Solved Trojan.Sirefef.fy and Trojan.Generic - Steps followed with logs

V

Vicker

Posts: 18   +0
Hi,

I am facing a very similar issue to what some have reported , with the dreaded Trojan.sirefef.fy and trojan.Generic being detected in my beloved laptop. The issue is similar to the thread at:

https://www.techspot.com/community/topics/trojan-generic-trojan-sirefef.181501/

I have followed the steps listed out too (till ComboFix), and pasted as much information from the runs. Here is a summary:

1. Antivirus Run -BitDefender total security 2013 : kept detecting the Trojans :
C:\windows\assembly\GAC_64\Desktop.ini : Trojan.sirefef.fy
c:\windows\system32\smss.exe :Trojan.sirefef.fy
C:\windows\assembly\GAC_32\Desktop.ini : Trojan.generic. 7552xxx (some numbers)

It would keep detecting these Trojans on reboot and give constant warnings. It will claim to have deleted most except 1 or 2 Trojans (sirefef.fy) which simply doesn't get deleted and keeps appearing every time I turn on the laptop . I guess this causes the other trojans to get created/appear every time or something.

I have performed the following steps , and I will be copy pasting all the logs information collected :

2. Malwarebytes (didn't detect any infected files)

3. GMER

4. DDS

5. Bootkit Remover

6.aswMBR

7. TDSS Killer

8. FixTDSS

9. ComboFIX


Thank you so much in advance for your assistance.
 
2. Step 2: Malwarebytes:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.27.09

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Vicky :: VICKY-ACER [administrator]

6/30/2012 7:49:42 AM
mbam-log-2012-06-30 (07-49-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209666
Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

-----------------------

Step 3: GMER Log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-30 08:38:53
Windows 6.1.7600
Running: itgu0iwk.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@CriticalSectionTimeout 2592000
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@GlobalFlag 0
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@HeapDeCommitFreeBlockThreshold 0
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@HeapDeCommitTotalFreeThreshold 0
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@HeapSegmentCommit 0
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@HeapSegmentReserve 0
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@ProcessorControl 2
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@ResourceTimeoutCount 648000
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@BootExecute autocheck autochk *?
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@ExcludeFromKnownDlls
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@ObjectDirectories \Windows?\RPC Control?
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@ProtectionMode 1
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@NumberOfInitialSessions 2
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@SetupExecute
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@PendingFileRenameOperations \??\C:\Windows\assembly\GAC_64\Desktop.ini??\??\C:\Windows\assembly\GAC_32\Desktop.ini??

---- EOF - GMER 1.0.15 ----
 
Step 5: DDS

Shows random characters (similar to the thread:
https://www.techspot.com/community/topics/trojan-generic-trojan-sirefef.181501/ )

MZ   ÿÿ ¸ @ Ø º ´Í!¸LÍ!This program cannot be run in DOS mode.$ 1¸„:uÙêiuÙêiuÙêI¶ÖµiwÙêiuÙëIîÙêI¶Ö·idÙêI!úÚIÙêI²ßìitÙêiRichuÙêI PE L ÆãK à   P   0ó °  @        í €      `    ` UPX0    € àUPX1 P ° F  @ à.rsrc    J @ À ----->and lots of more signs like this


---------------------------------------------------------

Step 6: Bootkit Remover log:


Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`32d00000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

---------------------------------------------------

Step 7: aswMBR log:


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-30 08:47:37
-----------------------------
08:47:37.778 OS Version: Windows x64 6.1.7600
08:47:37.778 Number of processors: 4 586 0x2505
08:47:37.778 ComputerName: VICKY-ACER UserName: Vicky
08:47:39.026 Initialize success
08:47:54.173 AVAST engine download error: 0
08:47:56.451 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
08:47:56.451 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
08:47:56.466 Disk 0 MBR read successfully
08:47:56.466 Disk 0 MBR scan
08:47:56.466 Disk 0 Windows VISTA default MBR code
08:47:56.482 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13000 MB offset 2048
08:47:56.513 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26626048
08:47:56.529 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 235041 MB offset 26830848
08:47:56.529 Disk 0 Partition - 00 0F Extended LBA 228796 MB offset 508196864
08:47:56.560 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 228795 MB offset 508198912
08:47:56.575 Disk 0 scanning C:\Windows\system32\drivers
08:48:02.004 Service scanning
08:48:04.859 Service BdfNdisf c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys **LOCKED** 5
08:48:04.921 Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5
08:48:22.565 Modules scanning
08:48:22.565 Disk 0 trace - called modules:
08:48:22.596 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
08:48:22.612 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b6c060]
08:48:22.612 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004922050]
08:48:22.628 Scan finished successfully
08:49:00.177 Disk 0 MBR has been saved successfully to "C:\Users\Vicky\Desktop\Malware Removal\07 ASWMBR\MBR.dat"
08:49:00.224 The log file has been saved successfully to "C:\Users\Vicky\Desktop\Malware Removal\07 ASWMBR\aswMBR.txt"


--------------------------------------------------------------------------------------------
 
Step 8: TDSS Killer log:

08:49:35.0564 4696 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
08:49:35.0595 4696 ============================================================
08:49:35.0595 4696 Current date / time: 2012/06/30 08:49:35.0595
08:49:35.0595 4696 SystemInfo:
08:49:35.0595 4696
08:49:35.0595 4696 OS Version: 6.1.7600 ServicePack: 0.0
08:49:35.0595 4696 Product type: Workstation
08:49:35.0595 4696 ComputerName: VICKY-ACER
08:49:35.0595 4696 UserName: Vicky
08:49:35.0595 4696 Windows directory: C:\Windows
08:49:35.0595 4696 System windows directory: C:\Windows
08:49:35.0595 4696 Running under WOW64
08:49:35.0595 4696 Processor architecture: Intel x64
08:49:35.0595 4696 Number of processors: 4
08:49:35.0595 4696 Page size: 0x1000
08:49:35.0595 4696 Boot type: Normal boot
08:49:35.0595 4696 ============================================================
08:49:36.0079 4696 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:49:36.0157 4696 Drive \Device\Harddisk1\DR2 - Size: 0x78800000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:49:36.0157 4696 ============================================================
08:49:36.0157 4696 \Device\Harddisk0\DR0:
08:49:36.0157 4696 MBR partitions:
08:49:36.0157 4696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
08:49:36.0157 4696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x1CB10830
08:49:36.0172 4696 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E4A8000, BlocksNum 0x1BEDD800
08:49:36.0172 4696 \Device\Harddisk1\DR2:
08:49:36.0172 4696 MBR partitions:
08:49:36.0172 4696 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x3C2000
08:49:36.0172 4696 ============================================================
08:49:36.0219 4696 C: <-> \Device\Harddisk0\DR0\Partition1
08:49:36.0297 4696 E: <-> \Device\Harddisk0\DR0\Partition2
08:49:36.0297 4696 ============================================================
08:49:36.0297 4696 Initialize success
08:49:36.0297 4696 ============================================================
08:49:47.0841 3632 ============================================================
08:49:47.0841 3632 Scan started
08:49:47.0841 3632 Mode: Manual;
08:49:47.0841 3632 ============================================================
08:49:48.0496 3632 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
08:49:48.0496 3632 1394ohci - ok
08:49:48.0574 3632 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
08:49:48.0574 3632 ACPI - ok
08:49:48.0590 3632 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
08:49:48.0590 3632 AcpiPmi - ok
08:49:48.0637 3632 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:49:48.0652 3632 adp94xx - ok
08:49:48.0699 3632 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:49:48.0715 3632 adpahci - ok
08:49:48.0746 3632 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:49:48.0746 3632 adpu320 - ok
08:49:48.0793 3632 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:49:48.0793 3632 AeLookupSvc - ok
08:49:48.0886 3632 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
08:49:48.0902 3632 AFD - ok
08:49:48.0933 3632 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
08:49:48.0949 3632 agp440 - ok
08:49:49.0354 3632 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll
08:49:49.0354 3632 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
08:49:49.0370 3632 Akamai ( HiddenFile.Multi.Generic ) - warning
08:49:49.0370 3632 Akamai - detected HiddenFile.Multi.Generic (1)
08:49:49.0479 3632 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:49:49.0479 3632 ALG - ok
08:49:49.0542 3632 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
08:49:49.0542 3632 aliide - ok
08:49:49.0557 3632 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
08:49:49.0573 3632 amdide - ok
08:49:49.0588 3632 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:49:49.0604 3632 AmdK8 - ok
08:49:49.0620 3632 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:49:49.0620 3632 AmdPPM - ok
08:49:49.0651 3632 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
08:49:49.0666 3632 amdsata - ok
08:49:49.0682 3632 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:49:49.0682 3632 amdsbs - ok
08:49:49.0713 3632 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
08:49:49.0713 3632 amdxata - ok
08:49:49.0760 3632 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
08:49:49.0760 3632 AmUStor - ok
08:49:49.0822 3632 ApfiltrService (6f9ef180bb9cec92d3e8ec9163748de5) C:\Windows\system32\DRIVERS\Apfiltr.sys
08:49:49.0822 3632 ApfiltrService - ok
08:49:49.0885 3632 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
08:49:49.0885 3632 AppID - ok
08:49:49.0916 3632 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:49:49.0916 3632 AppIDSvc - ok
08:49:49.0932 3632 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
08:49:49.0932 3632 Appinfo - ok
08:49:49.0963 3632 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:49:49.0963 3632 arc - ok
08:49:49.0978 3632 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:49:49.0978 3632 arcsas - ok
08:49:50.0010 3632 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:49:50.0010 3632 AsyncMac - ok
08:49:50.0041 3632 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
08:49:50.0041 3632 atapi - ok
08:49:50.0212 3632 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
08:49:50.0244 3632 athr - ok
08:49:50.0384 3632 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
08:49:50.0384 3632 AudioEndpointBuilder - ok
08:49:50.0400 3632 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
08:49:50.0400 3632 AudioSrv - ok
08:49:50.0493 3632 Autodesk Licensing Service (32a5defddc3562bf89d73586f5915b34) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
08:49:50.0493 3632 Autodesk Licensing Service - ok
08:49:50.0587 3632 avc3 (f57de310bf3bd9df0f7d301c1d7f5432) C:\Windows\system32\DRIVERS\avc3.sys
08:49:50.0602 3632 avc3 - ok
08:49:50.0634 3632 avchv (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys
08:49:50.0634 3632 avchv - ok
08:49:50.0680 3632 avckf (6dc4cca415bbf2fc629beb532aa0e6cd) C:\Windows\system32\DRIVERS\avckf.sys
08:49:50.0680 3632 avckf - ok
08:49:50.0727 3632 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
08:49:50.0727 3632 AxInstSV - ok
08:49:50.0790 3632 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:49:50.0790 3632 b06bdrv - ok
08:49:50.0836 3632 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:49:50.0836 3632 b57nd60a - ok
08:49:50.0930 3632 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
08:49:50.0946 3632 BCM43XX - ok
08:49:51.0024 3632 BdDesktopParental (52c16890a91168a6c720a8c3e63322fb) C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe
08:49:51.0024 3632 BdDesktopParental - ok
08:49:51.0133 3632 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:49:51.0133 3632 BDESVC - ok
08:49:51.0226 3632 BdfNdisf (707ac68f86f97c17c30498aaf3c7e27e) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
08:49:51.0242 3632 BdfNdisf - ok
08:49:51.0289 3632 bdfwfpf (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
08:49:51.0289 3632 bdfwfpf - ok
08:49:51.0336 3632 BDSandBox (31571d77c6186ad228f52ee4ebdf8ee9) C:\Windows\system32\drivers\bdsandbox.sys
08:49:51.0336 3632 BDSandBox - ok
08:49:51.0367 3632 BDVEDISK (50f796cb1e8c80f3d19435cb50c3dab5) C:\Windows\system32\DRIVERS\bdvedisk.sys
08:49:51.0382 3632 BDVEDISK - ok
08:49:51.0398 3632 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:49:51.0414 3632 Beep - ok
08:49:51.0476 3632 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
08:49:51.0492 3632 BITS - ok
08:49:51.0523 3632 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:49:51.0523 3632 blbdrive - ok
08:49:51.0570 3632 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
08:49:51.0570 3632 bowser - ok
08:49:51.0601 3632 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:49:51.0601 3632 BrFiltLo - ok
08:49:51.0632 3632 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:49:51.0632 3632 BrFiltUp - ok
08:49:51.0663 3632 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
08:49:51.0663 3632 Browser - ok
08:49:51.0694 3632 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:49:51.0710 3632 Brserid - ok
08:49:51.0726 3632 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:49:51.0726 3632 BrSerWdm - ok
08:49:51.0741 3632 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:49:51.0741 3632 BrUsbMdm - ok
08:49:51.0757 3632 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:49:51.0757 3632 BrUsbSer - ok
08:49:51.0788 3632 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:49:51.0788 3632 BTHMODEM - ok
08:49:51.0835 3632 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:49:51.0835 3632 bthserv - ok
08:49:51.0850 3632 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:49:51.0866 3632 cdfs - ok
08:49:51.0882 3632 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
08:49:51.0897 3632 cdrom - ok
08:49:51.0913 3632 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
08:49:51.0913 3632 CertPropSvc - ok
08:49:51.0928 3632 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:49:51.0928 3632 circlass - ok
08:49:51.0960 3632 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:49:51.0975 3632 CLFS - ok
08:49:52.0038 3632 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:49:52.0038 3632 clr_optimization_v2.0.50727_32 - ok
08:49:52.0084 3632 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:49:52.0084 3632 clr_optimization_v2.0.50727_64 - ok
08:49:52.0116 3632 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:49:52.0116 3632 CmBatt - ok
08:49:52.0147 3632 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
08:49:52.0147 3632 cmdide - ok
08:49:52.0194 3632 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
08:49:52.0209 3632 CNG - ok
08:49:52.0225 3632 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:49:52.0225 3632 Compbatt - ok
08:49:52.0256 3632 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
08:49:52.0256 3632 CompositeBus - ok
08:49:52.0272 3632 COMSysApp - ok
08:49:52.0303 3632 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:49:52.0303 3632 crcdisk - ok
08:49:52.0334 3632 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
08:49:52.0350 3632 CryptSvc - ok
08:49:52.0412 3632 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
08:49:52.0412 3632 DcomLaunch - ok
08:49:52.0459 3632 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:49:52.0474 3632 defragsvc - ok
08:49:52.0506 3632 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
08:49:52.0506 3632 DfsC - ok
08:49:52.0568 3632 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
08:49:52.0568 3632 Dhcp - ok
08:49:52.0599 3632 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:49:52.0599 3632 discache - ok
08:49:52.0646 3632 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:49:52.0646 3632 Disk - ok
08:49:52.0693 3632 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
08:49:52.0693 3632 Dnscache - ok
08:49:52.0724 3632 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
08:49:52.0724 3632 dot3svc - ok
08:49:52.0755 3632 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
08:49:52.0755 3632 DPS - ok
08:49:52.0786 3632 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:49:52.0786 3632 drmkaud - ok
08:49:52.0864 3632 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
08:49:52.0880 3632 DXGKrnl - ok
08:49:52.0927 3632 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:49:52.0927 3632 EapHost - ok
08:49:53.0145 3632 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:49:53.0192 3632 ebdrv - ok
08:49:53.0301 3632 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
08:49:53.0301 3632 EFS - ok
08:49:53.0410 3632 ehRecvr (3d69fae60ede442e004611a4ee4db44c) C:\Windows\ehome\ehRecvr.exe
08:49:53.0426 3632 ehRecvr - ok
08:49:53.0457 3632 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:49:53.0457 3632 ehSched - ok
08:49:53.0535 3632 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:49:53.0535 3632 elxstor - ok
08:49:53.0676 3632 ePowerSvc (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
08:49:53.0691 3632 ePowerSvc - ok
08:49:53.0785 3632 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
08:49:53.0785 3632 ErrDev - ok
08:49:53.0863 3632 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:49:53.0863 3632 EventSystem - ok
08:49:53.0910 3632 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:49:53.0910 3632 exfat - ok
08:49:53.0941 3632 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:49:53.0956 3632 fastfat - ok
08:49:54.0003 3632 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
08:49:54.0019 3632 Fax - ok
08:49:54.0050 3632 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:49:54.0050 3632 fdc - ok
08:49:54.0097 3632 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:49:54.0097 3632 fdPHost - ok
08:49:54.0112 3632 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:49:54.0112 3632 FDResPub - ok
08:49:54.0112 3632 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:49:54.0128 3632 FileInfo - ok
08:49:54.0144 3632 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:49:54.0144 3632 Filetrace - ok
08:49:54.0144 3632 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:49:54.0144 3632 flpydisk - ok
08:49:54.0175 3632 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
08:49:54.0175 3632 FltMgr - ok
08:49:54.0268 3632 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
08:49:54.0284 3632 FontCache - ok
08:49:54.0346 3632 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:49:54.0346 3632 FontCache3.0.0.0 - ok
08:49:54.0487 3632 FortiSslvpnDaemon (b4654909ab91283c196bafb901bbd510) C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
08:49:54.0502 3632 FortiSslvpnDaemon - ok
08:49:54.0596 3632 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:49:54.0596 3632 FsDepends - ok
08:49:54.0612 3632 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
08:49:54.0612 3632 Fs_Rec - ok
08:49:54.0674 3632 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:49:54.0674 3632 fvevol - ok
08:49:54.0705 3632 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:49:54.0705 3632 gagp30kx - ok
08:49:54.0768 3632 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
08:49:54.0783 3632 gpsvc - ok
08:49:54.0861 3632 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
08:49:54.0861 3632 GREGService - ok
08:49:54.0924 3632 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:49:54.0924 3632 gupdate - ok
08:49:54.0970 3632 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:49:54.0970 3632 gupdatem - ok
08:49:54.0986 3632 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:49:54.0986 3632 gusvc - ok
08:49:55.0048 3632 gzflt (07177b5a8c277074c30ac515febd4f37) C:\Windows\system32\DRIVERS\gzflt.sys
08:49:55.0048 3632 gzflt - ok
08:49:55.0080 3632 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:49:55.0080 3632 hcw85cir - ok
08:49:55.0111 3632 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
08:49:55.0126 3632 HdAudAddService - ok
08:49:55.0158 3632 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:49:55.0158 3632 HDAudBus - ok
08:49:55.0189 3632 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
08:49:55.0189 3632 HECIx64 - ok
08:49:55.0204 3632 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:49:55.0204 3632 HidBatt - ok
08:49:55.0220 3632 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:49:55.0220 3632 HidBth - ok
08:49:55.0251 3632 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:49:55.0251 3632 HidIr - ok
08:49:55.0267 3632 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
08:49:55.0267 3632 hidserv - ok
08:49:55.0314 3632 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
08:49:55.0314 3632 HidUsb - ok
08:49:55.0345 3632 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
08:49:55.0345 3632 hkmsvc - ok
08:49:55.0376 3632 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
08:49:55.0392 3632 HomeGroupListener - ok
08:49:55.0423 3632 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
08:49:55.0423 3632 HomeGroupProvider - ok
08:49:55.0470 3632 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
08:49:55.0470 3632 HpSAMD - ok
08:49:55.0532 3632 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
08:49:55.0548 3632 HTTP - ok
08:49:55.0594 3632 hwdatacard - ok
08:49:55.0626 3632 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
08:49:55.0626 3632 hwpolicy - ok
08:49:55.0657 3632 hwusbdev (b45b3647ba32749b94fa689175ec8c26) C:\Windows\system32\DRIVERS\ewusbdev.sys
08:49:55.0657 3632 hwusbdev - ok
08:49:55.0704 3632 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
08:49:55.0704 3632 i8042prt - ok
08:49:55.0766 3632 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
08:49:55.0766 3632 iaStor - ok
08:49:55.0828 3632 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
08:49:55.0828 3632 iaStorV - ok
08:49:55.0938 3632 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:49:55.0953 3632 idsvc - ok
08:49:56.0577 3632 igfx (2a22ab054f4630d2ef4bab2853f6d5f6) C:\Windows\system32\DRIVERS\igdkmd64.sys
08:49:56.0780 3632 igfx - ok
08:49:56.0920 3632 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:49:56.0920 3632 iirsp - ok
08:49:57.0030 3632 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
08:49:57.0045 3632 IKEEXT - ok
08:49:57.0076 3632 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
08:49:57.0076 3632 Impcd - ok
08:49:57.0264 3632 IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
08:49:57.0295 3632 IntcAzAudAddService - ok
08:49:57.0451 3632 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
08:49:57.0451 3632 IntcDAud - ok
08:49:57.0498 3632 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
08:49:57.0498 3632 intelide - ok
08:49:57.0529 3632 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:49:57.0529 3632 intelppm - ok
08:49:57.0560 3632 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:49:57.0560 3632 IPBusEnum - ok
08:49:57.0591 3632 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:49:57.0591 3632 IpFilterDriver - ok
08:49:57.0607 3632 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
08:49:57.0607 3632 IPMIDRV - ok
08:49:57.0638 3632 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:49:57.0638 3632 IPNAT - ok
08:49:57.0654 3632 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:49:57.0654 3632 IRENUM - ok
08:49:57.0700 3632 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
08:49:57.0700 3632 isapnp - ok
08:49:57.0732 3632 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
08:49:57.0732 3632 iScsiPrt - ok
08:49:57.0778 3632 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:49:57.0778 3632 kbdclass - ok
08:49:57.0810 3632 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
08:49:57.0810 3632 kbdhid - ok
08:49:57.0856 3632 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
08:49:57.0856 3632 KeyIso - ok
08:49:57.0888 3632 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
08:49:57.0888 3632 KSecDD - ok
08:49:57.0903 3632 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
08:49:57.0919 3632 KSecPkg - ok
08:49:57.0934 3632 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:49:57.0934 3632 ksthunk - ok
08:49:57.0997 3632 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:49:57.0997 3632 KtmRm - ok
08:49:58.0044 3632 L1C (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys
08:49:58.0044 3632 L1C - ok
08:49:58.0075 3632 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
08:49:58.0075 3632 L1E - ok
08:49:58.0106 3632 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
08:49:58.0122 3632 LanmanServer - ok
08:49:58.0137 3632 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
08:49:58.0153 3632 LanmanWorkstation - ok
08:49:58.0184 3632 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:49:58.0184 3632 lltdio - ok
08:49:58.0246 3632 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:49:58.0246 3632 lltdsvc - ok
08:49:58.0262 3632 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:49:58.0262 3632 lmhosts - ok
08:49:58.0371 3632 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel(R) Management
 
Step 8: TDSS KIller log continued:


Engine Components\LMS\LMS.exe
08:49:58.0371 3632 LMS - ok
08:49:58.0418 3632 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:49:58.0418 3632 LSI_FC - ok
08:49:58.0434 3632 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:49:58.0434 3632 LSI_SAS - ok
08:49:58.0465 3632 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:49:58.0465 3632 LSI_SAS2 - ok
08:49:58.0480 3632 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:49:58.0480 3632 LSI_SCSI - ok
08:49:58.0512 3632 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:49:58.0512 3632 luafv - ok
08:49:58.0558 3632 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
08:49:58.0574 3632 Mcx2Svc - ok
08:49:58.0590 3632 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:49:58.0590 3632 megasas - ok
08:49:58.0621 3632 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:49:58.0636 3632 MegaSR - ok
08:49:58.0699 3632 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
08:49:58.0699 3632 Microsoft Office Groove Audit Service - ok
08:49:58.0746 3632 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:49:58.0746 3632 MMCSS - ok
08:49:58.0777 3632 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:49:58.0777 3632 Modem - ok
08:49:58.0792 3632 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:49:58.0792 3632 monitor - ok
08:49:58.0808 3632 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:49:58.0808 3632 mouclass - ok
08:49:58.0855 3632 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:49:58.0855 3632 mouhid - ok
08:49:58.0870 3632 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
08:49:58.0870 3632 mountmgr - ok
08:49:58.0964 3632 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:49:58.0964 3632 MozillaMaintenance - ok
08:49:58.0995 3632 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
08:49:58.0995 3632 mpio - ok
08:49:59.0026 3632 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:49:59.0026 3632 mpsdrv - ok
08:49:59.0058 3632 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
08:49:59.0058 3632 MRxDAV - ok
08:49:59.0089 3632 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:49:59.0089 3632 mrxsmb - ok
08:49:59.0136 3632 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:49:59.0136 3632 mrxsmb10 - ok
08:49:59.0167 3632 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:49:59.0167 3632 mrxsmb20 - ok
08:49:59.0182 3632 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
08:49:59.0182 3632 msahci - ok
08:49:59.0229 3632 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
08:49:59.0229 3632 msdsm - ok
08:49:59.0260 3632 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:49:59.0260 3632 MSDTC - ok
08:49:59.0292 3632 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:49:59.0292 3632 Msfs - ok
08:49:59.0323 3632 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:49:59.0323 3632 mshidkmdf - ok
08:49:59.0338 3632 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
08:49:59.0338 3632 msisadrv - ok
08:49:59.0385 3632 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:49:59.0385 3632 MSiSCSI - ok
08:49:59.0385 3632 msiserver - ok
08:49:59.0432 3632 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:49:59.0432 3632 MSKSSRV - ok
08:49:59.0432 3632 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:49:59.0432 3632 MSPCLOCK - ok
08:49:59.0479 3632 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:49:59.0479 3632 MSPQM - ok
08:49:59.0510 3632 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
08:49:59.0510 3632 MsRPC - ok
08:49:59.0541 3632 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
08:49:59.0541 3632 mssmbios - ok
08:49:59.0572 3632 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:49:59.0572 3632 MSTEE - ok
08:49:59.0588 3632 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:49:59.0588 3632 MTConfig - ok
08:49:59.0604 3632 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:49:59.0604 3632 Mup - ok
08:49:59.0666 3632 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
08:49:59.0666 3632 napagent - ok
08:49:59.0728 3632 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:49:59.0728 3632 NativeWifiP - ok
08:49:59.0822 3632 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
08:49:59.0838 3632 NDIS - ok
08:49:59.0869 3632 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:49:59.0869 3632 NdisCap - ok
08:49:59.0900 3632 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:49:59.0900 3632 NdisTapi - ok
08:49:59.0931 3632 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
08:49:59.0931 3632 Ndisuio - ok
08:49:59.0963 3632 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
08:49:59.0963 3632 NdisWan - ok
08:49:59.0994 3632 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
08:49:59.0994 3632 NDProxy - ok
08:50:00.0041 3632 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:50:00.0041 3632 NetBIOS - ok
08:50:00.0072 3632 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
08:50:00.0072 3632 NetBT - ok
08:50:00.0119 3632 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
08:50:00.0119 3632 Netlogon - ok
08:50:00.0197 3632 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:50:00.0212 3632 Netman - ok
08:50:00.0243 3632 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:50:00.0259 3632 netprofm - ok
08:50:00.0337 3632 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:50:00.0337 3632 NetTcpPortSharing - ok
08:50:00.0384 3632 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:50:00.0384 3632 nfrd960 - ok
08:50:00.0431 3632 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
08:50:00.0446 3632 NlaSvc - ok
08:50:00.0727 3632 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
08:50:00.0758 3632 NOBU - ok
08:50:00.0883 3632 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:50:00.0883 3632 Npfs - ok
08:50:00.0899 3632 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:50:00.0899 3632 nsi - ok
08:50:00.0914 3632 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:50:00.0914 3632 nsiproxy - ok
08:50:01.0023 3632 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
08:50:01.0055 3632 Ntfs - ok
08:50:01.0148 3632 NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
08:50:01.0148 3632 NTI IScheduleSvc - ok
08:50:01.0257 3632 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
08:50:01.0257 3632 NTIDrvr - ok
08:50:01.0273 3632 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:50:01.0289 3632 Null - ok
08:50:01.0320 3632 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
08:50:01.0320 3632 nvraid - ok
08:50:01.0351 3632 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
08:50:01.0351 3632 nvstor - ok
08:50:01.0382 3632 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
08:50:01.0382 3632 nv_agp - ok
08:50:01.0523 3632 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:50:01.0523 3632 odserv - ok
08:50:01.0569 3632 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
08:50:01.0569 3632 ohci1394 - ok
08:50:01.0601 3632 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:50:01.0601 3632 ose - ok
08:50:01.0694 3632 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:50:01.0710 3632 p2pimsvc - ok
08:50:01.0757 3632 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:50:01.0772 3632 p2psvc - ok
08:50:01.0788 3632 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:50:01.0788 3632 Parport - ok
08:50:01.0835 3632 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
08:50:01.0835 3632 partmgr - ok
08:50:01.0866 3632 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:50:01.0866 3632 PcaSvc - ok
08:50:01.0897 3632 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
08:50:01.0897 3632 pci - ok
08:50:01.0913 3632 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
08:50:01.0913 3632 pciide - ok
08:50:01.0944 3632 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:50:01.0944 3632 pcmcia - ok
08:50:01.0975 3632 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:50:01.0975 3632 pcw - ok
08:50:02.0022 3632 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:50:02.0037 3632 PEAUTH - ok
08:50:02.0115 3632 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:50:02.0115 3632 PerfHost - ok
08:50:02.0225 3632 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
08:50:02.0256 3632 pla - ok
08:50:02.0318 3632 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
08:50:02.0318 3632 PlugPlay - ok
08:50:02.0349 3632 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:50:02.0349 3632 PNRPAutoReg - ok
08:50:02.0381 3632 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:50:02.0396 3632 PNRPsvc - ok
08:50:02.0443 3632 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
08:50:02.0443 3632 PolicyAgent - ok
08:50:02.0490 3632 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:50:02.0490 3632 Power - ok
08:50:02.0599 3632 pppop (b0e7d5d2cfaa6ed5f20eb8b84a35e593) C:\Windows\system32\DRIVERS\pppop64.sys
08:50:02.0599 3632 pppop - ok
08:50:02.0630 3632 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
08:50:02.0646 3632 PptpMiniport - ok
08:50:02.0661 3632 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:50:02.0661 3632 Processor - ok
08:50:02.0693 3632 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
08:50:02.0693 3632 ProfSvc - ok
08:50:02.0739 3632 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
08:50:02.0739 3632 ProtectedStorage - ok
08:50:02.0771 3632 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
08:50:02.0771 3632 Psched - ok
08:50:02.0895 3632 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:50:02.0911 3632 ql2300 - ok
08:50:03.0051 3632 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:50:03.0051 3632 ql40xx - ok
08:50:03.0083 3632 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:50:03.0098 3632 QWAVE - ok
08:50:03.0114 3632 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:50:03.0114 3632 QWAVEdrv - ok
08:50:03.0129 3632 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:50:03.0129 3632 RasAcd - ok
08:50:03.0176 3632 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:50:03.0176 3632 RasAgileVpn - ok
08:50:03.0192 3632 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:50:03.0192 3632 RasAuto - ok
08:50:03.0223 3632 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:50:03.0223 3632 Rasl2tp - ok
08:50:03.0285 3632 RasMan (db71d159446014c302fa59531be2c4b7) C:\Windows\System32\rasmans.dll
08:50:03.0301 3632 RasMan - ok
08:50:03.0332 3632 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:50:03.0332 3632 RasPppoe - ok
08:50:03.0348 3632 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:50:03.0348 3632 RasSstp - ok
08:50:03.0379 3632 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
08:50:03.0395 3632 rdbss - ok
08:50:03.0410 3632 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:50:03.0410 3632 rdpbus - ok
08:50:03.0410 3632 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:50:03.0410 3632 RDPCDD - ok
08:50:03.0441 3632 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:50:03.0441 3632 RDPENCDD - ok
08:50:03.0457 3632 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:50:03.0457 3632 RDPREFMP - ok
08:50:03.0504 3632 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
08:50:03.0504 3632 RDPWD - ok
08:50:03.0551 3632 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
08:50:03.0551 3632 rdyboost - ok
08:50:03.0582 3632 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:50:03.0597 3632 RemoteAccess - ok
08:50:03.0629 3632 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:50:03.0629 3632 RemoteRegistry - ok
08:50:03.0660 3632 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:50:03.0660 3632 RpcEptMapper - ok
08:50:03.0691 3632 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:50:03.0691 3632 RpcLocator - ok
08:50:03.0738 3632 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
08:50:03.0738 3632 RpcSs - ok
08:50:03.0769 3632 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:50:03.0769 3632 rspndr - ok
08:50:03.0863 3632 RS_Service (7cb9f0fdd730f4a4ecf6cde15ea12e8a) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
08:50:03.0863 3632 RS_Service - ok
08:50:03.0956 3632 SafeBox (92c63b7d2a4cdfa188019b5ba5d12847) C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
08:50:03.0956 3632 SafeBox - ok
08:50:03.0987 3632 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
08:50:04.0003 3632 SamSs - ok
08:50:04.0034 3632 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
08:50:04.0034 3632 sbp2port - ok
08:50:04.0081 3632 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:50:04.0081 3632 SCardSvr - ok
08:50:04.0128 3632 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
08:50:04.0128 3632 SCDEmu - ok
08:50:04.0143 3632 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
08:50:04.0143 3632 scfilter - ok
08:50:04.0253 3632 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
08:50:04.0268 3632 Schedule - ok
08:50:04.0299 3632 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
08:50:04.0299 3632 SCPolicySvc - ok
08:50:04.0346 3632 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
08:50:04.0346 3632 SDRSVC - ok
08:50:04.0409 3632 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:50:04.0409 3632 secdrv - ok
08:50:04.0424 3632 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
08:50:04.0424 3632 seclogon - ok
08:50:04.0440 3632 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
08:50:04.0440 3632 SENS - ok
08:50:04.0487 3632 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:50:04.0487 3632 SensrSvc - ok
08:50:04.0502 3632 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:50:04.0502 3632 Serenum - ok
08:50:04.0549 3632 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:50:04.0549 3632 Serial - ok
08:50:04.0580 3632 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:50:04.0580 3632 sermouse - ok
08:50:04.0611 3632 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
08:50:04.0627 3632 SessionEnv - ok
08:50:04.0643 3632 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
08:50:04.0643 3632 sffdisk - ok
08:50:04.0674 3632 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
08:50:04.0674 3632 sffp_mmc - ok
08:50:04.0689 3632 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
08:50:04.0689 3632 sffp_sd - ok
08:50:04.0705 3632 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:50:04.0705 3632 sfloppy - ok
08:50:04.0767 3632 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
08:50:04.0783 3632 ShellHWDetection - ok
08:50:04.0814 3632 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:50:04.0814 3632 SiSRaid2 - ok
08:50:04.0845 3632 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:50:04.0845 3632 SiSRaid4 - ok
08:50:04.0861 3632 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:50:04.0877 3632 Smb - ok
08:50:04.0908 3632 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:50:04.0908 3632 SNMPTRAP - ok
08:50:04.0923 3632 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:50:04.0923 3632 spldr - ok
08:50:04.0986 3632 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
08:50:05.0001 3632 Spooler - ok
08:50:05.0204 3632 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
08:50:05.0251 3632 sppsvc - ok
08:50:05.0360 3632 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:50:05.0376 3632 sppuinotify - ok
08:50:05.0423 3632 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
08:50:05.0438 3632 srv - ok
08:50:05.0501 3632 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
08:50:05.0501 3632 srv2 - ok
08:50:05.0547 3632 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
08:50:05.0563 3632 srvnet - ok
08:50:05.0625 3632 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:50:05.0625 3632 SSDPSRV - ok
08:50:05.0657 3632 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:50:05.0657 3632 SstpSvc - ok
08:50:05.0688 3632 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:50:05.0688 3632 stexstor - ok
08:50:05.0766 3632 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
08:50:05.0766 3632 stisvc - ok
08:50:05.0781 3632 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
08:50:05.0781 3632 swenum - ok
08:50:05.0844 3632 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:50:05.0859 3632 swprv - ok
08:50:05.0969 3632 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
08:50:05.0984 3632 SysMain - ok
08:50:06.0093 3632 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
08:50:06.0093 3632 TabletInputService - ok
08:50:06.0140 3632 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
08:50:06.0140 3632 TapiSrv - ok
08:50:06.0156 3632 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:50:06.0171 3632 TBS - ok
08:50:06.0327 3632 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
08:50:06.0359 3632 Tcpip - ok
08:50:06.0593 3632 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
08:50:06.0624 3632 TCPIP6 - ok
08:50:06.0749 3632 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
08:50:06.0749 3632 tcpipreg - ok
08:50:06.0764 3632 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:50:06.0764 3632 TDPIPE - ok
08:50:06.0795 3632 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
08:50:06.0795 3632 TDTCP - ok
08:50:06.0842 3632 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
08:50:06.0842 3632 tdx - ok
08:50:06.0858 3632 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
08:50:06.0858 3632 TermDD - ok
08:50:06.0920 3632 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
08:50:06.0936 3632 TermService - ok
08:50:06.0951 3632 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:50:06.0951 3632 Themes - ok
08:50:06.0983 3632 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:50:06.0983 3632 THREADORDER - ok
08:50:07.0014 3632 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:50:07.0029 3632 TrkWks - ok
08:50:07.0076 3632 trufos (df219721ddffcbe03aa894b6b6742ba1) C:\Windows\system32\DRIVERS\trufos.sys
08:50:07.0092 3632 trufos - ok
08:50:07.0170 3632 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
08:50:07.0170 3632 TrustedInstaller - ok
08:50:07.0201 3632 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:50:07.0201 3632 tssecsrv - ok
08:50:07.0217 3632 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
08:50:07.0232 3632 tunnel - ok
08:50:07.0248 3632 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:50:07.0248 3632 uagp35 - ok
08:50:07.0279 3632 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
08:50:07.0279 3632 UBHelper - ok
08:50:07.0310 3632 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
08:50:07.0310 3632 udfs - ok
08:50:07.0513 3632 UDisk Monitor (4afd30aa6b6aca37ce68d42df34e9b1a) E:\Software\Reliance Netconnect\Reliance Netconnect - Broadband+\Reliance Netconnect+\bin\MonServiceUDisk.exe
08:50:07.0513 3632 UDisk Monitor - ok
08:50:07.0560 3632 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:50:07.0575 3632 UI0Detect - ok
08:50:07.0622 3632 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
08:50:07.0622 3632 uliagpkx - ok
08:50:07.0685 3632 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
08:50:07.0685 3632 umbus - ok
08:50:07.0731 3632 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:50:07.0731 3632 UmPass - ok
08:50:07.0981 3632 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
08:50:08.0012 3632 UNS - ok
08:50:08.0075 3632 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
08:50:08.0075 3632 Updater Service - ok
08:50:08.0137 3632 UPDATESRV (059eac23109a381c4b18b7e2f02a0cf3) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
08:50:08.0137 3632 UPDATESRV - ok
08:50:08.0262 3632 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:50:08.0262 3632 upnphost - ok
08:50:08.0324 3632 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
08:50:08.0324 3632 usbaudio - ok
08:50:08.0355 3632 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
08:50:08.0355 3632 usbccgp - ok
08:50:08.0387 3632 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
08:50:08.0387 3632 usbcir - ok
08:50:08.0402 3632 usbehci (a5332c4a7481bd0aaae265af4e48aa3d) C:\Windows\system32\DRIVERS\usbehci.sys
08:50:08.0402 3632 usbehci - ok
08:50:08.0449 3632 usbhub (5f516ef569de3c64b62766374b452b36) C:\Windows\system32\DRIVERS\usbhub.sys
08:50:08.0449 3632 usbhub - ok
08:50:08.0480 3632 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
08:50:08.0480 3632 usbohci - ok
08:50:08.0511 3632 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:50:08.0511 3632 usbprint - ok
08:50:08.0527 3632 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:50:08.0527 3632 usbscan - ok
08:50:08.0558 3632 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:50:08.0558 3632 USBSTOR - ok
08:50:08.0574 3632 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
08:50:08.0574 3632 usbuhci - ok
08:50:08.0621 3632 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
08:50:08.0621 3632 usbvideo - ok
08:50:08.0652 3632 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:50:08.0652 3632 UxSms - ok
08:50:08.0699 3632 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
08:50:08.0714 3632 VaultSvc - ok
08:50:08.0745 3632 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
08:50:08.0745 3632 vdrvroot - ok
08:50:08.0792 3632 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
08:50:08.0808 3632 vds - ok
08:50:08.0823 3632 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:50:08.0823 3632 vga - ok
08:50:08.0839 3632 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:50:08.0839 3632 VgaSave - ok
08:50:08.0870 3632 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
08:50:08.0870 3632 vhdmp - ok
08:50:08.0886 3632 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
08:50:08.0886 3632 viaide - ok
08:50:08.0917 3632 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
08:50:08.0917 3632 volmgr - ok
08:50:08.0964 3632 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
08:50:08.0964 3632 volmgrx - ok
08:50:08.0995 3632 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
08:50:08.0995 3632 volsnap - ok
08:50:09.0042 3632 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:50:09.0042 3632 vsmraid - ok
08:50:09.0151 3632 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
08:50:09.0182 3632 VSS - ok
08:50:09.0401 3632 VSSERV (046441737f3f558e4a4c0311f6d7b6b7) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
08:50:09.0416 3632 VSSERV - ok
08:50:09.0541 3632 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:50:09.0541 3632 vwifibus - ok
08:50:09.0557 3632 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:50:09.0572 3632 vwififlt - ok
08:50:09.0619 3632 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:50:09.0635 3632 W32Time - ok
08:50:09.0666 3632 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:50:09.0666 3632 WacomPen - ok
08:50:09.0697 3632 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
08:50:09.0697 3632 WANARP - ok
08:50:09.0713 3632 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
08:50:09.0713 3632 Wanarpv6 - ok
08:50:09.0837 3632 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
08:50:09.0853 3632 WatAdminSvc - ok
08:50:09.0978 3632 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
08:50:10.0009 3632 wbengine - ok
08:50:10.0118 3632 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:50:10.0134 3632 WbioSrvc - ok
08:50:10.0165 3632 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
08:50:10.0181 3632 wcncsvc - ok
08:50:10.0196 3632 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:50:10.0196 3632 WcsPlugInService - ok
08:50:10.0243 3632 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:50:10.0243 3632 Wd - ok
08:50:10.0290 3632 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:50:10.0305 3632 Wdf01000 - ok
08:50:10.0321 3632 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:50:10.0321 3632 WdiServiceHost - ok
08:50:10.0337 3632 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:50:10.0337 3632 WdiSystemHost - ok
08:50:10.0368 3632 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
08:50:10.0383 3632 WebClient - ok
08:50:10.0415 3632 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:50:10.0415 3632 Wecsvc - ok
08:50:10.0446 3632 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:50:10.0446 3632 wercplsupport - ok
08:50:10.0477 3632 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:50:10.0477 3632 WerSvc - ok
08:50:10.0524 3632 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:50:10.0524 3632 WfpLwf - ok
08:50:10.0539 3632 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:50:10.0539 3632 WIMMount - ok
08:50:10.0555 3632 WinHttpAutoProxySvc - ok
08:50:10.0617 3632 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:50:10.0617 3632 Winmgmt - ok
08:50:10.0773 3632 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
08:50:10.0805 3632 WinRM - ok
08:50:10.0976 3632 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
08:50:10.0976 3632 WinUsb - ok
08:50:11.0054 3632 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:50:11.0054 3632 Wlansvc - ok
08:50:11.0101 3632 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:50:11.0101 3632 WmiAcpi - ok
08:50:11.0163 3632 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:50:11.0179 3632 wmiApSrv - ok
08:50:11.0210 3632 WMPNetworkSvc - ok
08:50:11.0241 3632 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:50:11.0241 3632 WPCSvc - ok
08:50:11.0257 3632 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
08:50:11.0273 3632 WPDBusEnum - ok
08:50:11.0304 3632 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:50:11.0304 3632 ws2ifsl - ok
08:50:11.0304 3632 WSearch - ok
08:50:11.0538 3632 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
08:50:11.0569 3632 wuauserv - ok
08:50:11.0678 3632 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
08:50:11.0694 3632 WudfPf - ok
08:50:11.0741 3632 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:50:11.0741 3632 WUDFRd - ok
08:50:11.0772 3632 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
08:50:11.0772 3632 wudfsvc - ok
08:50:11.0803 3632 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:50:11.0819 3632 WwanSvc - ok
08:50:11.0975 3632 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
08:50:11.0975 3632 YahooAUService - ok
08:50:12.0037 3632 ztemtusbser (706214ce01bb9a85e93c4e59636430f5) C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
08:50:12.0037 3632 ztemtusbser - ok
08:50:12.0099 3632 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
08:50:12.0318 3632 \Device\Harddisk0\DR0 - ok
08:50:12.0318 3632 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR2
08:50:12.0333 3632 \Device\Harddisk1\DR2 - ok
08:50:12.0333 3632 Boot (0x1200) (06e809aa79202677faa3854ff71925bc) \Device\Harddisk0\DR0\Partition0
08:50:12.0333 3632 \Device\Harddisk0\DR0\Partition0 - ok
08:50:12.0349 3632 Boot (0x1200) (6cb0fc8f4c402f17a102b1ec3e4c116e) \Device\Harddisk0\DR0\Partition1
08:50:12.0349 3632 \Device\Harddisk0\DR0\Partition1 - ok
08:50:12.0380 3632 Boot (0x1200) (f33a4a8eee801bc6de522e60f82aa1e4) \Device\Harddisk0\DR0\Partition2
08:50:12.0380 3632 \Device\Harddisk0\DR0\Partition2 - ok
08:50:12.0380 3632 Boot (0x1200) (76bbb0cdf4df41b3bcb9ccf0fd518679) \Device\Harddisk1\DR2\Partition0
08:50:12.0380 3632 \Device\Harddisk1\DR2\Partition0 - ok
08:50:12.0380 3632 ============================================================
08:50:12.0380 3632 Scan finished
08:50:12.0380 3632 ============================================================
08:50:12.0396 5004 Detected object count: 1
08:50:12.0396 5004 Actual detected object count: 1
08:50:34.0673 5004 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
08:50:34.0673 5004 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
 
