Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech - Register now for FREE

A community of volunteers who share their knowledge, and answer your tech questions. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message, and all ads will be removed once you have signed in.

Create an Account Login to Account


Photo

Patched_c.LXT [Solved]


  • This topic is locked This topic is locked
30 replies to this topic

#1 YMR

YMR

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 25 June 2012 - 08:01 AM

Hello

My computer is infected by a trojan.

I am keep having messages from my AVG saying the services.exe is infected by Patched_c.LXT but is white listed and cannot be found.
I have scanned with spy doctor and "trojan remover" (and AVG) - all did not work.
I'm currently scanning with eset online with hope that will work.

Can you please help?

See below the log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:52:16, on 25/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\Downloads\HiJackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://express-googl...ch.blogspot.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: ted - Shortcut.lnk = C:\Program Files (x86)\Torrent Episode Downloader\ted.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12209 bytes


Thanks in advance :D

#2 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 5,109 posts
  • Interests:LFC, music, more LFC, more music

Posted 27 June 2012 - 06:37 AM

Hello YMR and welcome to the WTT forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:
  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

I am looking at your log now and will reply with instructions shortly

Satchfan

#3 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 5,109 posts
  • Interests:LFC, music, more LFC, more music

Posted 27 June 2012 - 06:45 AM

Hello again YMR

P2P - I see you have P2P software, (uTorrent), installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infection.

It almost certainly contributed to your current situation as the infection on your computer is a worm that is passed from computer to computer using P2P and networking.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

Please see this topic for more information:

Perils of P2P File Sharing.

I would strongly recommend that you uninstall it now. You can do so via Start, Settings, Control Panel, Add or Remove Programs

Should you decide to keep it, please don’t use it until we have finished up here.

===================================================

Download and run OTL
  • download OTL to your desktop.
  • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • click Scan all users.
  • under Custom Scan paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT

  • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
  • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • you may need two posts to fit them both in.
===================================================

Run aswMBR
  • download aswMBR.exe to your desktop.
  • double click the aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply
Logs to include with next post:

OTL.txt
Extras.txt
aswMBR log


Thanks

Satchfan

#4 YMR

YMR

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 27 June 2012 - 08:39 AM

Hey
Thanks again!

here is the first log - OTL:


OTL logfile created on: 27/06/2012 17:28:39 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Home\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040d | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

3.90 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 66.84% Memory free
7.80 Gb Paging File | 5.80 Gb Available in Paging File | 74.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 683.66 Gb Free Space | 73.40% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/27 17:23:50 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/26 15:33:16 | 002,743,104 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2012/04/22 23:56:54 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\javaw.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/04/04 08:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/01 15:36:48 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
PRC - [2011/07/01 15:36:44 | 000,337,872 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe


