffcbe03aa894b6b6742ba1) C:\Windows\system32\DRIVERS\trufos.sys
    08:50:07.0092 3632 trufos - ok
    08:50:07.0170 3632 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
    08:50:07.0170 3632 TrustedInstaller - ok
    08:50:07.0201 3632 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    08:50:07.0201 3632 tssecsrv - ok
    08:50:07.0217 3632 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    08:50:07.0232 3632 tunnel - ok
    08:50:07.0248 3632 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    08:50:07.0248 3632 uagp35 - ok
    08:50:07.0279 3632 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
    08:50:07.0279 3632 UBHelper - ok
    08:50:07.0310 3632 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    08:50:07.0310 3632 udfs - ok
    08:50:07.0513 3632 UDisk Monitor (4afd30aa6b6aca37ce68d42df34e9b1a) E:\Software\Reliance Netconnect\Reliance Netconnect - Broadband+\Reliance Netconnect+\bin\MonServiceUDisk.exe
    08:50:07.0513 3632 UDisk Monitor - ok
    08:50:07.0560 3632 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    08:50:07.0575 3632 UI0Detect - ok
    08:50:07.0622 3632 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    08:50:07.0622 3632 uliagpkx - ok
    08:50:07.0685 3632 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    08:50:07.0685 3632 umbus - ok
    08:50:07.0731 3632 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    08:50:07.0731 3632 UmPass - ok
    08:50:07.0981 3632 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    08:50:08.0012 3632 UNS - ok
    08:50:08.0075 3632 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    08:50:08.0075 3632 Updater Service - ok
    08:50:08.0137 3632 UPDATESRV (059eac23109a381c4b18b7e2f02a0cf3) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
    08:50:08.0137 3632 UPDATESRV - ok
    08:50:08.0262 3632 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    08:50:08.0262 3632 upnphost - ok
    08:50:08.0324 3632 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
    08:50:08.0324 3632 usbaudio - ok
    08:50:08.0355 3632 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    08:50:08.0355 3632 usbccgp - ok
    08:50:08.0387 3632 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    08:50:08.0387 3632 usbcir - ok
    08:50:08.0402 3632 usbehci (a5332c4a7481bd0aaae265af4e48aa3d) C:\Windows\system32\DRIVERS\usbehci.sys
    08:50:08.0402 3632 usbehci - ok
    08:50:08.0449 3632 usbhub (5f516ef569de3c64b62766374b452b36) C:\Windows\system32\DRIVERS\usbhub.sys
    08:50:08.0449 3632 usbhub - ok
    08:50:08.0480 3632 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    08:50:08.0480 3632 usbohci - ok
    08:50:08.0511 3632 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    08:50:08.0511 3632 usbprint - ok
    08:50:08.0527 3632 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    08:50:08.0527 3632 usbscan - ok
    08:50:08.0558 3632 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    08:50:08.0558 3632 USBSTOR - ok
    08:50:08.0574 3632 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    08:50:08.0574 3632 usbuhci - ok
    08:50:08.0621 3632 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
    08:50:08.0621 3632 usbvideo - ok
    08:50:08.0652 3632 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    08:50:08.0652 3632 UxSms - ok
    08:50:08.0699 3632 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    08:50:08.0714 3632 VaultSvc - ok
    08:50:08.0745 3632 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    08:50:08.0745 3632 vdrvroot - ok
    08:50:08.0792 3632 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
    08:50:08.0808 3632 vds - ok
    08:50:08.0823 3632 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    08:50:08.0823 3632 vga - ok
    08:50:08.0839 3632 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    08:50:08.0839 3632 VgaSave - ok
    08:50:08.0870 3632 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    08:50:08.0870 3632 vhdmp - ok
    08:50:08.0886 3632 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    08:50:08.0886 3632 viaide - ok
    08:50:08.0917 3632 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    08:50:08.0917 3632 volmgr - ok
    08:50:08.0964 3632 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    08:50:08.0964 3632 volmgrx - ok
    08:50:08.0995 3632 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    08:50:08.0995 3632 volsnap - ok
    08:50:09.0042 3632 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    08:50:09.0042 3632 vsmraid - ok
    08:50:09.0151 3632 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
    08:50:09.0182 3632 VSS - ok
    08:50:09.0401 3632 VSSERV (046441737f3f558e4a4c0311f6d7b6b7) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
    08:50:09.0416 3632 VSSERV - ok
    08:50:09.0541 3632 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    08:50:09.0541 3632 vwifibus - ok
    08:50:09.0557 3632 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    08:50:09.0572 3632 vwififlt - ok
    08:50:09.0619 3632 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    08:50:09.0635 3632 W32Time - ok
    08:50:09.0666 3632 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    08:50:09.0666 3632 WacomPen - ok
    08:50:09.0697 3632 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    08:50:09.0697 3632 WANARP - ok
    08:50:09.0713 3632 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    08:50:09.0713 3632 Wanarpv6 - ok
    08:50:09.0837 3632 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    08:50:09.0853 3632 WatAdminSvc - ok
    08:50:09.0978 3632 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
    08:50:10.0009 3632 wbengine - ok
    08:50:10.0118 3632 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    08:50:10.0134 3632 WbioSrvc - ok
    08:50:10.0165 3632 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
    08:50:10.0181 3632 wcncsvc - ok
    08:50:10.0196 3632 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    08:50:10.0196 3632 WcsPlugInService - ok
    08:50:10.0243 3632 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    08:50:10.0243 3632 Wd - ok
    08:50:10.0290 3632 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    08:50:10.0305 3632 Wdf01000 - ok
    08:50:10.0321 3632 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    08:50:10.0321 3632 WdiServiceHost - ok
    08:50:10.0337 3632 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    08:50:10.0337 3632 WdiSystemHost - ok
    08:50:10.0368 3632 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
    08:50:10.0383 3632 WebClient - ok
    08:50:10.0415 3632 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    08:50:10.0415 3632 Wecsvc - ok
    08:50:10.0446 3632 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    08:50:10.0446 3632 wercplsupport - ok
    08:50:10.0477 3632 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    08:50:10.0477 3632 WerSvc - ok
    08:50:10.0524 3632 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    08:50:10.0524 3632 WfpLwf - ok
    08:50:10.0539 3632 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    08:50:10.0539 3632 WIMMount - ok
    08:50:10.0555 3632 WinHttpAutoProxySvc - ok
    08:50:10.0617 3632 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    08:50:10.0617 3632 Winmgmt - ok
    08:50:10.0773 3632 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
    08:50:10.0805 3632 WinRM - ok
    08:50:10.0976 3632 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
    08:50:10.0976 3632 WinUsb - ok
    08:50:11.0054 3632 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    08:50:11.0054 3632 Wlansvc - ok
    08:50:11.0101 3632 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    08:50:11.0101 3632 WmiAcpi - ok
    08:50:11.0163 3632 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    08:50:11.0179 3632 wmiApSrv - ok
    08:50:11.0210 3632 WMPNetworkSvc - ok
    08:50:11.0241 3632 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    08:50:11.0241 3632 WPCSvc - ok
    08:50:11.0257 3632 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
    08:50:11.0273 3632 WPDBusEnum - ok
    08:50:11.0304 3632 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    08:50:11.0304 3632 ws2ifsl - ok
    08:50:11.0304 3632 WSearch - ok
    08:50:11.0538 3632 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    08:50:11.0569 3632 wuauserv - ok
    08:50:11.0678 3632 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    08:50:11.0694 3632 WudfPf - ok
    08:50:11.0741 3632 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    08:50:11.0741 3632 WUDFRd - ok
    08:50:11.0772 3632 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
    08:50:11.0772 3632 wudfsvc - ok
    08:50:11.0803 3632 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    08:50:11.0819 3632 WwanSvc - ok
    08:50:11.0975 3632 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    08:50:11.0975 3632 YahooAUService - ok
    08:50:12.0037 3632 ztemtusbser (706214ce01bb9a85e93c4e59636430f5) C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
    08:50:12.0037 3632 ztemtusbser - ok
    08:50:12.0099 3632 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    08:50:12.0318 3632 \Device\Harddisk0\DR0 - ok
    08:50:12.0318 3632 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR2
    08:50:12.0333 3632 \Device\Harddisk1\DR2 - ok
    08:50:12.0333 3632 Boot (0x1200) (06e809aa79202677faa3854ff71925bc) \Device\Harddisk0\DR0\Partition0
    08:50:12.0333 3632 \Device\Harddisk0\DR0\Partition0 - ok
    08:50:12.0349 3632 Boot (0x1200) (6cb0fc8f4c402f17a102b1ec3e4c116e) \Device\Harddisk0\DR0\Partition1
    08:50:12.0349 3632 \Device\Harddisk0\DR0\Partition1 - ok
    08:50:12.0380 3632 Boot (0x1200) (f33a4a8eee801bc6de522e60f82aa1e4) \Device\Harddisk0\DR0\Partition2
    08:50:12.0380 3632 \Device\Harddisk0\DR0\Partition2 - ok
    08:50:12.0380 3632 Boot (0x1200) (76bbb0cdf4df41b3bcb9ccf0fd518679) \Device\Harddisk1\DR2\Partition0
    08:50:12.0380 3632 \Device\Harddisk1\DR2\Partition0 - ok
    08:50:12.0380 3632 ============================================================
    08:50:12.0380 3632 Scan finished
    08:50:12.0380 3632 ============================================================
    08:50:12.0396 5004 Detected object count: 1
    08:50:12.0396 5004 Actual detected object count: 1
    08:50:34.0673 5004 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
    08:50:34.0673 5004 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
     