Step 9: FixTDSS message upon restart:
No infections were found

------------------------------------------

Step 10: Combo Fix log:

ComboFix 12-06-28.03 - Vicky 06/30/2012 9:10.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3764.2457 [GMT -5:00]
Running from: c:\users\Vicky\Desktop\Malware Removal\10 Combo Fix\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1340791146.bdinstall.bin
c:\programdata\1340791644.3360.bin
c:\programdata\1340791644.3796.bin
c:\programdata\1340791644.4044.bin
c:\programdata\1340791644.4048.bin
c:\programdata\1340791644.4052.bin
c:\programdata\1340791644.4056.bin
c:\programdata\1340791644.4060.bin
c:\programdata\1340791644.4064.bin
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}\@
c:\windows\Installer\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}\L\00000004.@
c:\windows\Installer\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}\U\00000004.@
c:\windows\Installer\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}\U\000000cb.@
c:\windows\Installer\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}\U\80000032.@
c:\windows\Installer\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}\U\80000064.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))
.
.
2012-06-27 19:58 . 2012-06-27 19:58 -------- d-----w- c:\programdata\bdch
2012-06-27 18:26 . 2012-06-27 18:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-27 18:26 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-27 10:19 . 2012-06-27 12:12 -------- d-----w- c:\programdata\BDLogging
2012-06-27 10:18 . 2012-04-17 19:34 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2012-06-27 10:18 . 2011-11-17 22:38 79952 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2012-06-27 10:18 . 2011-11-15 01:16 90192 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2012-06-27 10:18 . 2009-07-14 21:21 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-06-27 10:18 . 2007-04-11 16:11 511328 ----a-w- c:\windows\capicom.dll
2012-06-27 10:18 . 2012-03-21 01:22 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-06-27 10:18 . 2012-02-17 21:45 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-06-27 10:18 . 2011-11-25 20:00 258736 ----a-w- c:\windows\system32\drivers\avchv.sys
2012-06-27 10:08 . 2012-06-27 12:13 -------- d-----w- c:\users\Vicky\AppData\Roaming\Bitdefender
2012-06-27 10:08 . 2012-06-27 10:19 -------- d-----w- c:\programdata\Bitdefender
2012-06-27 10:02 . 2012-06-27 10:02 -------- d-----w- c:\users\Vicky\AppData\Roaming\QuickScan
2012-06-27 09:59 . 2012-04-11 22:03 138232 ------w- c:\windows\system32\drivers\gzflt.sys
2012-06-27 09:59 . 2012-06-27 10:08 -------- d-----w- c:\program files\Bitdefender
2012-06-27 09:59 . 2012-04-24 20:28 329800 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-06-27 09:53 . 2012-06-27 09:53 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-06-27 09:48 . 2012-06-27 09:59 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-06-26 04:35 . 2012-06-26 04:35 -------- d-----w- c:\users\Vicky\AppData\Local\AskToolbar
2012-06-25 19:27 . 2012-06-25 19:27 -------- d-----w- c:\users\Vicky\AppData\Roaming\Malwarebytes
2012-06-25 19:26 . 2012-06-25 19:35 -------- d-----w- c:\programdata\Malwarebytes
2012-06-25 19:04 . 2012-06-25 19:04 -------- d-----w- c:\program files (x86)\Ask.com
2012-06-25 19:03 . 2012-06-27 09:48 -------- d-----w- c:\programdata\Avira
2012-06-25 17:13 . 2012-06-25 17:13 -------- d-----w- c:\program files (x86)\ESET
2012-06-21 03:54 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 03:54 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 03:54 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 03:54 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 03:54 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 03:54 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 03:54 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 03:53 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 03:53 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 04:39 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 04:39 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 04:39 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 04:12 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 04:12 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 04:12 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 04:11 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 04:11 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-07 10:39 . 2012-06-07 10:39 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 10:39 . 2012-06-07 10:39 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-29 1519312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-05-29 22:25 1519312 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-29 1519312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Vicky\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-17 39408]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"Search Protection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Akamai NetSession Interface"="c:\users\Vicky\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-05-29 1564880]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2011-5-18 704032]
AutoCAD Startup Accelerator.lnk - c:\program files (x86)\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 136176]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-10 40448]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-02-17 545064]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 79952]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 114304]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-23 1255736]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [2010-11-04 120704]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-03-21 691896]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2012-04-11 138232]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-15 90192]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-15 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2012-04-17 76944]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2012-06-25 63272]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 FortiSslvpnDaemon;FortiClient SSLVPN;c:\windows\SysWOW64\FortiSSLVPNdaemon.exe [2011-10-14 830056]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-06-25 95184]
S2 UDisk Monitor;UDisk Monitor;e:\software\Reliance Netconnect\Reliance Netconnect - Broadband+\Reliance Netconnect+\bin\MonServiceUDisk.exe [2011-02-22 405504]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-06-08 68416]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-11-25 258736]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-25 76912]
S3 pppop;PPPoP WAN Adapter;c:\windows\system32\DRIVERS\pppop64.sys [2009-07-21 42528]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 20:59]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 20:59]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040155730-1753831638-4115862423-1000Core.job
- c:\users\Vicky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-17 19:09]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040155730-1753831638-4115862423-1000UA.job
- c:\users\Vicky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-17 19:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-06-25 23:46 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-06-25 23:46 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-06-25 23:46 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-06-25 23:46 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-29 2120808]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-03-09 345648]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-06-25 1431600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\program files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\55lvdkhu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://in.search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7Bb813ae81-1677-4cea-b310-31d99a5794fd%7D&mid=7397f43dbb2047d1baf5f123cccfdd98-3c38dc26de3feaec7dc1e6fc615ccbfdab744fa7&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-25%2014%3A41%3A42&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb813ae81-1677-4cea-b310-31d99a5794fd%7D&mid=7397f43dbb2047d1baf5f123cccfdd98-3c38dc26de3feaec7dc1e6fc615ccbfdab744fa7&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2011-10-13%2010%3A38%3A35&sap=ku&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-mwlDaemon - c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2012-06-30 09:20:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-30 14:20
.
Pre-Run: 194,316,275,712 bytes free
Post-Run: 194,050,551,808 bytes free
.
- - End Of File - - C904CF3723FD25B56005ABD2792BADAE
 