========== Modules (No Company Name) ==========

MOD - [2010/11/21 06:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/23 10:38:19 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/21 04:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 08:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel®
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/01 15:36:44 | 000,337,872 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/04/06 16:53:36 | 001,117,144 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011/02/18 11:14:04 | 000,371,472 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/24 19:50:45 | 000,180,488 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pctplfw64.sys -- (pctplfw)
DRV:64bit: - [2012/06/24 19:50:42 | 000,077,784 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctNdis64.sys -- (pctNdisMP)
DRV:64bit: - [2012/06/24 19:50:42 | 000,077,784 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pctNdis64.sys -- (pctNdis)
DRV:64bit: - [2012/06/24 19:50:41 | 000,119,688 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys -- (PCTFW-PacketFilter)
DRV:64bit: - [2012/06/24 10:17:38 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/15 21:58:19 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/02/15 21:58:19 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/11 12:02:34 | 000,282,440 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2011/07/11 09:07:46 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
DRV:64bit: - [2011/07/11 09:05:44 | 000,337,048 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2011/06/10 09:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 09:08:22 | 000,279,344 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2010/11/21 06:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 06:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 06:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 06:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 06:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 06:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 06:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 06:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1214088107-3745027895-4013750955-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://express-googl...ch.blogspot.com
IE - HKU\S-1-5-21-1214088107-3745027895-4013750955-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1214088107-3745027895-4013750955-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = he-IL
IE - HKU\S-1-5-21-1214088107-3745027895-4013750955-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF 7B C3 1F 29 42 CD 01 [binary data]
IE - HKU\S-1-5-21-1214088107-3745027895-4013750955-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-1214088107-3745027895-4013750955-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-1214088107-3745027895-4013750955-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1214088107-3745027895-4013750955-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE8SRC
IE - HKU\S-1-5-21-1214088107-3745027895-4013750955-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://express-googl...h.blogspot.com"
FF - prefs.js..keyword.URL: "http://www.google.co...=ISO-8859-1&q="
FF - prefs.js..browser.startup.homepage: "http://express-googl...h.blogspot.com"
FF - prefs.js..keyword.URL: "http://www.google.co...=ISO-8859-1&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Home\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Home\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/12 08:01:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/01 13:37:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\ [2012/06/24 18:59:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/01 19:21:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/05/01 19:23:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions
[2012/05/04 20:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\lblo695t.default\extensions
[2012/05/04 20:51:32 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\lblo695t.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/05/01 19:21:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/21 04:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/21 04:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/21 04:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{googl
e:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chro
me&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client
=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Home\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Chrome IE Tab (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.5.14.1_0\plugin/blackfishietab.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Home\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Bejeweled = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: Weather (extension) = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfnnlfpnc\0.8.0.4_0\
CHR - Extension: YouTube = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: FB Photo Zoom = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1206.4.2_0\
CHR - Extension: AdBlock = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.37_0\
CHR - Extension: IE Tab = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.6.14.1_0\
CHR - Extension: AVG Safe Search = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: Any.DO = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem\1.0.0.62_0\
CHR - Extension: Gmail = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1214088107-3745027895-4013750955-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1214088107-3745027895-4013750955-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ted - Shortcut.lnk = C:\Program Files (x86)\Torrent Episode Downloader\ted.exe (Roel & Joost)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80F25CC4-7E95-48CF-9109-A5139C8F3B46}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c18c01fb-937b-11e1-8822-14dae9b4e00d}\Shell - "" = AutoRun
O33 - MountPoints2\{c18c01fb-937b-11e1-8822-14dae9b4e00d}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/27 17:24:52 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2012/06/25 17:22:58 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Trojan
[2012/06/25 17:04:43 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Home\Desktop\HiJackThis.exe
[2012/06/25 16:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/06/24 23:31:14 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\ElevatedDiagnostics
[2012/06/24 20:04:10 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\PCTools
[2012/06/24 19:52:40 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\PCToolsFirewallPlus
[2012/06/24 19:52:39 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Spam Monitor
[2012/06/24 19:50:45 | 000,180,488 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplfw64.sys
[2012/06/24 19:50:42 | 000,077,784 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis64.sys
[2012/06/24 19:50:41 | 000,119,688 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys
[2012/06/24 19:50:41 | 000,042,968 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-DNS64.sys
[2012/06/24 18:59:23 | 002,029,520 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/06/24 18:59:23 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/06/24 18:59:23 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/06/24 18:56:43 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012/06/24 18:56:43 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012/06/24 18:56:42 | 000,337,048 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012/06/24 18:56:42 | 000,143,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012/06/24 18:56:36 | 000,282,440 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012/06/24 18:56:32 | 000,279,344 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/06/24 18:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/06/24 18:56:30 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012/06/24 18:56:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2012/06/24 18:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/06/24 18:56:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/06/24 10:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Arizona Rose
[2012/06/24 10:20:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2012/06/24 10:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2012/06/24 10:17:38 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/06/24 10:17:33 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\DAEMON Tools Pro
[2012/06/24 10:17:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2012/06/24 10:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2012/06/24 09:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/06/24 09:51:57 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\Simply Super Software
[2012/06/24 09:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012/06/24 09:51:50 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ztvcabinet.dll
[2012/06/24 09:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012/06/24 09:51:50 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Simply Super Software
[2012/06/24 09:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012/06/24 09:46:52 | 000,231,936 | ---- | C] (Ufasoft) -- C:\Windows\Installer\{ac271d7b-5e2d-0342-1218-e7728d5d5798}\L\00000008.@
[2012/06/24 09:41:40 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Arizona Rose and the Pirates' Riddles
[2012/06/21 12:48:07 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/21 12:48:07 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/21 12:48:07 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/21 12:47:48 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/21 12:47:48 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/21 12:47:48 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/21 12:47:37 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/21 12:47:37 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/17 18:57:23 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\V5 Play
[2012/06/17 18:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\May's Mysteries - The Secret of Dragonville
[2012/06/15 14:34:48 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Microsoft Games
[2012/06/15 03:00:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/15 03:00:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/15 03:00:42 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/15 03:00:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/15 03:00:41 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/15 03:00:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/15 03:00:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/15 03:00:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/15 03:00:40 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/15 03:00:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/15 03:00:39 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/15 03:00:39 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/15 03:00:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/14 08:41:00 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\quickclick
[2012/06/14 08:20:28 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/14 08:20:28 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/14 08:20:28 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/14 08:20:22 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/14 08:20:22 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/14 08:20:21 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/14 08:20:17 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/14 08:20:17 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/14 08:20:15 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/14 08:20:14 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/06/12 18:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo
[2012/06/12 18:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cooking Academy 3-Recipe for Success
[2012/06/12 08:01:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/05 19:29:57 | 000,000,000 | ---D | C] -- C:\Output Files
[2012/06/05 19:28:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\office Convert Pdf to Jpg Jpeg Tiff Free
[2012/06/05 19:20:01 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Adobe