  6. Vicker

    Vicker TS Rookie Topic Starter Posts: 18

    Step 9: FixTDSS message upon restart:
    No infections were found

    ------------------------------------------

    Step 10: Combo Fix log:

    ComboFix 12-06-28.03 - Vicky 06/30/2012 9:10.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3764.2457 [GMT -5:00]
    Running from: c:\users\Vicky\Desktop\Malware Removal\10 Combo Fix\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\1340791146.bdinstall.bin
    c:\programdata\1340791644.3360.bin
    c:\programdata\1340791644.3796.bin
    c:\programdata\1340791644.4044.bin
    c:\programdata\1340791644.4048.bin
    c:\programdata\1340791644.4052.bin
    c:\programdata\1340791644.4056.bin
    c:\programdata\1340791644.4060.bin
    c:\programdata\1340791644.4064.bin
    c:\windows\assembly\GAC_32\Desktop.ini
    c:\windows\assembly\GAC_64\Desktop.ini
    c:\windows\Installer\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}\@
    c:\windows\Installer\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}\L\00000004.@
    c:\windows\Installer\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}\U\00000004.@
    c:\windows\Installer\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}\U\000000cb.@
    c:\windows\Installer\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}\U\80000032.@
    c:\windows\Installer\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}\U\80000064.@
    .
    Infected copy of c:\windows\system32\services.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-27 19:58 . 2012-06-27 19:58 -------- d-----w- c:\programdata\bdch
    2012-06-27 18:26 . 2012-06-27 18:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-06-27 18:26 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-27 10:19 . 2012-06-27 12:12 -------- d-----w- c:\programdata\BDLogging
    2012-06-27 10:18 . 2012-04-17 19:34 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
    2012-06-27 10:18 . 2011-11-17 22:38 79952 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
    2012-06-27 10:18 . 2011-11-15 01:16 90192 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
    2012-06-27 10:18 . 2009-07-14 21:21 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2012-06-27 10:18 . 2007-04-11 16:11 511328 ----a-w- c:\windows\capicom.dll
    2012-06-27 10:18 . 2012-03-21 01:22 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
    2012-06-27 10:18 . 2012-02-17 21:45 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
    2012-06-27 10:18 . 2011-11-25 20:00 258736 ----a-w- c:\windows\system32\drivers\avchv.sys
    2012-06-27 10:08 . 2012-06-27 12:13 -------- d-----w- c:\users\Vicky\AppData\Roaming\Bitdefender
    2012-06-27 10:08 . 2012-06-27 10:19 -------- d-----w- c:\programdata\Bitdefender
    2012-06-27 10:02 . 2012-06-27 10:02 -------- d-----w- c:\users\Vicky\AppData\Roaming\QuickScan
    2012-06-27 09:59 . 2012-04-11 22:03 138232 ------w- c:\windows\system32\drivers\gzflt.sys
    2012-06-27 09:59 . 2012-06-27 10:08 -------- d-----w- c:\program files\Bitdefender
    2012-06-27 09:59 . 2012-04-24 20:28 329800 ----a-w- c:\windows\system32\drivers\trufos.sys
    2012-06-27 09:53 . 2012-06-27 09:53 -------- d-----w- c:\windows\SysWow64\drivers\AVG
    2012-06-27 09:48 . 2012-06-27 09:59 -------- d-----w- c:\program files\Common Files\Bitdefender
    2012-06-26 04:35 . 2012-06-26 04:35 -------- d-----w- c:\users\Vicky\AppData\Local\AskToolbar
    2012-06-25 19:27 . 2012-06-25 19:27 -------- d-----w- c:\users\Vicky\AppData\Roaming\Malwarebytes
    2012-06-25 19:26 . 2012-06-25 19:35 -------- d-----w- c:\programdata\Malwarebytes
    2012-06-25 19:04 . 2012-06-25 19:04 -------- d-----w- c:\program files (x86)\Ask.com
    2012-06-25 19:03 . 2012-06-27 09:48 -------- d-----w- c:\programdata\Avira
    2012-06-25 17:13 . 2012-06-25 17:13 -------- d-----w- c:\program files (x86)\ESET
    2012-06-21 03:54 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 03:54 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-21 03:54 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-21 03:54 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 03:54 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-21 03:54 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-21 03:54 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-21 03:53 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 03:53 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-13 04:39 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-13 04:39 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-13 04:39 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-13 04:12 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-13 04:12 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-13 04:12 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-13 04:11 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
    2012-06-13 04:11 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-07 10:39 . 2012-06-07 10:39 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-07 10:39 . 2012-06-07 10:39 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-29 1519312]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-05-29 22:25 1519312 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-29 1519312]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cdloader"="c:\users\Vicky\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-17 39408]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
    "Search Protection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
    "Akamai NetSession Interface"="c:\users\Vicky\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
    "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
    "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
    "YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-05-29 1564880]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2011-5-18 704032]
    AutoCAD Startup Accelerator.lnk - c:\program files (x86)\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 136176]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-10 40448]
    R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-02-17 545064]
    R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 79952]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 136176]
    R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 114304]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-23 1255736]
    R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [2010-11-04 120704]
    S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-03-21 691896]
    S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2012-04-11 138232]
    S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-15 90192]
    S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-15 103504]
    S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2012-04-17 76944]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2012-06-25 63272]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
    S2 FortiSslvpnDaemon;FortiClient SSLVPN;c:\windows\SysWOW64\FortiSSLVPNdaemon.exe [2011-10-14 830056]
    S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
    S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
    S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
    S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-06-25 95184]
    S2 UDisk Monitor;UDisk Monitor;e:\software\Reliance Netconnect\Reliance Netconnect - Broadband+\Reliance Netconnect+\bin\MonServiceUDisk.exe [2011-02-22 405504]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
    S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-06-08 68416]
    S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-11-25 258736]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-25 76912]
    S3 pppop;PPPoP WAN Adapter;c:\windows\system32\DRIVERS\pppop64.sys [2009-07-21 42528]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 20:59]
    .
    2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 20:59]
    .
    2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040155730-1753831638-4115862423-1000Core.job
    - c:\users\Vicky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-17 19:09]
    .
    2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040155730-1753831638-4115862423-1000UA.job
    - c:\users\Vicky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-17 19:09]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
    @="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
    [HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
    2012-06-25 23:46 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
    @="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
    [HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
    2012-06-25 23:46 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
    @="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
    [HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
    2012-06-25 23:46 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
    @="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
    [HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
    2012-06-25 23:46 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-29 2120808]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-03-09 345648]
    "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608]
    "Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-06-25 1431600]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
    LSP: c:\program files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\55lvdkhu.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://in.search.yahoo.com/search?fr=mkg030&p=
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7Bb813ae81-1677-4cea-b310-31d99a5794fd%7D&mid=7397f43dbb2047d1baf5f123cccfdd98-3c38dc26de3feaec7dc1e6fc615ccbfdab744fa7&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-25%2014%3A41%3A42&sap=hp
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb813ae81-1677-4cea-b310-31d99a5794fd%7D&mid=7397f43dbb2047d1baf5f123cccfdd98-3c38dc26de3feaec7dc1e6fc615ccbfdab744fa7&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2011-10-13%2010%3A38%3A35&sap=ku&q=
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-mwlDaemon - c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-30 09:20:38 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-30 14:20
    .
    Pre-Run: 194,316,275,712 bytes free
    Post-Run: 194,050,551,808 bytes free
    .
    - - End Of File - - C904CF3723FD25B56005ABD2792BADAE
     
  7. Vicker

    Vicker TS Rookie Topic Starter Posts: 18

    Those are all the steps and logs I have for now. I would greatly appreciate help /assistance for the next steps. Thank you so much for your support!
     
  8. Vicker

    Vicker TS Rookie Topic Starter Posts: 18

    I just saw the pinned thread where it was mentioned that I shouldn't follow solutions provided in other topics. I am so sorry! Somehow it completely escaped me! Can someone kindly help?
     