Those are all the steps and logs I have for now. I would greatly appreciate help /assistance for the next steps. Thank you so much for your support!
 
I just saw the pinned thread where it was mentioned that I shouldn't follow solutions provided in other topics. I am so sorry! Somehow it completely escaped me! Can someone kindly help?
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==========================================

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Hi Broni,

Thank you for your quick response! I ran the FRST64 for my laptop. Please find the contents of the FRST.txt log below:

----------------
Scan result of Farbar Recovery Scan Tool Version: 30-06-2012 04
Ran by SYSTEM at 30-06-2012 14:41:14
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [x]
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-05-07] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-05-07] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [413208 2010-05-07] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2120808 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [345648 2010-03-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.)
HKLM\...\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1431600 2012-06-25] (Bitdefender)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253672 2011-01-07] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [111856 2009-02-23] (Yahoo! Inc)
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1564880 2012-05-29] (Ask)
HKU\Vicky\...\Run: [cdloader] "C:\Users\Vicky\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [50592 2012-02-01] (magicJack L.P.)
HKU\Vicky\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-05-17] (Google Inc.)
HKU\Vicky\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6276408 2011-08-21] (Yahoo! Inc.)
HKU\Vicky\...\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-23] (Yahoo! Inc)
HKU\Vicky\...\Run: [Akamai NetSession Interface] "C:\Users\Vicky\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
ShortcutTarget: AutoCAD Startup Accelerator.lnk -> C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)

==================== Services (Whitelisted) ======

2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll [3417376 2012-05-29] ()
3 Autodesk Licensing Service; "C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe" [77944 2011-05-17] (Autodesk)
2 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [63272 2012-06-25] (Bitdefender)
2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
2 FortiSslvpnDaemon; C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe [830056 2011-10-14] (Fortinet Inc.)
2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [255744 2010-06-28] (NewTech Infosystems, Inc.)
2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [95184 2012-06-25] (Bitdefender)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2010-03-03] (Intel Corporation)
2 UPDATESRV; "C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe" /service [68416 2012-06-07] (Bitdefender)
2 VSSERV; "C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe" /service [1566024 2012-06-25] (Bitdefender)
2 UDisk Monitor; C:\Software\Reliance Netconnect\Reliance Netconnect - Broadband+\Reliance Netconnect+\bin\MonServiceUDisk.exe [x]

========================== Drivers (Whitelisted) =============

0 avc3; C:\Windows\System32\Drivers\avc3.sys [691896 2012-03-20] (BitDefender)
3 avchv; C:\Windows\System32\Drivers\avchv.sys [258736 2011-11-25] (BitDefender)
3 avckf; C:\Windows\System32\Drivers\avckf.sys [545064 2012-02-17] (BitDefender)
1 BdfNdisf; \??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [90192 2011-11-14] (BitDefender LLC)
1 bdfwfpf; \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
3 BDSandBox; C:\Windows\System32\Drivers\BDSandBox.sys [79952 2011-11-17] (BitDefender SRL)
1 BDVEDISK; C:\Windows\System32\Drivers\BDVEDISK.sys [76944 2012-04-17] (BitDefender)
0 gzflt; C:\Windows\System32\Drivers\gzflt.sys [138232 2012-04-11] (BitDefender LLC)
3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2009-05-05] (NewTech Infosystems, Inc.)
3 pppop; C:\Windows\System32\DRIVERS\pppop64.sys [42528 2009-07-21] (Fortinet Inc.)
0 trufos; C:\Windows\System32\Drivers\trufos.sys [329800 2012-04-24] (BitDefender S.R.L.)
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [16896 2009-05-05] (NewTech Infosystems Corporation)
3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2010-11-04] (ZTEMT Incorporated)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-30 06:20 - 2012-06-30 06:20 - 00022878 ____A C:\ComboFix.txt
2012-06-30 06:09 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-30 06:09 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-30 06:09 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-30 06:09 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-30 06:09 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-30 06:09 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-30 06:09 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-30 06:09 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-30 06:01 - 2012-06-30 06:20 - 00000000 ____D C:\Qoobox
2012-06-30 06:00 - 2012-06-30 06:19 - 00000000 ____D C:\Windows\erdnt
2012-06-30 04:58 - 2012-06-30 05:42 - 00000000 ____D C:\Users\Vicky\Desktop\Malware Removal
2012-06-30 03:59 - 2012-06-30 04:01 - 16859064 ____A (Microsoft Corporation) C:\Users\Vicky\Downloads\Windows-KB890830-x64-V4.9.exe
2012-06-30 03:55 - 2012-06-03 20:35 - 56731752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-06-30 03:55 - 2012-06-03 20:28 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-30 03:54 - 2012-06-30 03:55 - 16208824 ____A (Microsoft Corporation) C:\Users\Vicky\Downloads\Windows-KB890830-V4.9.exe
2012-06-27 11:58 - 2012-06-27 11:58 - 00000000 ____D C:\Users\All Users\bdch
2012-06-27 10:26 - 2012-06-27 10:26 - 00001077 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-27 10:26 - 2012-06-27 10:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-27 10:26 - 2012-04-04 12:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-27 08:58 - 2012-06-27 21:21 - 00000376 ____A C:\Users\Vicky\AppData\Roamingprivacy.xml
2012-06-27 02:19 - 2012-06-27 04:12 - 00000000 ____D C:\Users\All Users\BDLogging
2012-06-27 02:19 - 2012-06-27 02:19 - 00002209 ____A C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2012-06-27 02:19 - 2012-06-27 02:19 - 00002090 ____A C:\Users\Public\Desktop\Bitdefender Total Security 2013.lnk
2012-06-27 02:19 - 2012-06-27 02:19 - 00000385 ____A C:\Windows\System32\user_gensett.xml
2012-06-27 02:19 - 2012-06-27 02:19 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf
2012-06-27 02:18 - 2012-04-17 11:34 - 00076944 ____A (BitDefender) C:\Windows\System32\Drivers\bdvedisk.sys
2012-06-27 02:18 - 2012-03-20 17:22 - 00691896 ____A (BitDefender) C:\Windows\System32\Drivers\avc3.sys
2012-06-27 02:18 - 2012-02-17 13:45 - 00545064 ____A (BitDefender) C:\Windows\System32\Drivers\avckf.sys
2012-06-27 02:18 - 2011-11-25 12:00 - 00258736 ____A (BitDefender) C:\Windows\System32\Drivers\avchv.sys
2012-06-27 02:18 - 2011-11-17 14:38 - 00079952 ____A (BitDefender SRL) C:\Windows\System32\Drivers\bdsandbox.sys
2012-06-27 02:18 - 2011-11-14 17:16 - 00090192 ____A (BitDefender LLC) C:\Windows\System32\Drivers\BdfNdisf6.sys
2012-06-27 02:18 - 2009-07-14 13:21 - 01721576 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
2012-06-27 02:18 - 2007-04-11 08:11 - 00511328 ____A (Microsoft Corporation) C:\Windows\capicom.dll
2012-06-27 02:08 - 2012-06-27 04:13 - 00000000 ____D C:\Users\Vicky\AppData\Roaming\Bitdefender
2012-06-27 02:08 - 2012-06-27 02:19 - 00000000 ____D C:\Users\All Users\Bitdefender
2012-06-27 02:05 - 2012-06-27 02:19 - 00253404 ____N C:\bdr-ld01
2012-06-27 02:02 - 2012-06-27 02:02 - 00000000 ____D C:\Users\Vicky\AppData\Roaming\QuickScan
2012-06-27 01:59 - 2012-06-27 02:08 - 00000000 ____D C:\Program Files\Bitdefender
2012-06-27 01:59 - 2012-04-24 12:28 - 00329800 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
2012-06-27 01:59 - 2012-04-11 14:03 - 00138232 ____N (BitDefender LLC) C:\Windows\System32\Drivers\gzflt.sys
2012-06-27 01:53 - 2012-06-27 01:53 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-06-27 01:48 - 2012-06-27 01:59 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2012-06-27 01:39 - 2012-06-27 01:39 - 00001182 ____A C:\Users\Vicky\Desktop\mbam - Shortcut.lnk
2012-06-25 20:35 - 2012-06-25 20:35 - 00000000 ____D C:\Users\Vicky\AppData\Local\AskToolbar
2012-06-25 11:27 - 2012-06-25 11:27 - 00000000 ____D C:\Users\Vicky\AppData\Roaming\Malwarebytes
2012-06-25 11:26 - 2012-06-25 11:35 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-25 11:24 - 2012-06-25 11:25 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Vicky\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-25 11:04 - 2012-06-25 11:04 - 00000000 ____D C:\Program Files (x86)\Ask.com
2012-06-25 11:03 - 2012-06-27 01:48 - 00000000 ____D C:\Users\All Users\Avira
2012-06-25 09:13 - 2012-06-25 09:13 - 00000000 ____D C:\Program Files (x86)\ESET
2012-06-20 19:54 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-20 19:54 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-20 19:54 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-20 19:54 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-20 19:54 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-20 19:54 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-20 19:54 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-20 19:53 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-20 19:53 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-14 09:27 - 2012-05-14 19:56 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 09:27 - 2012-05-14 19:52 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 09:27 - 2012-05-14 19:08 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-14 09:27 - 2012-05-14 19:06 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-14 09:27 - 2012-04-19 22:25 - 01501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 09:27 - 2012-04-19 22:25 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 09:27 - 2012-04-19 22:23 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-06-14 09:27 - 2012-04-19 22:22 - 09373696 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 09:27 - 2012-04-19 22:22 - 00736256 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-14 09:27 - 2012-04-19 22:22 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 09:27 - 2012-04-19 22:22 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-06-14 09:27 - 2012-04-19 22:22 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-06-14 09:27 - 2012-04-19 22:21 - 12405760 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 09:27 - 2012-04-19 22:21 - 02458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 09:27 - 2012-04-19 22:21 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-06-14 09:27 - 2012-04-19 22:21 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-06-14 09:27 - 2012-04-19 22:21 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 09:27 - 2012-04-19 22:18 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-06-14 09:27 - 2012-04-19 21:07 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-14 09:27 - 2012-04-19 21:07 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-14 09:27 - 2012-04-19 21:06 - 06028288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-14 09:27 - 2012-04-19 21:06 - 00627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-14 09:27 - 2012-04-19 21:06 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-06-14 09:27 - 2012-04-19 21:06 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-14 09:27 - 2012-04-19 21:06 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-06-14 09:27 - 2012-04-19 21:05 - 11019776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-14 09:27 - 2012-04-19 21:05 - 02072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-14 09:27 - 2012-04-19 21:05 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-06-14 09:27 - 2012-04-19 21:05 - 00185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-06-14 09:27 - 2012-04-19 21:05 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-14 09:27 - 2012-04-19 21:05 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-06-14 09:27 - 2012-04-19 21:03 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-06-14 09:27 - 2012-04-19 21:00 - 00482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-06-14 09:27 - 2012-04-19 20:15 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 09:27 - 2012-04-19 19:58 - 00386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-06-14 09:27 - 2012-04-19 19:24 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-12 20:39 - 2012-05-04 02:52 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-12 20:39 - 2012-05-04 02:08 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-12 20:39 - 2012-05-04 02:08 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-12 20:12 - 2012-04-25 21:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-12 20:12 - 2012-04-25 21:34 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-12 20:12 - 2012-04-25 21:28 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-12 20:11 - 2012-05-14 17:32 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 20:11 - 2012-04-27 19:50 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys


============ 3 Months Modified Files ========================

2012-06-30 11:37 - 2011-05-17 22:25 - 01892822 ____A C:\Windows\WindowsUpdate.log
2012-06-30 10:50 - 2011-05-17 12:59 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-30 10:44 - 2011-07-17 07:02 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040155730-1753831638-4115862423-1000UA.job
2012-06-30 09:30 - 2009-07-13 20:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-30 09:30 - 2009-07-13 20:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-30 09:23 - 2011-05-17 12:59 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-30 09:23 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-30 09:23 - 2009-07-13 20:51 - 00121865 ____A C:\Windows\setupact.log
2012-06-30 06:20 - 2012-06-30 06:20 - 00022878 ____A C:\ComboFix.txt
2012-06-30 06:16 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-06-30 06:15 - 2011-05-17 22:20 - 00118034 ____A C:\Windows\PFRO.log
2012-06-30 04:01 - 2012-06-30 03:59 - 16859064 ____A (Microsoft Corporation) C:\Users\Vicky\Downloads\Windows-KB890830-x64-V4.9.exe
2012-06-30 03:55 - 2012-06-30 03:54 - 16208824 ____A (Microsoft Corporation) C:\Users\Vicky\Downloads\Windows-KB890830-V4.9.exe
2012-06-27 21:21 - 2012-06-27 08:58 - 00000376 ____A C:\Users\Vicky\AppData\Roamingprivacy.xml
2012-06-27 11:45 - 2009-07-13 21:13 - 00713888 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-27 10:26 - 2012-06-27 10:26 - 00001077 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-27 02:19 - 2012-06-27 02:19 - 00002209 ____A C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2012-06-27 02:19 - 2012-06-27 02:19 - 00002090 ____A C:\Users\Public\Desktop\Bitdefender Total Security 2013.lnk
2012-06-27 02:19 - 2012-06-27 02:19 - 00000385 ____A C:\Windows\System32\user_gensett.xml
2012-06-27 02:19 - 2012-06-27 02:19 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf
2012-06-27 02:19 - 2012-06-27 02:05 - 00253404 ____N C:\bdr-ld01
2012-06-27 01:39 - 2012-06-27 01:39 - 00001182 ____A C:\Users\Vicky\Desktop\mbam - Shortcut.lnk
2012-06-26 07:44 - 2011-07-17 07:02 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040155730-1753831638-4115862423-1000Core.job
2012-06-25 11:25 - 2012-06-25 11:24 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Vicky\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-15 11:03 - 2011-05-23 01:21 - 00000997 ____A C:\Users\Vicky\Desktop\magicJack.lnk
2012-06-14 10:11 - 2011-05-24 09:53 - 00025257 ____A C:\Users\Vicky\Documents\plot.log
2012-06-13 19:04 - 2009-07-13 20:45 - 00489672 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-03 20:35 - 2012-06-30 03:55 - 56731752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-06-03 20:28 - 2012-06-30 03:55 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-02 14:19 - 2012-06-20 19:54 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-20 19:54 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-20 19:54 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-20 19:54 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-20 19:54 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-20 19:54 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-20 19:54 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-20 19:53 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-20 19:53 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-24 04:46 - 2011-08-19 13:45 - 00000801 ____A C:\Users\Vicky\Desktop\Citi.txt
2012-05-17 21:54 - 2012-05-17 21:54 - 00206876 ____A C:\Users\Vicky\Downloads\history_stock_sample.zip
2012-05-17 21:53 - 2012-05-17 21:53 - 00379320 ____A C:\Users\Vicky\Downloads\daily_stock_sample1.zip
2012-05-15 11:29 - 2012-05-15 11:29 - 00000174 ____A C:\Users\Vicky\Desktop\rubixcc.txt
2012-05-14 19:56 - 2012-06-14 09:27 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:52 - 2012-06-14 09:27 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:08 - 2012-06-14 09:27 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:06 - 2012-06-14 09:27 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-14 17:32 - 2012-06-12 20:11 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 02:05 - 2012-05-14 02:04 - 00042512 ____A C:\Windows\SslvpnInstall.log
2012-05-07 12:12 - 2012-05-07 12:12 - 00000637 ____A C:\Users\Vicky\Desktop\Furniture.txt
2012-05-04 02:52 - 2012-06-12 20:39 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:08 - 2012-06-12 20:39 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:08 - 2012-06-12 20:39 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-27 19:50 - 2012-06-12 20:11 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:34 - 2012-06-12 20:12 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:34 - 2012-06-12 20:12 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:28 - 2012-06-12 20:12 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 12:28 - 2012-06-27 01:59 - 00329800 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
2012-04-19 22:25 - 2012-06-14 09:27 - 01501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-19 22:25 - 2012-06-14 09:27 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-19 22:23 - 2012-06-14 09:27 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-04-19 22:22 - 2012-06-14 09:27 - 09373696 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-19 22:22 - 2012-06-14 09:27 - 00736256 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-19 22:22 - 2012-06-14 09:27 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-19 22:22 - 2012-06-14 09:27 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-19 22:22 - 2012-06-14 09:27 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-19 22:21 - 2012-06-14 09:27 - 12405760 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-19 22:21 - 2012-06-14 09:27 - 02458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-19 22:21 - 2012-06-14 09:27 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-19 22:21 - 2012-06-14 09:27 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-19 22:21 - 2012-06-14 09:27 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-19 22:18 - 2012-06-14 09:27 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-19 21:07 - 2012-06-14 09:27 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-19 21:07 - 2012-06-14 09:27 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-19 21:06 - 2012-06-14 09:27 - 06028288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-19 21:06 - 2012-06-14 09:27 - 00627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-19 21:06 - 2012-06-14 09:27 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-04-19 21:06 - 2012-06-14 09:27 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-19 21:06 - 2012-06-14 09:27 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-19 21:05 - 2012-06-14 09:27 - 11019776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-19 21:05 - 2012-06-14 09:27 - 02072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-19 21:05 - 2012-06-14 09:27 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-19 21:05 - 2012-06-14 09:27 - 00185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-19 21:05 - 2012-06-14 09:27 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-19 21:05 - 2012-06-14 09:27 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-19 21:03 - 2012-06-14 09:27 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-19 21:00 - 2012-06-14 09:27 - 00482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-19 20:15 - 2012-06-14 09:27 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-19 19:58 - 2012-06-14 09:27 - 00386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-19 19:24 - 2012-06-14 09:27 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-17 11:34 - 2012-06-27 02:18 - 00076944 ____A (BitDefender) C:\Windows\System32\Drivers\bdvedisk.sys
2012-04-14 08:34 - 2009-07-13 21:08 - 00032544 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-11 14:03 - 2012-06-27 01:59 - 00138232 ____N (BitDefender LLC) C:\Windows\System32\Drivers\gzflt.sys
2012-04-04 12:56 - 2012-06-27 10:26 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys


ZeroAccess:
C:\Windows\Installer\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}
C:\Windows\Installer\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}\L
C:\Windows\Installer\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}\U

ZeroAccess:
C:\Users\Vicky\AppData\Local\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}
C:\Users\Vicky\AppData\Local\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}\@
C:\Users\Vicky\AppData\Local\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}\L
C:\Users\Vicky\AppData\Local\{57a59208-ae84-b4c2-f5e6-93faad87ae6c}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3764.5 MB
Available physical RAM: 3056.89 MB
Total Pagefile: 3762.65 MB
Available Pagefile: 3046.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (ACER) (Fixed) (Total:229.53 GB) (Free:180.52 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:223.43 GB) (Free:173.78 GB) NTFS
3 Drive f: (PQSERVICE) (Fixed) (Total:12.7 GB) (Free:0.99 GB) NTFS
4 Drive g: (Transcend) (Removable) (Total:1.88 GB) (Free:1.14 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 1928 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 12 GB 1024 KB
Partition 2 Primary 100 MB 12 GB
Partition 3 Primary 229 GB 12 GB
Partition 0 Extended 223 GB 242 GB
Partition 4 Logical 223 GB 242 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F PQSERVICE NTFS Partition 12 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y SYSTEM RESE NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C ACER NTFS Partition 229 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Data NTFS Partition 223 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1924 MB 4096 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G Transcend FAT32 Removable 1924 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-06-27 22:39

======================= End Of Log ==========================
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    198 bytes · Views: 2
Hi Broni,

Here are the results after running FIX (with fixlist.txt), and then downloading the combofix , and running it from the desktop of the infected comp:

--------
Fix log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 30-06-2012 04
Ran by SYSTEM at 2012-06-30 15:02:33 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll not found.
C:\Windows\Installer\{57a59208-ae84-b4c2-f5e6-93faad87ae6c} moved successfully.
C:\Users\Vicky\AppData\Local\{57a59208-ae84-b4c2-f5e6-93faad87ae6c} moved successfully.

==== End of Fixlog ====
--------------------------------------------------------------------------------------------------------------

Combofix log results:

ComboFix 12-06-30.01 - Vicky 06/30/2012 15:06:33.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3764.2455 [GMT -5:00]
Running from: c:\users\Vicky\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Outdated* {98CD50CE-5097-4098-9669-6C401FB3969C}
FW: Bitdefender Firewall *Disabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
SP: Bitdefender Antispyware *Disabled/Outdated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))
.
.
2012-06-30 22:41 . 2012-06-30 22:41 -------- d-----w- C:\FRST
2012-06-30 20:11 . 2012-06-30 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-27 19:58 . 2012-06-27 19:58 -------- d-----w- c:\programdata\bdch
2012-06-27 18:26 . 2012-06-27 18:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-27 18:26 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-27 10:19 . 2012-06-27 12:12 -------- d-----w- c:\programdata\BDLogging
2012-06-27 10:18 . 2012-04-17 19:34 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2012-06-27 10:18 . 2011-11-17 22:38 79952 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2012-06-27 10:18 . 2011-11-15 01:16 90192 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2012-06-27 10:18 . 2009-07-14 21:21 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-06-27 10:18 . 2007-04-11 16:11 511328 ----a-w- c:\windows\capicom.dll
2012-06-27 10:18 . 2012-03-21 01:22 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-06-27 10:18 . 2012-02-17 21:45 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-06-27 10:18 . 2011-11-25 20:00 258736 ----a-w- c:\windows\system32\drivers\avchv.sys
2012-06-27 10:08 . 2012-06-27 12:13 -------- d-----w- c:\users\Vicky\AppData\Roaming\Bitdefender
2012-06-27 10:08 . 2012-06-27 10:19 -------- d-----w- c:\programdata\Bitdefender
2012-06-27 10:02 . 2012-06-27 10:02 -------- d-----w- c:\users\Vicky\AppData\Roaming\QuickScan
2012-06-27 09:59 . 2012-04-11 22:03 138232 ------w- c:\windows\system32\drivers\gzflt.sys
2012-06-27 09:59 . 2012-06-27 10:08 -------- d-----w- c:\program files\Bitdefender
2012-06-27 09:59 . 2012-04-24 20:28 329800 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-06-27 09:53 . 2012-06-27 09:53 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-06-27 09:48 . 2012-06-27 09:59 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-06-26 04:35 . 2012-06-26 04:35 -------- d-----w- c:\users\Vicky\AppData\Local\AskToolbar
2012-06-25 19:27 . 2012-06-25 19:27 -------- d-----w- c:\users\Vicky\AppData\Roaming\Malwarebytes
2012-06-25 19:26 . 2012-06-25 19:35 -------- d-----w- c:\programdata\Malwarebytes
2012-06-25 19:04 . 2012-06-25 19:04 -------- d-----w- c:\program files (x86)\Ask.com
2012-06-25 19:03 . 2012-06-27 09:48 -------- d-----w- c:\programdata\Avira
2012-06-25 17:13 . 2012-06-25 17:13 -------- d-----w- c:\program files (x86)\ESET
2012-06-21 03:54 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 03:54 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 03:54 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 03:54 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 03:54 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 03:54 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 03:54 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 03:53 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 03:53 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 04:39 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 04:39 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 04:39 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 04:12 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 04:12 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 04:12 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 04:11 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 04:11 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-07 10:39 . 2012-06-07 10:39 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 10:39 . 2012-06-07 10:39 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-30_14.16.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-11 02:59 . 2012-06-30 19:45 65540 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-30 20:05 41074 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-17 15:11 . 2012-06-30 20:05 19026 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2040155730-1753831638-4115862423-1000_UserData.bin
+ 2011-05-18 06:50 . 2012-06-30 20:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-18 06:50 . 2012-06-30 14:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-18 06:50 . 2012-06-30 14:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-18 06:50 . 2012-06-30 20:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-30 20:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-30 14:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-17 14:56 . 2012-06-30 20:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-17 14:56 . 2012-06-30 14:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-17 14:56 . 2012-06-30 14:05 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-17 14:56 . 2012-06-30 20:05 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-17 14:56 . 2012-06-30 14:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-17 14:56 . 2012-06-30 20:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-17 17:08 . 2012-06-30 20:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-17 17:08 . 2012-06-30 14:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-17 17:08 . 2012-06-30 14:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-17 17:08 . 2012-06-30 20:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-06-30 14:16 . 2012-06-30 14:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-30 20:00 . 2012-06-30 20:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-30 20:00 . 2012-06-30 20:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-30 14:16 . 2012-06-30 14:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-17 17:08 . 2012-06-30 15:19 333272 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2011-05-17 17:08 . 2012-06-28 18:25 333272 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2012-06-30 12:59 451964 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-30 19:37 451964 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2012-06-30 13:13 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-06-30 17:37 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-29 1519312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-05-29 22:25 1519312 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-29 1519312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Vicky\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-17 39408]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"Search Protection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Akamai NetSession Interface"="c:\users\Vicky\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-05-29 1564880]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2011-5-18 704032]
AutoCAD Startup Accelerator.lnk - c:\program files (x86)\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 136176]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-10 40448]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-02-17 545064]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 79952]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 114304]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-23 1255736]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [2010-11-04 120704]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-03-21 691896]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2012-04-11 138232]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-15 90192]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-15 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2012-04-17 76944]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2012-06-25 63272]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 FortiSslvpnDaemon;FortiClient SSLVPN;c:\windows\SysWOW64\FortiSSLVPNdaemon.exe [2011-10-14 830056]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-06-25 95184]
S2 UDisk Monitor;UDisk Monitor;e:\software\Reliance Netconnect\Reliance Netconnect - Broadband+\Reliance Netconnect+\bin\MonServiceUDisk.exe [2011-02-22 405504]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-06-08 68416]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-11-25 258736]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-25 76912]
S3 pppop;PPPoP WAN Adapter;c:\windows\system32\DRIVERS\pppop64.sys [2009-07-21 42528]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 20:59]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 20:59]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040155730-1753831638-4115862423-1000Core.job
- c:\users\Vicky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-17 19:09]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040155730-1753831638-4115862423-1000UA.job
- c:\users\Vicky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-17 19:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-06-25 23:46 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-06-25 23:46 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-06-25 23:46 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-06-25 23:46 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-07-29 2120808]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-03-09 345648]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-06-25 1431600]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\program files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\55lvdkhu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://in.search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7Bb813ae81-1677-4cea-b310-31d99a5794fd%7D&mid=7397f43dbb2047d1baf5f123cccfdd98-3c38dc26de3feaec7dc1e6fc615ccbfdab744fa7&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-25%2014%3A41%3A42&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb813ae81-1677-4cea-b310-31d99a5794fd%7D&mid=7397f43dbb2047d1baf5f123cccfdd98-3c38dc26de3feaec7dc1e6fc615ccbfdab744fa7&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2011-10-13%2010%3A38%3A35&sap=ku&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-30 15:13:13
ComboFix-quarantined-files.txt 2012-06-30 20:13
ComboFix2.txt 2012-06-30 14:20
.
Pre-Run: 193,786,318,848 bytes free
Post-Run: 193,492,127,744 bytes free
.
- - End Of File - - 6765C72CE92D0ACE28CE44E6FE335BA5
 
Looks good :)

Any current issues?

==============================================

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Hi Broni,

After the combofix was run, my BitDefender has not warn me about the virus (unlike the situation for the last 3 days!). Thus, no current issues being faced, but just tonnes of paranoia about if the system is truly clean! Here are the results you asked for:

OTL.txt results:

OTL logfile created on: 6/30/2012 3:26:43 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Vicky\Desktop\Malware Removal\13 OTL
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 64.09% Memory free
7.35 Gb Paging File | 5.85 Gb Available in Paging File | 79.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 229.53 Gb Total Space | 180.28 Gb Free Space | 78.54% Space Free | Partition Type: NTFS
Drive E: | 223.43 Gb Total Space | 173.78 Gb Free Space | 77.78% Space Free | Partition Type: NTFS
Drive F: | 1.88 Gb Total Space | 1.14 Gb Free Space | 60.57% Space Free | Partition Type: FAT32

Computer Name: VICKY-ACER | User Name: Vicky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/01 01:53:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky\Desktop\Malware Removal\13 OTL\OTL.exe
PRC - [2012/05/29 17:25:52 | 001,564,880 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/10/14 15:33:06 | 000,830,056 | ---- | M] (Fortinet Inc.) -- C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
PRC - [2010/06/28 17:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/06/28 17:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/04/12 03:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2010/03/03 16:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 16:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/02/23 08:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2010/06/28 17:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/25 18:45:56 | 000,095,184 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox)
SRV:64bit: - [2012/06/25 18:21:10 | 001,566,024 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV)
SRV:64bit: - [2012/06/25 16:19:11 | 000,063,272 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental)
SRV:64bit: - [2012/06/07 21:48:48 | 000,068,416 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2010/06/11 16:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/18 15:56:23 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/30 00:51:31 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2011/10/14 15:33:06 | 000,830,056 | ---- | M] (Fortinet Inc.) [Auto | Running] -- C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe -- (FortiSslvpnDaemon)
SRV - [2011/05/17 11:53:13 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/06/28 17:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/03 16:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/03 16:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/24 15:28:33 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2012/04/17 14:34:26 | 000,076,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK)
DRV:64bit: - [2012/04/11 17:03:18 | 000,138,232 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\gzflt.sys -- (gzflt)
DRV:64bit: - [2012/03/20 20:22:46 | 000,691,896 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/17 16:45:56 | 000,545,064 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2011/11/25 15:00:36 | 000,258,736 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2011/11/17 17:38:33 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (BDSandBox)
DRV:64bit: - [2011/11/14 20:16:40 | 000,090,192 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2011/11/14 20:16:37 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2010/11/04 10:15:54 | 000,120,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV:64bit: - [2010/08/24 20:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/06/10 15:57:20 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010/05/11 21:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/21 14:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/12 03:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/03 21:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/27 00:21:26 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/02/26 19:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 09:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/10/12 15:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/21 17:53:06 | 000,042,528 | ---- | M] (Fortinet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pppop64.sys -- (pppop)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 18:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 18:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 0E 1B EE 27 8F CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{28AF32F9-E119-4088-BEDB-10AE874FBB8C}: "URL" = http://in.search.yahoo.com/search?p={searchTerms}&fr=chr-spt_gen
IE - HKCU\..\SearchScopes\{5C3A3C63-9DCC-4759-8955-374A680D720E}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=0C75DC63-03C5-4510-A593-F05D33FFE86F
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co.in/search?q={s...={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_en
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...bfdab744fa7&lang=en&ds=AVG&pr=fr&d=2012-06-25 14:41:42&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://in.search.yahoo.com/search?p={searchTerms}&fr=mkg028
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://in.search.yahoo.com/search?fr=mkg030&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-spt_gen"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-spt_gen"
FF - prefs.js..browser.search.param.yahoo-type: ""
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://isearch.avg.com?cid={b813ae8....7&lang=en&pr=fr&d=2012-06-25 14:41:42&sap=hp"
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid={...lang=en&pr=fr&d=2011-10-13 10:38:35&sap=ku&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@FortinetCacheClean: C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll (Fortinet Inc.)
FF - HKLM\Software\MozillaPlugins\@FortinetTunnelControl: C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll (Fortinet Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Users\Vicky\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Users\Vicky\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Vicky\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Vicky\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vicky\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vicky\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2012/06/26 02:27:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/18 15:56:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/02 14:18:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2012/06/26 02:27:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/18 15:56:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/02 14:18:48 | 000,000,000 | ---D | M]

[2011/10/27 11:17:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Extensions
[2011/10/27 11:17:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Extensions\pencil@evolus.vn
[2012/06/25 14:04:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\55lvdkhu.default\extensions
[2012/05/18 19:36:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\55lvdkhu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/25 14:04:21 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\55lvdkhu.default\extensions\toolbar@ask.com
[2012/06/25 14:04:21 | 000,002,344 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\55lvdkhu.default\searchplugins\askcom.xml
[2012/01/13 18:10:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/08 12:18:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/18 15:56:23 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/26 02:43:21 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/03/10 12:14:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/10 12:14:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/30 09:16:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Vicky\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [cdloader] C:\Users\Vicky\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll (Bitdefender)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C5B5A8C-39D7-4B92-9C60-98F9F9A6096C}: DhcpNameServer = 125.22.47.125 202.56.250.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A190CD07-791F-4105-9A01-42626AC9A757}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/28 12:46:42 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
OTL.txt - Continued ( There is going to be 1 more part):

========== Files/Folders - Created Within 30 Days ==========

[2012/06/30 17:41:02 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/30 15:04:21 | 004,567,958 | R--- | C] (Swearware) -- C:\Users\Vicky\Desktop\ComboFix.exe
[2012/06/30 09:09:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/30 09:09:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/30 09:09:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/30 09:01:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/30 09:00:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/30 07:58:08 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Desktop\Malware Removal
[2012/06/27 14:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch
[2012/06/27 13:26:34 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/27 13:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/27 05:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2013
[2012/06/27 05:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2012/06/27 05:18:47 | 000,076,944 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdvedisk.sys
[2012/06/27 05:18:19 | 000,090,192 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\BdfNdisf6.sys
[2012/06/27 05:18:19 | 000,079,952 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys
[2012/06/27 05:18:14 | 000,691,896 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2012/06/27 05:18:14 | 000,545,064 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
[2012/06/27 05:18:14 | 000,258,736 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2012/06/27 05:08:14 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Bitdefender
[2012/06/27 05:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2012/06/27 05:02:40 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\QuickScan
[2012/06/27 04:59:27 | 000,138,232 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\gzflt.sys
[2012/06/27 04:59:25 | 000,329,800 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2012/06/27 04:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2012/06/27 04:53:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/06/27 04:48:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012/06/25 23:35:06 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\AskToolbar
[2012/06/25 14:27:06 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Malwarebytes
[2012/06/25 14:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/25 14:04:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012/06/25 14:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/06/25 12:13:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

========== Files - Modified Within 30 Days ==========

[2012/07/01 01:27:46 | 004,567,958 | R--- | M] (Swearware) -- C:\Users\Vicky\Desktop\ComboFix.exe
[2012/06/30 15:10:44 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 15:10:44 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 15:03:49 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/30 15:03:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/30 15:03:03 | 2960,523,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/30 14:50:10 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/30 14:44:32 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2040155730-1753831638-4115862423-1000UA.job
[2012/06/30 09:16:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/27 14:45:22 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/27 14:45:22 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/27 14:45:22 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/27 13:26:35 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/27 05:19:57 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2012/06/27 05:19:27 | 000,253,404 | ---- | M] () -- C:\bdr-ld01
[2012/06/27 05:19:16 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2012/06/27 05:19:16 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2013.lnk
[2012/06/27 05:19:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/06/27 04:53:38 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/06/27 04:39:31 | 000,001,182 | ---- | M] () -- C:\Users\Vicky\Desktop\mbam - Shortcut.lnk
[2012/06/26 10:44:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2040155730-1753831638-4115862423-1000Core.job
[2012/06/15 14:03:17 | 000,000,997 | ---- | M] () -- C:\Users\Vicky\Desktop\magicJack.lnk
[2012/06/13 22:04:49 | 000,489,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/06/30 09:09:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/30 09:09:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/30 09:09:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/30 09:09:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/30 09:09:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/27 13:26:35 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/27 05:19:57 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2012/06/27 05:19:16 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk
[2012/06/27 05:19:16 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2013.lnk
[2012/06/27 05:19:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/06/27 05:05:29 | 000,253,404 | ---- | C] () -- C:\bdr-ld01
[2012/06/27 04:53:38 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/06/27 04:39:31 | 000,001,182 | ---- | C] () -- C:\Users\Vicky\Desktop\mbam - Shortcut.lnk
[2012/03/01 01:27:28 | 000,005,013 | ---- | C] () -- C:\Users\Vicky\.recently-used.xbel
[2011/07/02 04:07:59 | 000,000,000 | ---- | C] () -- C:\Users\Vicky\AppData\Local\{750369B2-C045-4B80-88A3-5905902716D8}
[2011/05/18 02:14:26 | 000,000,267 | ---- | C] () -- C:\Windows\LaunApp.ini
[2011/05/18 02:04:19 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/05/18 02:04:19 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/05/18 02:04:19 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/05/18 02:04:19 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/05/18 02:04:19 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/05/18 02:03:53 | 000,001,758 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2011/05/17 16:01:29 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/10 22:37:14 | 000,000,325 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2010/09/10 22:37:14 | 000,000,271 | ---- | C] () -- C:\Windows\WisPriority.ini
[2010/09/10 22:37:14 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini

========== LOP Check ==========

[2012/06/13 22:17:33 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Audacity
[2011/09/19 14:47:33 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Autodesk
[2012/06/27 07:13:29 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Bitdefender
[2011/06/29 14:26:14 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Downloaded Installations
[2012/06/25 08:35:00 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\FileZilla
[2011/07/14 06:57:32 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\GetRightToGo
[2012/02/28 13:53:44 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\gtk-2.0
[2012/06/15 14:03:18 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\mjusbsp
[2011/10/27 11:17:13 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Pencil
[2012/06/27 05:02:40 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\QuickScan
[2012/01/31 09:53:53 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Software Informer
[2011/09/13 14:05:11 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\SpiderOak
[2011/09/07 17:15:10 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\uTorrent
[2012/05/31 01:25:21 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\ZTEEVDO
[2012/04/14 11:34:17 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/06/30 15:00:40 | 000,012,633 | ---- | M] () -- C:\bdlog.txt
[2012/06/27 05:19:27 | 000,253,404 | ---- | M] () -- C:\bdr-ld01
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/07/27 15:40:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/06/30 15:13:14 | 000,025,704 | ---- | M] () -- C:\ComboFix.txt
[2011/07/14 02:45:31 | 000,000,000 | ---- | M] () -- C:\error.txt
[2012/06/30 15:03:03 | 2960,523,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/30 15:03:03 | 3947,364,352 | -HS- | M] () -- C:\pagefile.sys
[2010/12/22 05:10:45 | 000,001,406 | ---- | M] () -- C:\Patch.rev
[2011/05/17 23:53:31 | 000,000,217 | ---- | M] () -- C:\Preload.rev
[2011/05/18 01:25:55 | 000,002,142 | ---- | M] () -- C:\RHDSetup.log
[2012/06/30 08:51:39 | 000,127,338 | ---- | M] () -- C:\TDSSKiller.2.7.43.0_30.06.2012_08.49.35_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 02:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/05/17 09:56:26 | 000,000,221 | -HS- | M] () -- C:\Users\Vicky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/07/01 01:27:46 | 004,567,958 | R--- | M] (Swearware) -- C:\Users\Vicky\Desktop\ComboFix.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/30 15:03:49 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/30 14:50:10 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/26 10:44:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2040155730-1753831638-4115862423-1000Core.job
[2012/06/30 14:44:32 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2040155730-1753831638-4115862423-1000UA.job
[2012/06/30 15:03:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/04/14 11:34:17 | 000,032,576 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/05/18 01:25:14 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/05/18 01:25:15 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/05/18 01:21:38 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/05/18 01:21:38 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/05/18 01:25:15 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/05/17 09:55:30 | 000,000,402 | -HS- | M] () -- C:\Users\Vicky\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/05/18 01:33:18 | 000,015,841 | ---- | M] () -- C:\ProgramData\ArcadeDeluxe4.log
[2011/05/17 10:04:32 | 000,000,090 | ---- | M] () -- C:\ProgramData\PS.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

< End of report >
 
The above concludes the result of the OTL.txt log. Here are the results of Extra.txt:

OTL Extras logfile created on: 6/30/2012 3:26:43 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Vicky\Desktop\Malware Removal\13 OTL
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 64.09% Memory free
7.35 Gb Paging File | 5.85 Gb Available in Paging File | 79.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 229.53 Gb Total Space | 180.28 Gb Free Space | 78.54% Space Free | Partition Type: NTFS
Drive E: | 223.43 Gb Total Space | 173.78 Gb Free Space | 77.78% Space Free | Partition Type: NTFS
Drive F: | 1.88 Gb Total Space | 1.14 Gb Free Space | 60.57% Space Free | Partition Type: FAT32

Computer Name: VICKY-ACER | User Name: Vicky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{3FE0B916-FE9D-42A4-8651-391537F99217}" = Lexicon Lambda Driver
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{EF48631A-7F45-430A-8AD3-B41CFB1D7596}" = HP Deskjet 2050 J510 series Product Improvement Study
"{F2C07BE3-0F88-4D0C-957B-3557699981E9}" = HP Deskjet 2050 J510 series Basic Device Software
"Bitdefender" = Bitdefender Total Security 2013
"CutePDF Writer Installation" = CutePDF Writer 2.8
"WinRAR archiver" = WinRAR 4.01 beta 1 (64-bit)
"ZTEWireless-101_is1" = Reliance Netconnect+

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2F9D6E60-CCDA-4761-A947-74AB500CFB0D}" = Sensible Soccer 2006 Demo
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{336C4194-47FA-40A8-8D65-21000CA5186E}" = Pro Evolution Soccer 2011 DEMO
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CD9CD94-76CC-4524-8617-DEB9C2D7C389}" = FIFA 10 - Demo
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A34DCE59-0004-0000-2148-3F8A9926B752}" = FortiClient SSLVPN v4.0.2148
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{D95CD7BE-A894-4F6C-B9DF-578C3CB411D4}" = VLC
"{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AISIWIN-CLARK8_is1" = AISIWIN - Clark Western 8.04
"Akamai" = Akamai NetSession Interface Service
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.5.1
"Huawei Access Manager" = Huawei Access Manager
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"Lexicon Lambda Driver" = Lexicon Lambda Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Pencil" = Pencil
"PowerISO" = PowerISO
"SpiderOak" = SpiderOak
"Tata Photon+" = Tata Photon+
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.1.5
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Akamai" = Akamai NetSession Interface
"magicJack" = magicJack

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/30/2012 7:39:17 AM | Computer Name = Vicky-Acer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/30/2012 7:39:17 AM | Computer Name = Vicky-Acer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/30/2012 7:39:17 AM | Computer Name = Vicky-Acer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/30/2012 7:39:18 AM | Computer Name = Vicky-Acer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/30/2012 7:39:18 AM | Computer Name = Vicky-Acer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/30/2012 7:39:18 AM | Computer Name = Vicky-Acer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/30/2012 9:00:48 AM | Computer Name = Vicky-Acer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/30/2012 9:00:48 AM | Computer Name = Vicky-Acer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/30/2012 9:00:48 AM | Computer Name = Vicky-Acer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/30/2012 9:00:48 AM | Computer Name = Vicky-Acer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ OSession Events ]
Error - 7/30/2011 1:13:49 AM | Computer Name = Vicky-Acer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3620
seconds with 900 seconds of active time. This session ended with a crash.

Error - 8/13/2011 7:59:34 AM | Computer Name = Vicky-Acer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3268
seconds with 780 seconds of active time. This session ended with a crash.

Error - 8/13/2011 8:00:10 AM | Computer Name = Vicky-Acer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/13/2011 8:00:21 AM | Computer Name = Vicky-Acer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/30/2012 3:37:19 PM | Computer Name = Vicky-Acer | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/30/2012 3:37:35 PM | Computer Name = Vicky-Acer | Source = Service Control Manager | ID = 7034
Description = The Bitdefender Virus Shield service terminated unexpectedly. It
has done this 1 time(s).

Error - 6/30/2012 3:43:27 PM | Computer Name = Vicky-Acer | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 6/30/2012 3:59:29 PM | Computer Name = Vicky-Acer | Source = Service Control Manager | ID = 7034
Description = The Bitdefender Virus Shield service terminated unexpectedly. It
has done this 1 time(s).

Error - 6/30/2012 4:00:27 PM | Computer Name = Vicky-Acer | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 6/30/2012 4:03:13 PM | Computer Name = Vicky-Acer | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:00:08 PM on ?6/?30/?2012 was unexpected.

Error - 6/30/2012 4:03:34 PM | Computer Name = Vicky-Acer | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 6/30/2012 4:05:33 PM | Computer Name = Vicky-Acer | Source = Service Control Manager | ID = 7031
Description = The Akamai NetSession Interface service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 1000
milliseconds: Restart the service.

Error - 6/30/2012 4:09:59 PM | Computer Name = Vicky-Acer | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/30/2012 4:11:39 PM | Computer Name = Vicky-Acer | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >
 
Good news :)

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
PRC - [2012/05/29 17:25:52 | 001,564,880 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
[2012/06/25 14:04:21 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\55lvdkhu.default\extensions\toolbar@ask.com
[2012/06/25 14:04:21 | 000,002,344 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\55lvdkhu.default\searchplugins\askcom.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe File not found


:Services

:Reg

:Files
C:\Program Files (x86)\Ask.com

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

======================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Hi Broni,

I am on the last step - ESET scanning is currently going on. It looks like it may take a while, and I might doze off for a bit (late night where I am). Is it alright if I get back to you in a few hours with the logs on the above steps?
A couple of other questions :
1.do you feel that the system is on the way to recovery?
2. The infected computer is currently undergoing the ESET online scan with the existing AV - BitDefender disabled. The wireless connectivity is on. Would it be safe for a few hours once the online scan is complete but BitDefender isn't enabled again yet ? (owing me crashing!) - silly question :D

Thank you so much for your continued help on this matter!
 
Hi Broni,

44% complete on the ESET online scanner and I see 1 infection so far:

win64/ patched.b.gen. trojan

Waiting for the complete scan to finish....sweating beads already! :(
 
Your computer should be fairly clean by now but I'll have to see all latest scans I prescribed in my previous reply.
 
Don't worry too much about Eset findings.
Most likely it'll find only inactive leftovers or already quarantined stuff.
 
Hi Bruni,

here are the results:

Security Checkup Results:

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 25
Out of date Java installed!
Adobe Flash Player ( 10.3.181.14) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Bitdefender Bitdefender 2013 vsserv.exe
Bitdefender Bitdefender 2013 bdparentalservice.exe
Bitdefender Bitdefender 2013 updatesrv.exe
Bitdefender Bitdefender SafeBox safeboxservice.exe
Bitdefender Bitdefender 2013 bdagent.exe
Bitdefender Bitdefender 2013 BdParentalSysTray.exe
Symantec Norton Online Backup NOBuAgent.exe
``````````End of Log````````````
--------------------------------------------------------------------------------------------------------------------

FSS Results:

Farbar Service Scanner Version: 25-06-2012 01
Ran by Vicky (administrator) on 30-06-2012 at 16:17:43
Running from "F:\Malware Removal\With Results\Malware Removal\16 FSS"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Google.com returned error: Google.com is offline
Attempt to access Yahoo IP returned error: Yahoo IP is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-14 22:26] - [2011-12-27 22:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-08 23:20] - [2012-03-30 06:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

-----------------------------------------------------------------------------------------------------
TFC- no log

-----------------------------------------------------------

ESet Online Scanner:

C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan deleted - quarantined
------------------------------------------------------
 
Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

=============================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

=========================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Hi Broni,

1. I updated to the latest java version

2. Ran javaRa (it said no logs were produced though)- is that a problem?

3. Results of OTL Fix (see below):

4. You mentioned : If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

Does that mean I remove all installables till now (eg. OTL, combofix, etc ) , and also remove all the logs etc produced by these programs?

Thank you so much for your continued assistance!

OTL Fix report:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Vicky
->Temp folder emptied: 56680 bytes
->Temporary Internet Files folder emptied: 37294 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45400283 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3426 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 43.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Vicky
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Vicky
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.0 log created on 06302012_231950

Files\Folders moved on Reboot...
C:\Users\Vicky\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\~bd15AD.tmp not found!

PendingFileRenameOperations files...
File C:\Users\Vicky\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Windows\temp\~bd15AD.tmp not found!

Registry entries deleted on Reboot...
 
You must log in or register to reply here.

Similar threads

Jimmy2x
Custom-written malware discovered across Windows, macOS, and Linux systems
Replies
9
Views
1K
Gezzer
G
Julio Franco
  • Locked
Keeping it private: 5 VPNs that have been verified to keep no logs
Replies
23
Views
5K
Clappy5
C
S
Solved Computer infected, do I upgrade OS or clean Malware first?
2
Replies
39
Views
9K
Broni
Broni

Latest posts

Back