========== Files - Modified Within 30 Days ==========

[2012/06/27 17:23:50 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2012/06/27 17:14:26 | 100,746,374 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/27 17:12:00 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1214088107-3745027895-4013750955-1000UA.job
[2012/06/27 16:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/26 19:12:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1214088107-3745027895-4013750955-1000Core.job
[2012/06/26 17:14:04 | 000,261,390 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/06/26 03:00:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/25 19:23:55 | 001,145,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/25 19:23:55 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/25 19:23:55 | 000,361,454 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2012/06/25 19:23:55 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/25 19:23:55 | 000,069,022 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2012/06/25 19:18:14 | 3140,333,568 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/25 19:17:20 | 000,023,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/25 19:17:19 | 000,023,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/25 16:51:13 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Home\Desktop\HiJackThis.exe
[2012/06/24 19:52:04 | 001,711,616 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/06/24 19:50:45 | 000,180,488 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctplfw64.sys
[2012/06/24 19:50:42 | 000,077,784 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis64.sys
[2012/06/24 19:50:41 | 000,119,688 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys
[2012/06/24 19:50:41 | 000,042,968 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-DNS64.sys
[2012/06/24 19:40:32 | 000,001,224 | ---- | M] () -- C:\Users\Home\Desktop\ArizonaRose.exe - Shortcut.lnk
[2012/06/24 19:28:31 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Internet Security.lnk
[2012/06/24 10:18:43 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2012/06/24 10:17:38 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/06/24 09:51:53 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012/06/23 10:38:17 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/23 10:38:17 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/21 13:27:25 | 427,712,894 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/20 22:39:14 | 000,033,758 | ---- | M] () -- C:\Users\Home\AppData\Local\dt.dat
[2012/06/18 07:05:59 | 000,019,160 | ---- | M] () -- C:\Users\Home\Desktop\Pakam.pdf
[2012/06/17 18:57:05 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2012/06/17 18:56:17 | 000,000,972 | ---- | M] () -- C:\Users\Home\Desktop\May's Mysteries - The Secret of Dragonville.lnk
[2012/06/15 04:23:53 | 000,415,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/14 10:11:55 | 000,001,322 | ---- | M] () -- C:\Users\Home\Desktop\TempleofLife_TheLegendofFourElementsCE.exe - Shortcut.lnk
[2012/06/14 08:16:58 | 000,245,030 | ---- | M] () -- C:\Users\Home\Desktop\intel2.jpg
[2012/06/14 08:16:04 | 000,264,912 | ---- | M] () -- C:\Users\Home\Desktop\intel1.jpg
[2012/06/12 18:44:14 | 000,000,943 | ---- | M] () -- C:\Users\Home\Desktop\Cooking Academy 3-Recipe for Success.lnk
[2012/06/05 19:43:36 | 000,037,177 | ---- | M] () -- C:\Users\Home\Desktop\004.jpg
[2012/06/05 19:43:35 | 000,082,662 | ---- | M] () -- C:\Users\Home\Desktop\001.jpg
[2012/06/05 19:43:35 | 000,070,838 | ---- | M] () -- C:\Users\Home\Desktop\002.jpg
[2012/06/05 19:43:35 | 000,061,955 | ---- | M] () -- C:\Users\Home\Desktop\003.jpg
[2012/06/05 19:33:17 | 000,689,166 | ---- | M] () -- C:\Users\Home\Desktop\גליון ציונים בן-גוריון.zip
[2012/06/05 18:53:41 | 000,000,918 | ---- | M] () -- C:\Users\Home\Desktop\MINAS - Shortcut.lnk
[2012/06/03 01:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/03 01:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/03 01:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/03 01:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/03 01:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/03 01:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

========== Files Created - No Company Name ==========

[2012/06/25 21:21:02 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{ac271d7b-5e2d-0342-1218-e7728d5d5798}\U\80000000.@
[2012/06/25 21:18:32 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{ac271d7b-5e2d-0342-1218-e7728d5d5798}\U\00000008.@
[2012/06/24 19:40:32 | 000,001,224 | ---- | C] () -- C:\Users\Home\Desktop\ArizonaRose.exe - Shortcut.lnk
[2012/06/24 19:28:31 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Internet Security.lnk
[2012/06/24 18:59:23 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/06/24 18:59:23 | 000,002,125 | ---- | C] () -- C:\Windows\UDB.zip
[2012/06/24 18:59:23 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/06/24 18:59:23 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/06/24 18:59:23 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/06/24 18:56:54 | 001,711,616 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/06/24 10:18:43 | 000,001,936 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2012/06/24 09:51:53 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012/06/24 09:51:50 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2012/06/24 09:51:50 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2012/06/24 09:51:50 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2012/06/24 09:51:50 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012/06/24 09:41:51 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{ac271d7b-5e2d-0342-1218-e7728d5d5798}\L\00000004.@
[2012/06/24 09:41:49 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{ac271d7b-5e2d-0342-1218-e7728d5d5798}\U\80000064.@
[2012/06/24 09:41:48 | 000,088,064 | ---- | C] () -- C:\Windows\Installer\{ac271d7b-5e2d-0342-1218-e7728d5d5798}\U\80000032.@
[2012/06/24 09:41:46 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{ac271d7b-5e2d-0342-1218-e7728d5d5798}\U\00000004.@
[2012/06/24 09:41:46 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{ac271d7b-5e2d-0342-1218-e7728d5d5798}\U\000000cb.@
[2012/06/20 22:39:14 | 000,033,758 | ---- | C] () -- C:\Users\Home\AppData\Local\dt.dat
[2012/06/18 07:06:25 | 000,019,160 | ---- | C] () -- C:\Users\Home\Desktop\Pakam.pdf
[2012/06/17 18:57:05 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/06/17 18:56:17 | 000,000,972 | ---- | C] () -- C:\Users\Home\Desktop\May's Mysteries - The Secret of Dragonville.lnk
[2012/06/14 10:11:55 | 000,001,322 | ---- | C] () -- C:\Users\Home\Desktop\TempleofLife_TheLegendofFourElementsCE.exe - Shortcut.lnk
[2012/06/14 08:16:58 | 000,245,030 | ---- | C] () -- C:\Users\Home\Desktop\intel2.jpg
[2012/06/14 08:16:04 | 000,264,912 | ---- | C] () -- C:\Users\Home\Desktop\intel1.jpg
[2012/06/12 18:44:14 | 000,000,943 | ---- | C] () -- C:\Users\Home\Desktop\Cooking Academy 3-Recipe for Success.lnk
[2012/06/12 18:44:13 | 000,000,185 | ---- | C] () -- C:\Users\Public\Desktop\Google Search.url
[2012/06/12 18:44:13 | 000,000,183 | ---- | C] () -- C:\Users\Public\Desktop\Fun Games.url
[2012/06/05 19:34:13 | 000,082,662 | ---- | C] () -- C:\Users\Home\Desktop\001.jpg
[2012/06/05 19:34:13 | 000,070,838 | ---- | C] () -- C:\Users\Home\Desktop\002.jpg
[2012/06/05 19:34:13 | 000,061,955 | ---- | C] () -- C:\Users\Home\Desktop\003.jpg
[2012/06/05 19:34:13 | 000,037,177 | ---- | C] () -- C:\Users\Home\Desktop\004.jpg
[2012/06/05 19:33:55 | 000,689,166 | ---- | C] () -- C:\Users\Home\Desktop\גליון ציונים בן-גוריון.zip
[2012/06/05 18:53:41 | 000,000,918 | ---- | C] () -- C:\Users\Home\Desktop\MINAS - Shortcut.lnk
[2012/05/02 11:13:58 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012/04/23 21:58:50 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/04/23 21:58:50 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/04/23 21:58:50 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/04/23 21:58:50 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012/04/23 21:58:49 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/04/22 21:14:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/04/22 21:14:31 | 000,028,483 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/03/19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/19 23:31:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/03/19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/15 22:30:47 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{ac271d7b-5e2d-0342-1218-e7728d5d5798}\@