  9. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==========================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  10. Vicker

    Vicker TS Rookie Topic Starter Posts: 18

    Hi Broni,

    Thank you for your quick response! I ran the FRST64 for my laptop. Please find the contents of the FRST.txt log below:

    ----------------
    Scan result of Farbar Recovery Scan Tool Version: 30-06-2012 04
    Ran by SYSTEM at 30-06-2012 14:41:14
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [x]
    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-05-07] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-05-07] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [413208 2010-05-07] (Intel Corporation)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11101800 2010-07-28] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2120808 2010-07-28] (Realtek Semiconductor)
    HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [345648 2010-03-08] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
    HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.)
    HKLM\...\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1431600 2012-06-25] (Bitdefender)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k [265984 2010-06-28] (NewTech Infosystems, Inc.)
    HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
    HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
    HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253672 2011-01-07] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [111856 2009-02-23] (Yahoo! Inc)
    HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1564880 2012-05-29] (Ask)
    HKU\Vicky\...\Run: [cdloader] "C:\Users\Vicky\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [50592 2012-02-01] (magicJack L.P.)
    HKU\Vicky\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-05-17] (Google Inc.)
    HKU\Vicky\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6276408 2011-08-21] (Yahoo! Inc.)
    HKU\Vicky\...\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-23] (Yahoo! Inc)
    HKU\Vicky\...\Run: [Akamai NetSession Interface] "C:\Users\Vicky\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Acer VCM.lnk
    ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
    ShortcutTarget: AutoCAD Startup Accelerator.lnk -> C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)

    ==================== Services (Whitelisted) ======

    2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll [3417376 2012-05-29] ()
    3 Autodesk Licensing Service; "C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe" [77944 2011-05-17] (Autodesk)
    2 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [63272 2012-06-25] (Bitdefender)
    2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
    2 FortiSslvpnDaemon; C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe [830056 2011-10-14] (Fortinet Inc.)
    2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
    2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
    2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [255744 2010-06-28] (NewTech Infosystems, Inc.)
    2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
    2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [95184 2012-06-25] (Bitdefender)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2010-03-03] (Intel Corporation)
    2 UPDATESRV; "C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe" /service [68416 2012-06-07] (Bitdefender)
    2 VSSERV; "C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe" /service [1566024 2012-06-25] (Bitdefender)
    2 UDisk Monitor; C:\Software\Reliance Netconnect\Reliance Netconnect - Broadband+\Reliance Netconnect+\bin\MonServiceUDisk.exe [x]

    ========================== Drivers (Whitelisted) =============

    0 avc3; C:\Windows\System32\Drivers\avc3.sys [691896 2012-03-20] (BitDefender)
    3 avchv; C:\Windows\System32\Drivers\avchv.sys [258736 2011-11-25] (BitDefender)
    3 avckf; C:\Windows\System32\Drivers\avckf.sys [545064 2012-02-17] (BitDefender)
    1 BdfNdisf; \??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [90192 2011-11-14] (BitDefender LLC)
    1 bdfwfpf; \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
    3 BDSandBox; C:\Windows\System32\Drivers\BDSandBox.sys [79952 2011-11-17] (BitDefender SRL)
    1 BDVEDISK; C:\Windows\System32\Drivers\BDVEDISK.sys [76944 2012-04-17] (BitDefender)
    0 gzflt; C:\Windows\System32\Drivers\gzflt.sys [138232 2012-04-11] (BitDefender LLC)
    3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
    3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2009-05-05] (NewTech Infosystems, Inc.)
    3 pppop; C:\Windows\System32\DRIVERS\pppop64.sys [42528 2009-07-21] (Fortinet Inc.)
    0 trufos; C:\Windows\System32\Drivers\trufos.sys [329800 2012-04-24] (BitDefender S.R.L.)
    3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [16896 2009-05-05] (NewTech Infosystems Corporation)
    3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2010-11-04] (ZTEMT Incorporated)
    3 catchme; \??\C:\ComboFix\catchme.sys [x]
    3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-06-30 06:20 - 2012-06-30 06:20 - 00022878 ____A C:\ComboFix.txt
    2012-06-30 06:09 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-06-30 06:09 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-06-30 06:09 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-06-30 06:09 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-06-30 06:09 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-06-30 06:09 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2012-06-30 06:09 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2012-06-30 06:09 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2012-06-30 06:01 - 2012-06-30 06:20 - 00000000 ____D C:\Qoobox
    2012-06-30 06:00 - 2012-06-30 06:19 - 00000000 ____D C:\Windows\erdnt
    2012-06-30 04:58 - 2012-06-30 05:42 - 00000000 ____D C:\Users\Vicky\Desktop\Malware Removal
    2012-06-30 03:59 - 2012-06-30 04:01 - 16859064 ____A (Microsoft Corporation) C:\Users\Vicky\Downloads\Windows-KB890830-x64-V4.9.exe
    2012-06-30 03:55 - 2012-06-03 20:35 - 56731752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2012-06-30 03:55 - 2012-06-03 20:28 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-30 03:54 - 2012-06-30 03:55 - 16208824 ____A (Microsoft Corporation) C:\Users\Vicky\Downloads\Windows-KB890830-V4.9.exe
    2012-06-27 11:58 - 2012-06-27 11:58 - 00000000 ____D C:\Users\All Users\bdch
    2012-06-27 10:26 - 2012-06-27 10:26 - 00001077 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-27 10:26 - 2012-06-27 10:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-27 10:26 - 2012-04-04 12:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-27 08:58 - 2012-06-27 21:21 - 00000376 ____A C:\Users\Vicky\AppData\Roamingprivacy.xml
    2012-06-27 02:19 - 2012-06-27 04:12 - 00000000 ____D C:\Users\All Users\BDLogging
    2012-06-27 02:19 - 2012-06-27 02:19 - 00002209 ____A C:\Users\Public\Desktop\Bitdefender Safepay.lnk
    2012-06-27 02:19 - 2012-06-27 02:19 - 00002090 ____A C:\Users\Public\Desktop\Bitdefender Total Security 2013.lnk
    2012-06-27 02:19 - 2012-06-27 02:19 - 00000385 ____A C:\Windows\System32\user_gensett.xml
    2012-06-27 02:19 - 2012-06-27 02:19 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf
    2012-06-27 02:18 - 2012-04-17 11:34 - 00076944 ____A (BitDefender) C:\Windows\System32\Drivers\bdvedisk.sys
    2012-06-27 02:18 - 2012-03-20 17:22 - 00691896 ____A (BitDefender) C:\Windows\System32\Drivers\avc3.sys
    2012-06-27 02:18 - 2012-02-17 13:45 - 00545064 ____A (BitDefender) C:\Windows\System32\Drivers\avckf.sys
    2012-06-27 02:18 - 2011-11-25 12:00 - 00258736 ____A (BitDefender) C:\Windows\System32\Drivers\avchv.sys
    2012-06-27 02:18 - 2011-11-17 14:38 - 00079952 ____A (BitDefender SRL) C:\Windows\System32\Drivers\bdsandbox.sys
    2012-06-27 02:18 - 2011-11-14 17:16 - 00090192 ____A (BitDefender LLC) C:\Windows\System32\Drivers\BdfNdisf6.sys
    2012-06-27 02:18 - 2009-07-14 13:21 - 01721576 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
    2012-06-27 02:18 - 2007-04-11 08:11 - 00511328 ____A (Microsoft Corporation) C:\Windows\capicom.dll
    2012-06-27 02:08 - 2012-06-27 04:13 - 00000000 ____D C:\Users\Vicky\AppData\Roaming\Bitdefender
    2012-06-27 02:08 - 2012-06-27 02:19 - 00000000 ____D C:\Users\All Users\Bitdefender
    2012-06-27 02:05 - 2012-06-27 02:19 - 00253404 ____N C:\bdr-ld01
    2012-06-27 02:02 - 2012-06-27 02:02 - 00000000 ____D C:\Users\Vicky\AppData\Roaming\QuickScan
    2012-06-27 01:59 - 2012-06-27 02:08 - 00000000 ____D C:\Program Files\Bitdefender
    2012-06-27 01:59 - 2012-04-24 12:28 - 00329800 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
    2012-06-27 01:59 - 2012-04-11 14:03 - 00138232 ____N (BitDefender LLC) C:\Windows\System32\Drivers\gzflt.sys
    2012-06-27 01:53 - 2012-06-27 01:53 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
    2012-06-27 01:48 - 2012-06-27 01:59 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
    2012-06-27 01:39 - 2012-06-27 01:39 - 00001182 ____A C:\Users\Vicky\Desktop\mbam - Shortcut.lnk
    2012-06-25 20:35 - 2012-06-25 20:35 - 00000000 ____D C:\Users\Vicky\AppData\Local\AskToolbar
    2012-06-25 11:27 - 2012-06-25 11:27 - 00000000 ____D C:\Users\Vicky\AppData\Roaming\Malwarebytes
    2012-06-25 11:26 - 2012-06-25 11:35 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-06-25 11:24 - 2012-06-25 11:25 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Vicky\Downloads\mbam-setup-1.61.0.1400.exe
    2012-06-25 11:04 - 2012-06-25 11:04 - 00000000 ____D C:\Program Files (x86)\Ask.com
    2012-06-25 11:03 - 2012-06-27 01:48 - 00000000 ____D C:\Users\All Users\Avira
    2012-06-25 09:13 - 2012-06-25 09:13 - 00000000 ____D C:\Program Files (x86)\ESET
    2012-06-20 19:54 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-20 19:54 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-20 19:54 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-20 19:54 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-20 19:54 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-20 19:54 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-20 19:54 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-20 19:53 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-20 19:53 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-14 09:27 - 2012-05-14 19:56 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-14 09:27 - 2012-05-14 19:52 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-14 09:27 - 2012-05-14 19:08 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-14 09:27 - 2012-05-14 19:06 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-14 09:27 - 2012-04-19 22:25 - 01501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-14 09:27 - 2012-04-19 22:25 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-14 09:27 - 2012-04-19 22:23 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
    2012-06-14 09:27 - 2012-04-19 22:22 - 09373696 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-14 09:27 - 2012-04-19 22:22 - 00736256 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-06-14 09:27 - 2012-04-19 22:22 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-14 09:27 - 2012-04-19 22:22 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2012-06-14 09:27 - 2012-04-19 22:22 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2012-06-14 09:27 - 2012-04-19 22:21 - 12405760 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-14 09:27 - 2012-04-19 22:21 - 02458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-14 09:27 - 2012-04-19 22:21 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-06-14 09:27 - 2012-04-19 22:21 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-06-14 09:27 - 2012-04-19 22:21 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-14 09:27 - 2012-04-19 22:18 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2012-06-14 09:27 - 2012-04-19 21:07 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-14 09:27 - 2012-04-19 21:07 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-14 09:27 - 2012-04-19 21:06 - 06028288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-14 09:27 - 2012-04-19 21:06 - 00627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-06-14 09:27 - 2012-04-19 21:06 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
    2012-06-14 09:27 - 2012-04-19 21:06 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-14 09:27 - 2012-04-19 21:06 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2012-06-14 09:27 - 2012-04-19 21:05 - 11019776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-14 09:27 - 2012-04-19 21:05 - 02072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-14 09:27 - 2012-04-19 21:05 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2012-06-14 09:27 - 2012-04-19 21:05 - 00185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2012-06-14 09:27 - 2012-04-19 21:05 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-14 09:27 - 2012-04-19 21:05 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2012-06-14 09:27 - 2012-04-19 21:03 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2012-06-14 09:27 - 2012-04-19 21:00 - 00482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-06-14 09:27 - 2012-04-19 20:15 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-14 09:27 - 2012-04-19 19:58 - 00386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2012-06-14 09:27 - 2012-04-19 19:24 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-12 20:39 - 2012-05-04 02:52 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-12 20:39 - 2012-05-04 02:08 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-12 20:39 - 2012-05-04 02:08 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-12 20:12 - 2012-04-25 21:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-12 20:12 - 2012-04-25 21:34 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-12 20:12 - 2012-04-25 21:28 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-12 20:11 - 2012-05-14 17:32 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-12 20:11 - 2012-04-27 19:50 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys


    ============ 3 Months Modified Files ========================

    2012-06-30 11:37 - 2011-05-17 22:25 - 01892822 ____A C:\Windows\WindowsUpdate.log
    2012-06-30 10:50 - 2011-05-17 12:59 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-06-30 10:44 - 2011-07-17 07:02 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040155730-1753831638-4115862423-1000UA.job
    2012-06-30 09:30 - 2009-07-13 20:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-30 09:30 - 2009-07-13 20:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-30 09:23 - 2011-05-17 12:59 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-06-30 09:23 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-30 09:23 - 2009-07-13 20:51 - 00121865 ____A C:\Windows\setupact.log
    2012-06-30 06:20 - 2012-06-30 06:20 - 00022878 ____A C:\ComboFix.txt
    2012-06-30 06:16 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2012-06-30 06:15 - 2011-05-17 22:20 - 00118034 ____A C:\Windows\PFRO.log
    2012-06-30 04:01 - 2012-06-30 03:59 - 16859064 ____A (Microsoft Corporation) C:\Users\Vicky\Downloads\Windows-KB890830-x64-V4.9.exe
    2012-06-30 03:55 - 2012-06-30 03:54 - 16208824 ____A (Microsoft Corporation) C:\Users\Vicky\Downloads\Windows-KB890830-V4.9.exe
    2012-06-27 21:21 - 2012-06-27 08:58 - 00000376 ____A C:\Users\Vicky\AppData\Roamingprivacy.xml
    2012-06-27 11:45 - 2009-07-13 21:13 - 00713888 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-27 10:26 - 2012-06-27 10:26 - 00001077 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-27 02:19 - 2012-06-27 02:19 - 00002209 ____A C:\Users\Public\Desktop\Bitdefender Safepay.lnk
    2012-06-27 02:19 - 2012-06-27 02:19 - 00002090 ____A C:\Users\Public\Desktop\Bitdefender Total Security 2013.lnk
    2012-06-27 02:19 - 2012-06-27 02:19 - 00000385 ____A C:\Windows\System32\user_gensett.xml
    2012-06-27 02:19 - 2012-06-27 02:19 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf
    2012-06-27 02:19 - 2012-06-27 02:05 - 00253404 ____N C:\bdr-ld01
    2012-06-27 01:39 - 2012-06-27 01:39 - 00001182 ____A C:\Users\Vicky\Desktop\mbam - Shortcut.lnk
    2012-06-26 07:44 - 2011-07-17 07:02 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040155730-1753831638-4115862423-1000Core.job
    2012-06-25 11:25 - 2012-06-25 11:24 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Vicky\Downloads\mbam-setup-1.61.0.1400.exe
    2012-06-15 11:03 - 2011-05-23 01:21 - 00000997 ____A C:\Users\Vicky\Desktop\magicJack.lnk
    2012-06-14 10:11 - 2011-05-24 09:53 - 00025257 ____A C:\Users\Vicky\Documents\plot.log
    2012-06-13 19:04 - 2009-07-13 20:45 - 00489672 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-03 20:35 - 2012-06-30 03:55 - 56731752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2012-06-03 20:28 - 2012-06-30 03:55 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-02 14:19 - 2012-06-20 19:54 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-20 19:54 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-20 19:54 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-20 19:54 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-20 19:54 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-20 19:54 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-20 19:54 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 12:19 - 2012-06-20 19:53 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 12:15 - 2012-06-20 19:53 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-05-24 04:46 - 2011-08-19 13:45 - 00000801 ____A C:\Users\Vicky\Desktop\Citi.txt
    2012-05-17 21:54 - 2012-05-17 21:54 - 00206876 ____A C:\Users\Vicky\Downloads\history_stock_sample.zip
    2012-05-17 21:53 - 2012-05-17 21:53 - 00379320 ____A C:\Users\Vicky\Downloads\daily_stock_sample1.zip
    2012-05-15 11:29 - 2012-05-15 11:29 - 00000174 ____A C:\Users\Vicky\Desktop\rubixcc.txt
    2012-05-14 19:56 - 2012-06-14 09:27 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-14 19:52 - 2012-06-14 09:27 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-14 19:08 - 2012-06-14 09:27 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-14 19:06 - 2012-06-14 09:27 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-14 17:32 - 2012-06-12 20:11 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-14 02:05 - 2012-05-14 02:04 - 00042512 ____A C:\Windows\SslvpnInstall.log
    2012-05-07 12:12 - 2012-05-07 12:12 - 00000637 ____A C:\Users\Vicky\Desktop\Furniture.txt
    2012-05-04 02:52 - 2012-06-12 20:39 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:08 - 2012-06-12 20:39 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:08 - 2012-06-12 20:39 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-04-27 19:50 - 2012-06-12 20:11 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-25 21:34 - 2012-06-12 20:12 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:34 - 2012-06-12 20:12 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:28 - 2012-06-12 20:12 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 12:28 - 2012-06-27 01:59 - 00329800 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
    2012-04-19 22:25 - 2012-06-14 09:27 - 01501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-04-19 22:25 - 2012-06-14 09:27 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-04-19 22:23 - 2012-06-14 09:27 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
    2012-04-19 22:22 - 2012-06-14 09:27 - 09373696 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-04-19 22:22 - 2012-06-14 09:27 - 00736256 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-04-19 22:22 - 2012-06-14 09:27 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-04-19 22:22 - 2012-06-14 09:27 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2012-04-19 22:22 - 2012-06-14 09:27 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2012-04-19 22:21 - 2012-06-14 09:27 - 12405760 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-04-19 22:21 - 2012-06-14 09:27 - 02458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-04-19 22:21 - 2012-06-14 09:27 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-04-19 22:21 - 2012-06-14 09:27 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-04-19 22:21 - 2012-06-14 09:27 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-04-19 22:18 - 2012-06-14 09:27 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2012-04-19 21:07 - 2012-06-14 09:27 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-04-19 21:07 - 2012-06-14 09:27 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-04-19 21:06 - 2012-06-14 09:27 - 06028288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-04-19 21:06 - 2012-06-14 09:27 - 00627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-04-19 21:06 - 2012-06-14 09:27 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
    2012-04-19 21:06 - 2012-06-14 09:27 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-04-19 21:06 - 2012-06-14 09:27 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2012-04-19 21:05 - 2012-06-14 09:27 - 11019776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-04-19 21:05 - 2012-06-14 09:27 - 02072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-04-19 21:05 - 2012-06-14 09:27 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2012-04-19 21:05 - 2012-06-14 09:27 - 00185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2012-04-19 21:05 - 2012-06-14 09:27 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-04-19 21:05 - 2012-06-14 09:27 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2012-04-19 21:03 - 2012-06-14 09:27 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2012-04-19 21:00 - 2012-06-14 09:27 - 00482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-04-19 20:15 - 2012-06-14 09:27 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-04-19 19:58 - 2012-06-14 09:27 - 00386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2012-04-19 19:24 - 2012-06-14 09:27 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-04-17 11:34 - 2012-06-27 02:18 - 00076944 ____A (BitDefender) C:\Windows\System32\Drivers\bdvedisk.sys
    2012-04-14 08:34 - 2009-07-13 21:08 - 00032544 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-04-11 14:03 - 2012-06-27 01:59 - 00138232 ____N (BitDefender LLC) C:\Windows\System32\Drivers\gzflt.sys
    2012-04-04 12:56 - 2012-06-27 10:26 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys


    ZeroAccess:
    C:\Windows\Installer\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}
    C:\Windows\Installer\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}\L
    C:\Windows\Installer\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}\U

    ZeroAccess:
    C:\Users\Vicky\AppData\Local\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}
    C:\Users\Vicky\AppData\Local\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}\@
    C:\Users\Vicky\AppData\Local\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}\L
    C:\Users\Vicky\AppData\Local\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 18%
    Total physical RAM: 3764.5 MB
    Available physical RAM: 3056.89 MB
    Total Pagefile: 3762.65 MB
    Available Pagefile: 3046.86 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (ACER) (Fixed) (Total:229.53 GB) (Free:180.52 GB) NTFS
    2 Drive d: (Data) (Fixed) (Total:223.43 GB) (Free:173.78 GB) NTFS
    3 Drive f: (PQSERVICE) (Fixed) (Total:12.7 GB) (Free:0.99 GB) NTFS
    4 Drive g: (Transcend) (Removable) (Total:1.88 GB) (Free:1.14 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 1024 KB
    Disk 1 Online 1928 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 12 GB 1024 KB
    Partition 2 Primary 100 MB 12 GB
    Partition 3 Primary 229 GB 12 GB
    Partition 0 Extended 223 GB 242 GB
    Partition 4 Logical 223 GB 242 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F PQSERVICE NTFS Partition 12 GB Healthy Hidden

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 0 Y SYSTEM RESE NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C ACER NTFS Partition 229 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 4
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D Data NTFS Partition 223 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1924 MB 4096 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G Transcend FAT32 Removable 1924 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-06-27 22:39

    ======================= End Of Log ==========================
     
  11. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  12. Vicker

    Vicker TS Rookie Topic Starter Posts: 18

    Hi Broni,

    Here are the results after running FIX (with fixlist.txt), and then downloading the combofix , and running it from the desktop of the infected comp:

    --------
    Fix log:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 30-06-2012 04
    Ran by SYSTEM at 2012-06-30 15:02:33 Run:1
    Running from G:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\Installer\{57a59208-ae84-b4c2-f5e6-93faad87ae6c} moved successfully.
    C:\Users\Vicky\AppData\Local\{57a59208-ae84-b4c2-f5e6-93faad87ae6c} moved successfully.

    ==== End of Fixlog ====
    --------------------------------------------------------------------------------------------------------------

    Combofix log results:

    ComboFix 12-06-30.01 - Vicky 06/30/2012 15:06:33.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3764.2455 [GMT -5:00]
    Running from: c:\users\Vicky\Desktop\ComboFix.exe
    AV: Bitdefender Antivirus *Disabled/Outdated* {98CD50CE-5097-4098-9669-6C401FB3969C}
    FW: Bitdefender Firewall *Disabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
    SP: Bitdefender Antispyware *Disabled/Outdated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-30 22:41 . 2012-06-30 22:41 -------- d-----w- C:\FRST
    2012-06-30 20:11 . 2012-06-30 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-27 19:58 . 2012-06-27 19:58 -------- d-----w- c:\programdata\bdch
    2012-06-27 18:26 . 2012-06-27 18:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-06-27 18:26 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-27 10:19 . 2012-06-27 12:12 -------- d-----w- c:\programdata\BDLogging
    2012-06-27 10:18 . 2012-04-17 19:34 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
    2012-06-27 10:18 . 2011-11-17 22:38 79952 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
    2012-06-27 10:18 . 2011-11-15 01:16 90192 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
    2012-06-27 10:18 . 2009-07-14 21:21 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2012-06-27 10:18 . 2007-04-11 16:11 511328 ----a-w- c:\windows\capicom.dll
    2012-06-27 10:18 . 2012-03-21 01:22 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
    2012-06-27 10:18 . 2012-02-17 21:45 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
    2012-06-27 10:18 . 2011-11-25 20:00 258736 ----a-w- c:\windows\system32\drivers\avchv.sys
    2012-06-27 10:08 . 2012-06-27 12:13 -------- d-----w- c:\users\Vicky\AppData\Roaming\Bitdefender
    2012-06-27 10:08 . 2012-06-27 10:19 -------- d-----w- c:\programdata\Bitdefender
    2012-06-27 10:02 . 2012-06-27 10:02 -------- d-----w- c:\users\Vicky\AppData\Roaming\QuickScan
    2012-06-27 09:59 . 2012-04-11 22:03 138232 ------w- c:\windows\system32\drivers\gzflt.sys
    2012-06-27 09:59 . 2012-06-27 10:08 -------- d-----w- c:\program files\Bitdefender
    2012-06-27 09:59 . 2012-04-24 20:28 329800 ----a-w- c:\windows\system32\drivers\trufos.sys
    2012-06-27 09:53 . 2012-06-27 09:53 -------- d-----w- c:\windows\SysWow64\drivers\AVG
    2012-06-27 09:48 . 2012-06-27 09:59 -------- d-----w- c:\program files\Common Files\Bitdefender
    2012-06-26 04:35 . 2012-06-26 04:35 -------- d-----w- c:\users\Vicky\AppData\Local\AskToolbar
    2012-06-25 19:27 . 2012-06-25 19:27 -------- d-----w- c:\users\Vicky\AppData\Roaming\Malwarebytes
    2012-06-25 19:26 . 2012-06-25 19:35 -------- d-----w- c:\programdata\Malwarebytes
    2012-06-25 19:04 . 2012-06-25 19:04 -------- d-----w- c:\program files (x86)\Ask.com
    2012-06-25 19:03 . 2012-06-27 09:48 -------- d-----w- c:\programdata\Avira
    2012-06-25 17:13 . 2012-06-25 17:13 -------- d-----w- c:\program files (x86)\ESET
    2012-06-21 03:54 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 03:54 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-21 03:54 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-21 03:54 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 03:54 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-21 03:54 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-21 03:54 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-21 03:53 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 03:53 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-13 04:39 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-13 04:39 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-13 04:39 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-13 04:12 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-13 04:12 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-13 04:12 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-13 04:11 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
    2012-06-13 04:11 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-07 10:39 . 2012-06-07 10:39 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-07 10:39 . 2012-06-07 10:39 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-06-30_14.16.55 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-09-11 02:59 . 2012-06-30 19:45 65540 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-06-30 20:05 41074 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-05-17 15:11 . 2012-06-30 20:05 19026 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2040155730-1753831638-4115862423-1000_UserData.bin
    + 2011-05-18 06:50 . 2012-06-30 20:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-05-18 06:50 . 2012-06-30 14:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-05-18 06:50 . 2012-06-30 14:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-05-18 06:50 . 2012-06-30 20:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-06-30 20:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-06-30 14:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-05-17 14:56 . 2012-06-30 20:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-05-17 14:56 . 2012-06-30 14:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-05-17 14:56 . 2012-06-30 14:05 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-05-17 14:56 . 2012-06-30 20:05 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-05-17 14:56 . 2012-06-30 14:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-05-17 14:56 . 2012-06-30 20:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-05-17 17:08 . 2012-06-30 20:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-05-17 17:08 . 2012-06-30 14:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-05-17 17:08 . 2012-06-30 14:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-05-17 17:08 . 2012-06-30 20:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-06-30 14:16 . 2012-06-30 14:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-06-30 20:00 . 2012-06-30 20:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-06-30 20:00 . 2012-06-30 20:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-06-30 14:16 . 2012-06-30 14:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-05-17 17:08 . 2012-06-30 15:19 333272 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2011-05-17 17:08 . 2012-06-28 18:25 333272 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2009-07-14 05:01 . 2012-06-30 12:59 451964 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-06-30 19:37 451964 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 02:34 . 2012-06-30 13:13 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-07-14 02:34 . 2012-06-30 17:37 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-29 1519312]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-05-29 22:25 1519312 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-29 1519312]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cdloader"="c:\users\Vicky\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-17 39408]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
    "Search Protection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
    "Akamai NetSession Interface"="c:\users\Vicky\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
    "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
    "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
    "YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-05-29 1564880]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2011-5-18 704032]
    AutoCAD Startup Accelerator.lnk - c:\program files (x86)\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 136176]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-10 40448]
    R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-02-17 545064]
    R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 79952]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 136176]
    R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 114304]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-23 1255736]
    R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [2010-11-04 120704]
    S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-03-21 691896]
    S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2012-04-11 138232]
    S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-15 90192]
    S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-15 103504]
    S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2012-04-17 76944]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2012-06-25 63272]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
    S2 FortiSslvpnDaemon;FortiClient SSLVPN;c:\windows\SysWOW64\FortiSSLVPNdaemon.exe [2011-10-14 830056]
    S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
    S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
    S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
    S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-06-25 95184]
    S2 UDisk Monitor;UDisk Monitor;e:\software\Reliance Netconnect\Reliance Netconnect - Broadband+\Reliance Netconnect+\bin\MonServiceUDisk.exe [2011-02-22 405504]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
    S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-06-08 68416]
    S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-11-25 258736]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-25 76912]
    S3 pppop;PPPoP WAN Adapter;c:\windows\system32\DRIVERS\pppop64.sys [2009-07-21 42528]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 20:59]
    .
    2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 20:59]
    .
    2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040155730-1753831638-4115862423-1000Core.job
    - c:\users\Vicky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-17 19:09]
    .
    2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040155730-1753831638-4115862423-1000UA.job
    - c:\users\Vicky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-17 19:09]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
    @="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
    [HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
    2012-06-25 23:46 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
    @="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
    [HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
    2012-06-25 23:46 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
    @="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
    [HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
    2012-06-25 23:46 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
    @="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
    [HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
    2012-06-25 23:46 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [BU]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-29 2120808]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-03-09 345648]
    "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608]
    "Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-06-25 1431600]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
    LSP: c:\program files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\55lvdkhu.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://in.search.yahoo.com/search?fr=mkg030&p=
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7Bb813ae81-1677-4cea-b310-31d99a5794fd%7D&mid=7397f43dbb2047d1baf5f123cccfdd98-3c38dc26de3feaec7dc1e6fc615ccbfdab744fa7&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-25%2014%3A41%3A42&sap=hp
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb813ae81-1677-4cea-b310-31d99a5794fd%7D&mid=7397f43dbb2047d1baf5f123cccfdd98-3c38dc26de3feaec7dc1e6fc615ccbfdab744fa7&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2011-10-13%2010%3A38%3A35&sap=ku&q=
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-06-30 15:13:13
    ComboFix-quarantined-files.txt 2012-06-30 20:13
    ComboFix2.txt 2012-06-30 14:20
    .
    Pre-Run: 193,786,318,848 bytes free
    Post-Run: 193,492,127,744 bytes free
    .
    - - End Of File - - 6765C72CE92D0ACE28CE44E6FE335BA5
     