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2012/02/15 22:07:55 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012/02/15 22:07:55 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2012/02/15 22:07:55 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012/02/15 22:07:55 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 06:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/02/15 22:07:55 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2012/02/15 22:07:55 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 06:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 04:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 04:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009/07/14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 06:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 06:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 06:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 06:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 06:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 06:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SAMSUNG HD103SI ATA Device
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 931.00GB
Starting Offset: 105906176
Hidden sectors: 0


========== Alternate Data Streams ==========

@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

#5 YMR

YMR

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 27 June 2012 - 08:40 AM

the second log - Extras:


OTL Extras logfile created on: 27/06/2012 17:28:39 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Home\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040d | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

3.90 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 66.84% Memory free
7.80 Gb Paging File | 5.80 Gb Available in Paging File | 74.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 683.66 Gb Free Space | 73.40% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1214088107-3745027895-4013750955-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.9
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{9507C52B-E482-4914-85A6-D4786ADD3512}" = Foxit Reader
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"am-creavures" = CreaVures
"Browser Defender_is1" = Browser Defender 3.0
"Catan Online Welt" = Catan Online World
"Cooking Academy 3-Recipe for Success_is1" = Cooking Academy 3-Recipe for Success version 1.0.0
"DAEMON Tools Pro" = DAEMON Tools Pro
"ESET Online Scanner" = ESET Online Scanner v3
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.7.0 (Full)
"May's Mysteries - The Secret of Dragonville_is1" = May's Mysteries - The Secret of Dragonville version 1.0.0
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"Spooky Mall1.0" = Spooky Mall
"Spyware Doctor" = PC Tools Internet Security
"The KMPlayer" = The KMPlayer (remove only)
"Torrent Episode Downloader 0.972" = Torrent Episode Downloader
"Trojan Remover_is1" = Trojan Remover 6.8.4
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1214088107-3745027895-4013750955-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 25/06/2012 07:23:32 | Computer Name = Home-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 25/06/2012 08:23:32 | Computer Name = Home-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 25/06/2012 09:23:32 | Computer Name = Home-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 25/06/2012 10:04:33 | Computer Name = Home-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Home\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 25/06/2012 10:23:33 | Computer Name = Home-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 25/06/2012 11:23:33 | Computer Name = Home-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 25/06/2012 12:18:18 | Computer Name = Home-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 25/06/2012 12:19:50 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 25/06/2012 14:18:41 | Computer Name = Home-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Home\Downloads\esetsmartinstaller_enu
(1).exe".Error in manifest or policy file "" on line . A component version required
by the application conflicts with another component version already active. Conflicting
components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 25/06/2012 20:30:08 | Computer Name = Home-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ System Events ]
Error - 24/06/2012 16:39:15 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 24/06/2012 16:39:15 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 24/06/2012 21:22:53 | Computer Name = Home-PC | Source = DCOM | ID = 10001
Description =

Error - 25/06/2012 01:15:50 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 25/06/2012 01:15:50 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 25/06/2012 02:23:32 | Computer Name = Home-PC | Source = DCOM | ID = 10001
Description =