  13. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Looks good :)

    Any current issues?

    ==============================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  14. Vicker

    Vicker TS Rookie Topic Starter Posts: 18

    Hi Broni,

    After the combofix was run, my BitDefender has not warn me about the virus (unlike the situation for the last 3 days!). Thus, no current issues being faced, but just tonnes of paranoia about if the system is truly clean! Here are the results you asked for:

    OTL.txt results:

    OTL logfile created on: 6/30/2012 3:26:43 PM - Run 1
    OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Vicky\Desktop\Malware Removal\13 OTL
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.68 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 64.09% Memory free
    7.35 Gb Paging File | 5.85 Gb Available in Paging File | 79.61% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 229.53 Gb Total Space | 180.28 Gb Free Space | 78.54% Space Free | Partition Type: NTFS
    Drive E: | 223.43 Gb Total Space | 173.78 Gb Free Space | 77.78% Space Free | Partition Type: NTFS
    Drive F: | 1.88 Gb Total Space | 1.14 Gb Free Space | 60.57% Space Free | Partition Type: FAT32

    Computer Name: VICKY-ACER | User Name: Vicky | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/01 01:53:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky\Desktop\Malware Removal\13 OTL\OTL.exe
    PRC - [2012/05/29 17:25:52 | 001,564,880 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    PRC - [2011/10/14 15:33:06 | 000,830,056 | ---- | M] (Fortinet Inc.) -- C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
    PRC - [2010/06/28 17:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    PRC - [2010/06/28 17:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    PRC - [2010/04/12 03:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    PRC - [2010/03/03 16:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/03/03 16:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
    PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    PRC - [2009/02/23 08:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
    MOD - [2010/06/28 17:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/06/25 18:45:56 | 000,095,184 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox)
    SRV:64bit: - [2012/06/25 18:21:10 | 001,566,024 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV)
    SRV:64bit: - [2012/06/25 16:19:11 | 000,063,272 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental)
    SRV:64bit: - [2012/06/07 21:48:48 | 000,068,416 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV)
    SRV:64bit: - [2010/06/11 16:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
    SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/06/18 15:56:23 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/05/30 00:51:31 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
    SRV - [2011/10/14 15:33:06 | 000,830,056 | ---- | M] (Fortinet Inc.) [Auto | Running] -- C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe -- (FortiSslvpnDaemon)
    SRV - [2011/05/17 11:53:13 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
    SRV - [2010/06/28 17:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
    SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2010/03/03 16:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/03/03 16:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
    SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/04/24 15:28:33 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
    DRV:64bit: - [2012/04/17 14:34:26 | 000,076,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK)
    DRV:64bit: - [2012/04/11 17:03:18 | 000,138,232 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\gzflt.sys -- (gzflt)
    DRV:64bit: - [2012/03/20 20:22:46 | 000,691,896 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
    DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/17 16:45:56 | 000,545,064 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
    DRV:64bit: - [2011/11/25 15:00:36 | 000,258,736 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
    DRV:64bit: - [2011/11/17 17:38:33 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (BDSandBox)
    DRV:64bit: - [2011/11/14 20:16:40 | 000,090,192 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
    DRV:64bit: - [2011/11/14 20:16:37 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
    DRV:64bit: - [2010/11/04 10:15:54 | 000,120,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
    DRV:64bit: - [2010/08/24 20:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2010/06/10 15:57:20 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
    DRV:64bit: - [2010/05/11 21:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010/04/21 14:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/04/12 03:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
    DRV:64bit: - [2010/03/03 21:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/02/27 00:21:26 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2010/02/26 19:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/02/03 09:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2009/10/12 15:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
    DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/07/21 17:53:06 | 000,042,528 | ---- | M] (Fortinet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pppop64.sys -- (pppop)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
    DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/05 18:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV:64bit: - [2009/05/05 18:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 0E 1B EE 27 8F CC 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKCU\..\SearchScopes\{28AF32F9-E119-4088-BEDB-10AE874FBB8C}: "URL" = http://in.search.yahoo.com/search?p={searchTerms}&fr=chr-spt_gen
    IE - HKCU\..\SearchScopes\{5C3A3C63-9DCC-4759-8955-374A680D720E}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=0C75DC63-03C5-4510-A593-F05D33FFE86F
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co.in/search?q={s...={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_en
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...bfdab744fa7&lang=en&ds=AVG&pr=fr&d=2012-06-25 14:41:42&v=10.0.0.7&sap=dsp&q={searchTerms}
    IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://in.search.yahoo.com/search?p={searchTerms}&fr=mkg028
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultEngine: "Yahoo"
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.defaulturl: "http://in.search.yahoo.com/search?fr=mkg030&p="
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.param.yahoo-fr: "chrf-spt_gen"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-spt_gen"
    FF - prefs.js..browser.search.param.yahoo-type: ""
    FF - prefs.js..browser.search.selectedEngine: "Ask.com"
    FF - prefs.js..browser.startup.homepage: "http://isearch.avg.com?cid={b813ae8....7&lang=en&pr=fr&d=2012-06-25 14:41:42&sap=hp"
    FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid={...lang=en&pr=fr&d=2011-10-13 10:38:35&sap=ku&q="


    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@FortinetCacheClean: C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll (Fortinet Inc.)
    FF - HKLM\Software\MozillaPlugins\@FortinetTunnelControl: C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll (Fortinet Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Users\Vicky\Veetle\plugins\npVeetle.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Users\Vicky\Veetle\Player\npvlc.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Vicky\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Vicky\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vicky\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vicky\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2012/06/26 02:27:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/18 15:56:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/02 14:18:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2012/06/26 02:27:08 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/18 15:56:23 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/02 14:18:48 | 000,000,000 | ---D | M]

    [2011/10/27 11:17:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Extensions
    [2011/10/27 11:17:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Extensions\pencil@evolus.vn
    [2012/06/25 14:04:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\55lvdkhu.default\extensions
    [2012/05/18 19:36:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\55lvdkhu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/06/25 14:04:21 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\55lvdkhu.default\extensions\toolbar@ask.com
    [2012/06/25 14:04:21 | 000,002,344 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\55lvdkhu.default\searchplugins\askcom.xml
    [2012/01/13 18:10:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/11/08 12:18:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/06/18 15:56:23 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/06/26 02:43:21 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/03/10 12:14:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/03/10 12:14:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/06/30 09:16:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
    O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe File not found
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
    O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
    O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
    O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Vicky\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    O4 - HKCU..\Run: [cdloader] C:\Users\Vicky\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKCU..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C5B5A8C-39D7-4B92-9C60-98F9F9A6096C}: DhcpNameServer = 125.22.47.125 202.56.250.5
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A190CD07-791F-4105-9A01-42626AC9A757}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/06/28 12:46:42 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
     
  15. Vicker

    Vicker TS Rookie Topic Starter Posts: 18

    OTL.txt - Continued ( There is going to be 1 more part):

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/30 17:41:02 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/06/30 15:04:21 | 004,567,958 | R--- | C] (Swearware) -- C:\Users\Vicky\Desktop\ComboFix.exe
    [2012/06/30 09:09:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/06/30 09:09:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/06/30 09:09:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/06/30 09:01:01 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/06/30 09:00:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/06/30 07:58:08 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Desktop\Malware Removal
    [2012/06/27 14:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch
    [2012/06/27 13:26:34 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/06/27 13:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/06/27 05:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2013
    [2012/06/27 05:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
    [2012/06/27 05:18:47 | 000,076,944 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdvedisk.sys
    [2012/06/27 05:18:19 | 000,090,192 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\BdfNdisf6.sys
    [2012/06/27 05:18:19 | 000,079,952 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys
    [2012/06/27 05:18:14 | 000,691,896 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
    [2012/06/27 05:18:14 | 000,545,064 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
    [2012/06/27 05:18:14 | 000,258,736 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
    [2012/06/27 05:08:14 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Bitdefender
    [2012/06/27 05:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
    [2012/06/27 05:02:40 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\QuickScan
    [2012/06/27 04:59:27 | 000,138,232 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\gzflt.sys
    [2012/06/27 04:59:25 | 000,329,800 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
    [2012/06/27 04:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
    [2012/06/27 04:53:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
    [2012/06/27 04:48:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
    [2012/06/25 23:35:06 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\AskToolbar
    [2012/06/25 14:27:06 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Malwarebytes
    [2012/06/25 14:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/06/25 14:04:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
    [2012/06/25 14:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2012/06/25 12:13:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

    ========== Files - Modified Within 30 Days ==========

    [2012/07/01 01:27:46 | 004,567,958 | R--- | M] (Swearware) -- C:\Users\Vicky\Desktop\ComboFix.exe
    [2012/06/30 15:10:44 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/30 15:10:44 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/06/30 15:03:49 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/30 15:03:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/06/30 15:03:03 | 2960,523,264 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/30 14:50:10 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/30 14:44:32 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2040155730-1753831638-4115862423-1000UA.job
    [2012/06/30 09:16:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/06/27 14:45:22 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/06/27 14:45:22 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/06/27 14:45:22 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/06/27 13:26:35 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/27 05:19:57 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
    [2012/06/27 05:19:27 | 000,253,404 | ---- | M] () -- C:\bdr-ld01
    [2012/06/27 05:19:16 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
    [2012/06/27 05:19:16 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2013.lnk
    [2012/06/27 05:19:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
    [2012/06/27 04:53:38 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
    [2012/06/27 04:39:31 | 000,001,182 | ---- | M] () -- C:\Users\Vicky\Desktop\mbam - Shortcut.lnk
    [2012/06/26 10:44:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2040155730-1753831638-4115862423-1000Core.job
    [2012/06/15 14:03:17 | 000,000,997 | ---- | M] () -- C:\Users\Vicky\Desktop\magicJack.lnk
    [2012/06/13 22:04:49 | 000,489,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2012/06/30 09:09:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/06/30 09:09:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/06/30 09:09:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/06/30 09:09:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/06/30 09:09:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/06/27 13:26:35 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/27 05:19:57 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
    [2012/06/27 05:19:16 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
    [2012/06/27 05:19:16 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2013.lnk
    [2012/06/27 05:19:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
    [2012/06/27 05:05:29 | 000,253,404 | ---- | C] () -- C:\bdr-ld01
    [2012/06/27 04:53:38 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
    [2012/06/27 04:39:31 | 000,001,182 | ---- | C] () -- C:\Users\Vicky\Desktop\mbam - Shortcut.lnk
    [2012/03/01 01:27:28 | 000,005,013 | ---- | C] () -- C:\Users\Vicky\.recently-used.xbel
    [2011/07/02 04:07:59 | 000,000,000 | ---- | C] () -- C:\Users\Vicky\AppData\Local\{750369B2-C045-4B80-88A3-5905902716D8}
    [2011/05/18 02:14:26 | 000,000,267 | ---- | C] () -- C:\Windows\LaunApp.ini
    [2011/05/18 02:04:19 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2011/05/18 02:04:19 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2011/05/18 02:04:19 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2011/05/18 02:04:19 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2011/05/18 02:04:19 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2011/05/18 02:03:53 | 000,001,758 | ---- | C] () -- C:\Windows\WPatchProgress.ini
    [2011/05/17 16:01:29 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/09/10 22:37:14 | 000,000,325 | ---- | C] () -- C:\Windows\Prelaunch.ini
    [2010/09/10 22:37:14 | 000,000,271 | ---- | C] () -- C:\Windows\WisPriority.ini
    [2010/09/10 22:37:14 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini

    ========== LOP Check ==========

    [2012/06/13 22:17:33 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Audacity
    [2011/09/19 14:47:33 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Autodesk
    [2012/06/27 07:13:29 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Bitdefender
    [2011/06/29 14:26:14 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Downloaded Installations
    [2012/06/25 08:35:00 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\FileZilla
    [2011/07/14 06:57:32 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\GetRightToGo
    [2012/02/28 13:53:44 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\gtk-2.0
    [2012/06/15 14:03:18 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\mjusbsp
    [2011/10/27 11:17:13 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Pencil
    [2012/06/27 05:02:40 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\QuickScan
    [2012/01/31 09:53:53 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Software Informer
    [2011/09/13 14:05:11 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\SpiderOak
    [2011/09/07 17:15:10 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\uTorrent
    [2012/05/31 01:25:21 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\ZTEEVDO
    [2012/04/14 11:34:17 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2012/06/30 15:00:40 | 000,012,633 | ---- | M] () -- C:\bdlog.txt
    [2012/06/27 05:19:27 | 000,253,404 | ---- | M] () -- C:\bdr-ld01
    [2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2009/07/27 15:40:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012/06/30 15:13:14 | 000,025,704 | ---- | M] () -- C:\ComboFix.txt
    [2011/07/14 02:45:31 | 000,000,000 | ---- | M] () -- C:\error.txt
    [2012/06/30 15:03:03 | 2960,523,264 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/30 15:03:03 | 3947,364,352 | -HS- | M] () -- C:\pagefile.sys
    [2010/12/22 05:10:45 | 000,001,406 | ---- | M] () -- C:\Patch.rev
    [2011/05/17 23:53:31 | 000,000,217 | ---- | M] () -- C:\Preload.rev
    [2011/05/18 01:25:55 | 000,002,142 | ---- | M] () -- C:\RHDSetup.log
    [2012/06/30 08:51:39 | 000,127,338 | ---- | M] () -- C:\TDSSKiller.2.7.43.0_30.06.2012_08.49.35_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/04/17 02:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/05/17 09:56:26 | 000,000,221 | -HS- | M] () -- C:\Users\Vicky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/07/01 01:27:46 | 004,567,958 | R--- | M] (Swearware) -- C:\Users\Vicky\Desktop\ComboFix.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/06/30 15:03:49 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/30 14:50:10 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/26 10:44:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2040155730-1753831638-4115862423-1000Core.job
    [2012/06/30 14:44:32 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2040155730-1753831638-4115862423-1000UA.job
    [2012/06/30 15:03:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/04/14 11:34:17 | 000,032,576 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/05/18 01:25:14 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/05/18 01:25:15 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011/05/18 01:21:38 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011/05/18 01:21:38 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/05/18 01:25:15 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/05/17 09:55:30 | 000,000,402 | -HS- | M] () -- C:\Users\Vicky\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/05/18 01:33:18 | 000,015,841 | ---- | M] () -- C:\ProgramData\ArcadeDeluxe4.log
    [2011/05/17 10:04:32 | 000,000,090 | ---- | M] () -- C:\ProgramData\PS.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

    < End of report >
     
  16. Vicker

    Vicker TS Rookie Topic Starter Posts: 18

    The above concludes the result of the OTL.txt log. Here are the results of Extra.txt:

    OTL Extras logfile created on: 6/30/2012 3:26:43 PM - Run 1
    OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Vicky\Desktop\Malware Removal\13 OTL
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.68 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 64.09% Memory free
    7.35 Gb Paging File | 5.85 Gb Available in Paging File | 79.61% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 229.53 Gb Total Space | 180.28 Gb Free Space | 78.54% Space Free | Partition Type: NTFS
    Drive E: | 223.43 Gb Total Space | 173.78 Gb Free Space | 77.78% Space Free | Partition Type: NTFS
    Drive F: | 1.88 Gb Total Space | 1.14 Gb Free Space | 60.57% Space Free | Partition Type: FAT32