Error - 25/06/2012 12:18:46 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 25/06/2012 12:18:46 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 25/06/2012 20:00:36 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 25/06/2012 20:00:36 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891


< End of report >

#6 YMR

YMR

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 27 June 2012 - 09:25 AM

the last log - aswMBR aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-06-27 17:43:40 ----------------------------- 17:43:40.369 OS Version: Windows x64 6.1.7601 Service Pack 1 17:43:40.369 Number of processors: 4 586 0x2A07 17:43:40.370 ComputerName: HOME-PC UserName: Home 17:43:42.925 Initialize success 17:45:46.970 AVAST engine defs: 12062700 17:45:51.079 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 17:45:51.082 Disk 0 Vendor: SAMSUNG_HD103SI 1AG01118 Size: 953869MB BusType: 3 17:45:51.103 Disk 0 MBR read successfully 17:45:51.105 Disk 0 MBR scan 17:45:51.107 Disk 0 Windows 7 default MBR code 17:45:51.121 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 17:45:51.136 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848 17:45:51.153 Disk 0 scanning C:\Windows\system32\drivers 17:45:58.555 Service scanning 17:46:13.935 Modules scanning 17:46:13.939 Disk 0 trace - called modules: 17:46:13.963 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 17:46:13.967 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004705790] 17:46:14.293 3 CLASSPNP.SYS[fffff88001b9543f] -> nt!IofCallDriver -> [0xfffffa8004593b00] 17:46:14.296 5 PCTCore64.sys[fffff880011528a4] -> nt!IofCallDriver -> [0xfffffa8003fcbdf0] 17:46:14.299 7 ACPI.sys[fffff88000fa27a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800412a060] 17:46:15.745 AVAST engine scan C:\Windows 17:46:19.629 AVAST engine scan C:\Windows\system32 17:47:42.486 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk] 17:47:44.441 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk] 17:49:12.702 AVAST engine scan C:\Windows\system32\drivers 17:49:29.660 AVAST engine scan C:\Users\Home 17:58:12.779 AVAST engine scan C:\ProgramData 17:58:37.891 Scan finished successfully 18:24:07.106 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\Trojan\MBR.dat" 18:24:07.112 The log file has been saved successfully to "C:\Users\Home\Desktop\Trojan\aswMBR.txt" Thanks!

#7 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 5,109 posts
  • Interests:LFC, music, more LFC, more music

Posted 27 June 2012 - 09:53 AM

Hi YMR

There is a sign of a particularly nasty infection so we’ll have to run more scans.

Please run these in the order requested.

Run TDSSKiller

Please download TDSSKiller.zip
  • extract it to your desktop
  • double click TDSSKiller.exe
  • press Start Scan

    only if Malicious objects are found then ensure Cure is selected. Do not change it to Delete or Quarantine as it may delete infected files that are required for Windows to operate properly.

  • click Continue > Reboot now

  • copy and paste the log in your next reply
  • a copy of the log will be saved automatically to the root of the drive (typically C:\) called TDSSKiller_*** (*** denotes version & date)
======================================================

Download and run ComboFix

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It MUST be saved directly to your desktop. Choose save as and then make sure you choose Desktop

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • when finished, it will produce a report for you.
  • please post the C:\ComboFix.txt for further review.
Logs to include with next post:

TDSSKiller log
ComboFix.txt


Thanks

BTW, I won't be around for a few hours now but will get back as soon as I can

Satchfan

#8 YMR

YMR

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 27 June 2012 - 10:40 AM

I did exactly as specified and opened the application but after a few seconds it's just closed by itself. No prompts and no log... :unsure:

#9 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 5,109 posts
  • Interests:LFC, music, more LFC, more music

Posted 27 June 2012 - 03:38 PM

This is a bad infection that may take a lot of beating but we have other options.

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again
  • download RogueKiller by tigzy and save it to your desktop
  • close all programs
  • double-click RogueKiller.exe
  • wait until Prescan has finished
  • click on Scan
  • when the scan is complete click report
Please post the log.

Satchfan

#10 YMR

YMR

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 27 June 2012 - 07:23 PM

Hi
The scan took only a few seconds.
Also I did not turn of the AVG... let me know if I should run the application again after disabling the AVG

Here is the log:


RogueKiller V7.6.0 [06/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Home [Admin rights]
Mode: Scan -- Date: 06/28/2012 04:16:49

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{ac271d7b-5e2d-0342-1218-e7728d5d5798}\U --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103SI ATA Device +++++
--- User ---
[MBR] 3a2eaa0091a8e7b1b04b6be4ab795492
[BSP] bb5caa963bab9298c2471da7b91cbd7f : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#11 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 5,109 posts
  • Interests:LFC, music, more LFC, more music

Posted 28 June 2012 - 02:20 AM

That log didn't show up the infection.

Did you try both TDSSKiller and ComboFix?

If you didn't, try running whichever you didn't.

If you tried both and they failed, try running them in safe mode.