    Computer Name: VICKY-ACER | User Name: Vicky | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{3FE0B916-FE9D-42A4-8651-391537F99217}" = Lexicon Lambda Driver
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{EF48631A-7F45-430A-8AD3-B41CFB1D7596}" = HP Deskjet 2050 J510 series Product Improvement Study
    "{F2C07BE3-0F88-4D0C-957B-3557699981E9}" = HP Deskjet 2050 J510 series Basic Device Software
    "Bitdefender" = Bitdefender Total Security 2013
    "CutePDF Writer Installation" = CutePDF Writer 2.8
    "WinRAR archiver" = WinRAR 4.01 beta 1 (64-bit)
    "ZTEWireless-101_is1" = Reliance Netconnect+

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
    "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2F9D6E60-CCDA-4761-A947-74AB500CFB0D}" = Sensible Soccer 2006 Demo
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{336C4194-47FA-40A8-8D65-21000CA5186E}" = Pro Evolution Soccer 2011 DEMO
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
    "{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
    "{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9CD9CD94-76CC-4524-8617-DEB9C2D7C389}" = FIFA 10 - Demo
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A34DCE59-0004-0000-2148-3F8A9926B752}" = FortiClient SSLVPN v4.0.2148
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{D95CD7BE-A894-4F6C-B9DF-578C3CB411D4}" = VLC
    "{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "Acer Registration" = Acer Registration
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AISIWIN-CLARK8_is1" = AISIWIN - Clark Western 8.04
    "Akamai" = Akamai NetSession Interface Service
    "Autodesk DWF Viewer" = Autodesk DWF Viewer
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ESET Online Scanner" = ESET Online Scanner v3
    "FileZilla Client" = FileZilla Client 3.5.1
    "Huawei Access Manager" = Huawei Access Manager
    "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
    "InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
    "Lexicon Lambda Driver" = Lexicon Lambda Driver
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Pencil" = Pencil
    "PowerISO" = PowerISO
    "SpiderOak" = SpiderOak
    "Tata Photon+" = Tata Photon+
    "uTorrent" = µTorrent
    "Veetle TV" = Veetle TV
    "VLC media player" = VLC media player 1.1.5
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Search Defender" = Yahoo! Search Protection
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
    "Akamai" = Akamai NetSession Interface
    "magicJack" = magicJack

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/30/2012 7:39:17 AM | Computer Name = Vicky-Acer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 6/30/2012 7:39:17 AM | Computer Name = Vicky-Acer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 6/30/2012 7:39:17 AM | Computer Name = Vicky-Acer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 6/30/2012 7:39:18 AM | Computer Name = Vicky-Acer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 6/30/2012 7:39:18 AM | Computer Name = Vicky-Acer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 6/30/2012 7:39:18 AM | Computer Name = Vicky-Acer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 6/30/2012 9:00:48 AM | Computer Name = Vicky-Acer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 6/30/2012 9:00:48 AM | Computer Name = Vicky-Acer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 6/30/2012 9:00:48 AM | Computer Name = Vicky-Acer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 6/30/2012 9:00:48 AM | Computer Name = Vicky-Acer | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    [ OSession Events ]
    Error - 7/30/2011 1:13:49 AM | Computer Name = Vicky-Acer | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3620
    seconds with 900 seconds of active time. This session ended with a crash.

    Error - 8/13/2011 7:59:34 AM | Computer Name = Vicky-Acer | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3268
    seconds with 780 seconds of active time. This session ended with a crash.

    Error - 8/13/2011 8:00:10 AM | Computer Name = Vicky-Acer | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 8/13/2011 8:00:21 AM | Computer Name = Vicky-Acer | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 6/30/2012 3:37:19 PM | Computer Name = Vicky-Acer | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 6/30/2012 3:37:35 PM | Computer Name = Vicky-Acer | Source = Service Control Manager | ID = 7034
    Description = The Bitdefender Virus Shield service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 6/30/2012 3:43:27 PM | Computer Name = Vicky-Acer | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error - 6/30/2012 3:59:29 PM | Computer Name = Vicky-Acer | Source = Service Control Manager | ID = 7034
    Description = The Bitdefender Virus Shield service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 6/30/2012 4:00:27 PM | Computer Name = Vicky-Acer | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error - 6/30/2012 4:03:13 PM | Computer Name = Vicky-Acer | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 3:00:08 PM on ?6/?30/?2012 was unexpected.

    Error - 6/30/2012 4:03:34 PM | Computer Name = Vicky-Acer | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error - 6/30/2012 4:05:33 PM | Computer Name = Vicky-Acer | Source = Service Control Manager | ID = 7031
    Description = The Akamai NetSession Interface service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in 1000
    milliseconds: Restart the service.

    Error - 6/30/2012 4:09:59 PM | Computer Name = Vicky-Acer | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 6/30/2012 4:11:39 PM | Computer Name = Vicky-Acer | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.


    < End of report >
     
  17. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Good news :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      PRC - [2012/05/29 17:25:52 | 001,564,880 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
      IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      FF - prefs.js..browser.search.defaultengine: "Ask.com"
      FF - prefs.js..browser.search.defaultenginename: "Ask.com"
      FF - prefs.js..browser.search.order.1: "Ask.com"
      FF - prefs.js..browser.search.selectedEngine: "Ask.com"
      [2012/06/25 14:04:21 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\55lvdkhu.default\extensions\toolbar@ask.com
      [2012/06/25 14:04:21 | 000,002,344 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\55lvdkhu.default\searchplugins\askcom.xml
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
      O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe File not found
      
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files (x86)\Ask.com
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  18. Vicker

    Vicker TS Rookie Topic Starter Posts: 18

    Hi Broni,

    I am on the last step - ESET scanning is currently going on. It looks like it may take a while, and I might doze off for a bit (late night where I am). Is it alright if I get back to you in a few hours with the logs on the above steps?
    A couple of other questions :
    1.do you feel that the system is on the way to recovery?
    2. The infected computer is currently undergoing the ESET online scan with the existing AV - BitDefender disabled. The wireless connectivity is on. Would it be safe for a few hours once the online scan is complete but BitDefender isn't enabled again yet ? (owing me crashing!) - silly question :D

    Thank you so much for your continued help on this matter!
     
  19. Vicker

    Vicker TS Rookie Topic Starter Posts: 18

    Hi Broni,

    44% complete on the ESET online scanner and I see 1 infection so far:

    win64/ patched.b.gen. trojan

    Waiting for the complete scan to finish....sweating beads already! :(
     
  20. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Your computer should be fairly clean by now but I'll have to see all latest scans I prescribed in my previous reply.
     
  21. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Don't worry too much about Eset findings.
    Most likely it'll find only inactive leftovers or already quarantined stuff.
     
  22. Vicker

    Vicker TS Rookie Topic Starter Posts: 18

    Hi Bruni,

    here are the results:

    Security Checkup Results:

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    ESET Online Scanner v3
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 25
    Out of date Java installed!
    Adobe Flash Player ( 10.3.181.14) Flash Player Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Bitdefender Bitdefender 2013 vsserv.exe
    Bitdefender Bitdefender 2013 bdparentalservice.exe
    Bitdefender Bitdefender 2013 updatesrv.exe
    Bitdefender Bitdefender SafeBox safeboxservice.exe
    Bitdefender Bitdefender 2013 bdagent.exe
    Bitdefender Bitdefender 2013 BdParentalSysTray.exe
    Symantec Norton Online Backup NOBuAgent.exe
    ``````````End of Log````````````
    --------------------------------------------------------------------------------------------------------------------

    FSS Results:

    Farbar Service Scanner Version: 25-06-2012 01
    Ran by Vicky (administrator) on 30-06-2012 at 16:17:43
    Running from "F:\Malware Removal\With Results\Malware Removal\16 FSS"
    Microsoft Windows 7 Home Premium (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error: Google IP is offline
    Attempt to access Google.com returned error: Google.com is offline
    Attempt to access Yahoo IP returned error: Yahoo IP is offline
    Attempt to access Yahoo.com returned error: Yahoo.com is offline


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys
    [2012-02-14 22:26] - [2011-12-27 22:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2012-05-08 23:20] - [2012-03-30 06:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll
    [2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll
    [2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    -----------------------------------------------------------------------------------------------------
    TFC- no log

    -----------------------------------------------------------

    ESet Online Scanner:

    C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan deleted - quarantined
    ------------------------------------------------------
     
  23. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    =============================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =========================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  24. Vicker

    Vicker TS Rookie Topic Starter Posts: 18

    Hi Broni,

    1. I updated to the latest java version

    2. Ran javaRa (it said no logs were produced though)- is that a problem?

    3. Results of OTL Fix (see below):

    4. You mentioned : If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    Does that mean I remove all installables till now (eg. OTL, combofix, etc ) , and also remove all the logs etc produced by these programs?

    Thank you so much for your continued assistance!

    OTL Fix report:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Vicky
    ->Temp folder emptied: 56680 bytes
    ->Temporary Internet Files folder emptied: 37294 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 45400283 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 3426 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 43.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Vicky
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Vicky
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.53.0 log created on 06302012_231950

    Files\Folders moved on Reboot...
    C:\Users\Vicky\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Windows\temp\~bd15AD.tmp not found!

    PendingFileRenameOperations files...
    File C:\Users\Vicky\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File C:\Windows\temp\~bd15AD.tmp not found!

    Registry entries deleted on Reboot...
     
  25. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    2. No.
    4. Yes.

     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...