To Enter Safemode
  • go to Start> Shut off your Computer> Restart
  • as the computer starts to boot-up, tap the F8 KEY - this will bring up a menu
  • use the Up and Down Arrow Keys to scroll up to Safemode with Networking
  • then press Enter on your keyboard


#12 YMR

YMR

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 28 June 2012 - 11:38 AM

OK, so i double backed and checked my steps - it seems I skipped the TDSSKiller. I ran it and it did not find any infections. Here is thew log: 20:31:30.0124 3340 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44 20:31:30.0324 3340 ============================================================ 20:31:30.0324 3340 Current date / time: 2012/06/28 20:31:30.0324 20:31:30.0324 3340 SystemInfo: 20:31:30.0324 3340 20:31:30.0324 3340 OS Version: 6.1.7601 ServicePack: 1.0 20:31:30.0324 3340 Product type: Workstation 20:31:30.0324 3340 ComputerName: HOME-PC 20:31:30.0324 3340 UserName: Home 20:31:30.0324 3340 Windows directory: C:\Windows 20:31:30.0324 3340 System windows directory: C:\Windows 20:31:30.0324 3340 Running under WOW64 20:31:30.0324 3340 Processor architecture: Intel x64 20:31:30.0324 3340 Number of processors: 4 20:31:30.0324 3340 Page size: 0x1000 20:31:30.0324 3340 Boot type: Normal boot 20:31:30.0324 3340 ============================================================ 20:31:31.0169 3340 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:31:31.0172 3340 ============================================================ 20:31:31.0172 3340 \Device\Harddisk0\DR0: 20:31:31.0173 3340 MBR partitions: 20:31:31.0173 3340 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 20:31:31.0173 3340 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800 20:31:31.0173 3340 ============================================================ 20:31:31.0211 3340 C: <-> \Device\Harddisk0\DR0\Partition1 20:31:31.0211 3340 ============================================================ 20:31:31.0211 3340 Initialize success 20:31:31.0211 3340 ============================================================ 20:31:41.0392 6124 ============================================================ 20:31:41.0392 6124 Scan started 20:31:41.0392 6124 Mode: Manual; 20:31:41.0392 6124 ============================================================ 20:31:42.0108 6124 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 20:31:42.0111 6124 1394ohci - ok 20:31:42.0135 6124 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 20:31:42.0139 6124 ACPI - ok 20:31:42.0150 6124 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 20:31:42.0152 6124 AcpiPmi - ok 20:31:42.0224 6124 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 20:31:42.0225 6124 AdobeARMservice - ok 20:31:42.0337 6124 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 20:31:42.0339 6124 AdobeFlashPlayerUpdateSvc - ok 20:31:42.0361 6124 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 20:31:42.0366 6124 adp94xx - ok 20:31:42.0381 6124 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 20:31:42.0385 6124 adpahci - ok 20:31:42.0394 6124 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 20:31:42.0397 6124 adpu320 - ok 20:31:42.0424 6124 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 20:31:42.0426 6124 AeLookupSvc - ok 20:31:42.0475 6124 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 20:31:42.0481 6124 AFD - ok 20:31:42.0497 6124 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 20:31:42.0498 6124 agp440 - ok 20:31:42.0516 6124 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 20:31:42.0517 6124 ALG - ok 20:31:42.0541 6124 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 20:31:42.0542 6124 aliide - ok 20:31:42.0549 6124 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 20:31:42.0550 6124 amdide - ok 20:31:42.0555 6124 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 20:31:42.0556 6124 AmdK8 - ok 20:31:42.0562 6124 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 20:31:42.0564 6124 AmdPPM - ok 20:31:42.0580 6124 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 20:31:42.0581 6124 amdsata - ok 20:31:42.0598 6124 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 20:31:42.0600 6124 amdsbs - ok 20:31:42.0607 6124 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 20:31:42.0609 6124 amdxata - ok 20:31:42.0628 6124 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 20:31:42.0630 6124 AppID - ok 20:31:42.0642 6124 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 20:31:42.0643 6124 AppIDSvc - ok 20:31:42.0662 6124 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 20:31:42.0663 6124 Appinfo - ok 20:31:42.0708 6124 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 20:31:42.0711 6124 AppMgmt - ok 20:31:42.0752 6124 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 20:31:42.0753 6124 arc - ok 20:31:42.0762 6124 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 20:31:42.0764 6124 arcsas - ok 20:31:42.0783 6124 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 20:31:42.0784 6124 AsyncMac - ok 20:31:42.0794 6124 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 20:31:42.0795 6124 atapi - ok 20:31:42.0849 6124 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 20:31:42.0856 6124 AudioEndpointBuilder - ok 20:31:42.0861 6124 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 20:31:42.0865 6124 AudioSrv - ok 20:31:43.0149 6124 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe 20:31:43.0179 6124 AVGIDSAgent - ok 20:31:43.0302 6124 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys 20:31:43.0304 6124 AVGIDSDriver - ok 20:31:43.0313 6124 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys 20:31:43.0315 6124 AVGIDSFilter - ok 20:31:43.0356 6124 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys 20:31:43.0357 6124 AVGIDSHA - ok 20:31:43.0381 6124 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys 20:31:43.0385 6124 Avgldx64 - ok 20:31:43.0393 6124 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys 20:31:43.0394 6124 Avgmfx64 - ok 20:31:43.0413 6124 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys 20:31:43.0414 6124 Avgrkx64 - ok 20:31:43.0459 6124 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys 20:31:43.0463 6124 Avgtdia - ok 20:31:43.0527 6124 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe 20:31:43.0529 6124 avgwd - ok 20:31:43.0563 6124 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 20:31:43.0565 6124 AxInstSV - ok 20:31:43.0613 6124 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 20:31:43.0619 6124 b06bdrv - ok 20:31:43.0649 6124 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 20:31:43.0652 6124 b57nd60a - ok 20:31:43.0685 6124 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 20:31:43.0686 6124 BDESVC - ok 20:31:43.0715 6124 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 20:31:43.0717 6124 Beep - ok 20:31:43.0766 6124 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 20:31:43.0776 6124 BITS - ok 20:31:43.0797 6124 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 20:31:43.0799 6124 blbdrive - ok 20:31:43.0828 6124 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 20:31:43.0829 6124 bowser - ok 20:31:43.0846 6124 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 20:31:43.0847 6124 BrFiltLo - ok 20:31:43.0850 6124 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 20:31:43.0851 6124 BrFiltUp - ok 20:31:43.0867 6124 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 20:31:43.0869 6124 BridgeMP - ok 20:31:43.0896 6124 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 20:31:43.0898 6124 Browser - ok 20:31:44.0006 6124 Browser Defender Update Service (e3c4cb3cc0bee58ff323c46debcd0251) C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe 20:31:44.0008 6124 Browser Defender Update Service - ok 20:31:44.0020 6124 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 20:31:44.0024 6124 Brserid - ok 20:31:44.0030 6124 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 20:31:44.0032 6124 BrSerWdm - ok 20:31:44.0035 6124 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 20:31:44.0036 6124 BrUsbMdm - ok 20:31:44.0039 6124 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 20:31:44.0041 6124 BrUsbSer - ok 20:31:44.0056 6124 BTCFilterService - ok 20:31:44.0073 6124 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 20:31:44.0075 6124 BTHMODEM - ok 20:31:44.0087 6124 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 20:31:44.0089 6124 bthserv - ok 20:31:44.0105 6124 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 20:31:44.0107 6124 cdfs - ok 20:31:44.0121 6124 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 20:31:44.0124 6124 cdrom - ok 20:31:44.0159 6124 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 20:31:44.0161 6124 CertPropSvc - ok 20:31:44.0181 6124 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 20:31:44.0182 6124 circlass - ok 20:31:44.0216 6124 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 20:31:44.0220 6124 CLFS - ok 20:31:44.0259 6124 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:31:44.0268 6124 clr_optimization_v2.0.50727_32 - ok 20:31:44.0308 6124 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:31:44.0310 6124 clr_optimization_v2.0.50727_64 - ok 20:31:44.0372 6124 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:31:44.0374 6124 clr_optimization_v4.0.30319_32 - ok 20:31:44.0391 6124 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:31:44.0394 6124 clr_optimization_v4.0.30319_64 - ok 20:31:44.0476 6124 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 20:31:44.0478 6124 CmBatt - ok 20:31:44.0503 6124 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 20:31:44.0505 6124 cmdide - ok 20:31:44.0542 6124 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 20:31:44.0547 6124 CNG - ok 20:31:44.0556 6124 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 20:31:44.0557 6124 Compbatt - ok 20:31:44.0579 6124 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys 20:31:44.0580 6124 CompositeBus - ok 20:31:44.0582 6124 COMSysApp - ok 20:31:44.0680 6124 cphs (f08c6020e57f5e5bf2fd034db10bedfb) C:\Windows\SysWow64\IntelCpHeciSvc.exe 20:31:44.0685 6124 cphs - ok 20:31:44.0696 6124 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 20:31:44.0697 6124 crcdisk - ok 20:31:44.0740 6124 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 20:31:44.0757 6124 CryptSvc - ok 20:31:44.0793 6124 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 20:31:44.0798 6124 CSC - ok 20:31:44.0847 6124 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll 20:31:44.0854 6124 CscService - ok 20:31:44.0947 6124 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 20:31:44.0953 6124 DcomLaunch - ok 20:31:44.0983 6124 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 20:31:44.0987 6124 defragsvc - ok 20:31:45.0018 6124 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 20:31:45.0020 6124 DfsC - ok 20:31:45.0059 6124 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 20:31:45.0063 6124 Dhcp - ok 20:31:45.0075 6124 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 20:31:45.0076 6124 discache - ok 20:31:45.0124 6124 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 20:31:45.0126 6124 Disk - ok 20:31:45.0151 6124 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys 20:31:45.0153 6124 dmvsc - ok 20:31:45.0178 6124 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 20:31:45.0181 6124 Dnscache - ok 20:31:45.0218 6124 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 20:31:45.0221 6124 dot3svc - ok 20:31:45.0233 6124 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 20:31:45.0236 6124 DPS - ok 20:31:45.0264 6124 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 20:31:45.0265 6124 drmkaud - ok 20:31:45.0316 6124 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 20:31:45.0320 6124 dtsoftbus01 - ok 20:31:45.0382 6124 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 20:31:45.0392 6124 DXGKrnl - ok 20:31:45.0416 6124 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 20:31:45.0418 6124 EapHost - ok 20:31:45.0557 6124 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 20:31:45.0586 6124 ebdrv - ok 20:31:45.0670 6124 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 20:31:45.0672 6124 EFS - ok 20:31:45.0740 6124 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 20:31:45.0747 6124 ehRecvr - ok 20:31:45.0762 6124 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 20:31:45.0764 6124 ehSched - ok 20:31:45.0830 6124 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 20:31:45.0836 6124 elxstor - ok 20:31:45.0850 6124 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 20:31:45.0852 6124 ErrDev - ok 20:31:45.0913 6124 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 20:31:45.0918 6124 EventSystem - ok 20:31:45.0942 6124 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 20:31:45.0945 6124 exfat - ok 20:31:45.0970 6124 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 20:31:45.0973 6124 fastfat - ok 20:31:46.0023 6124 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 20:31:46.0031 6124 Fax - ok 20:31:46.0035 6124 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 20:31:46.0036 6124 fdc - ok 20:31:46.0049 6124 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 20:31:46.0050 6124 fdPHost - ok 20:31:46.0058 6124 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 20:31:46.0059 6124 FDResPub - ok 20:31:46.0077 6124 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 20:31:46.0078 6124 FileInfo - ok 20:31:46.0091 6124 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 20:31:46.0092 6124 Filetrace - ok 20:31:46.0095 6124 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 20:31:46.0096 6124 flpydisk - ok 20:31:46.0122 6124 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 20:31:46.0125 6124 FltMgr - ok 20:31:46.0194 6124 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 20:31:46.0206 6124 FontCache - ok 20:31:46.0271 6124 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:31:46.0272 6124 FontCache3.0.0.0 - ok 20:31:46.0313 6124 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 20:31:46.0315 6124 FsDepends - ok 20:31:46.0350 6124 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 20:31:46.0352 6124 Fs_Rec - ok 20:31:46.0375 6124 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 20:31:46.0378 6124 fvevol - ok 20:31:46.0405 6124 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 20:31:46.0406 6124 gagp30kx - ok 20:31:46.0446 6124 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 20:31:46.0454 6124 gpsvc - ok 20:31:46.0542 6124 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 20:31:46.0544 6124 gusvc - ok 20:31:46.0561 6124 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 20:31:46.0562 6124 hcw85cir - ok 20:31:46.0611 6124 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 20:31:46.0615 6124 HdAudAddService - ok 20:31:46.0630 6124 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 20:31:46.0632 6124 HDAudBus - ok 20:31:46.0636 6124 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 20:31:46.0638 6124 HidBatt - ok 20:31:46.0644 6124 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 20:31:46.0646 6124 HidBth - ok 20:31:46.0656 6124 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 20:31:46.0659 6124 HidIr - ok 20:31:46.0667 6124 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 20:31:46.0668 6124 hidserv - ok 20:31:46.0701 6124 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 20:31:46.0702 6124 HidUsb - ok 20:31:46.0724 6124 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 20:31:46.0727 6124 hkmsvc - ok 20:31:46.0751 6124 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 20:31:46.0755 6124 HomeGroupListener - ok 20:31:46.0782 6124 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 20:31:46.0786 6124 HomeGroupProvider - ok 20:31:46.0798 6124 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 20:31:46.0800 6124 HpSAMD - ok 20:31:46.0848 6124 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 20:31:46.0856 6124 HTTP - ok 20:31:46.0871 6124 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 20:31:46.0872 6124 hwpolicy - ok 20:31:46.0879 6124 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 20:31:46.0881 6124 i8042prt - ok 20:31:46.0935 6124 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 20:31:46.0939 6124 iaStorV - ok 20:31:47.0049 6124 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:31:47.0058 6124 idsvc - ok 20:31:47.0804 6124 igfx (371d7f91c0d2314eb984a4a6cbeabc92) C:\Windows\system32\DRIVERS\igdkmd64.sys 20:31:47.0944 6124 igfx - ok 20:31:48.0058 6124 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 20:31:48.0060 6124 iirsp - ok 20:31:48.0119 6124 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 20:31:48.0129 6124 IKEEXT - ok 20:31:48.0286 6124 IntcAzAudAddService (eb5fa493a4b6ea290200ae39eba2fbc6) C:\Windows\system32\drivers\RTKVHD64.sys 20:31:48.0311 6124 IntcAzAudAddService - ok 20:31:48.0342 6124 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 20:31:48.0343 6124 intelide - ok 20:31:48.0371 6124 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 20:31:48.0373 6124 intelppm - ok 20:31:48.0388 6124 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 20:31:48.0390 6124 IPBusEnum - ok 20:31:48.0407 6124 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:31:48.0409 6124 IpFilterDriver - ok 20:31:48.0457 6124 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 20:31:48.0463 6124 iphlpsvc - ok 20:31:48.0479 6124 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 20:31:48.0481 6124 IPMIDRV - ok 20:31:48.0500 6124 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 20:31:48.0502 6124 IPNAT - ok 20:31:48.0513 6124 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 20:31:48.0514 6124 IRENUM - ok 20:31:48.0533 6124 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 20:31:48.0535 6124 isapnp - ok 20:31:48.0559 6124 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 20:31:48.0562 6124 iScsiPrt - ok 20:31:48.0575 6124 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 20:31:48.0576 6124 kbdclass - ok 20:31:48.0598 6124 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 20:31:48.0599 6124 kbdhid - ok 20:31:48.0616 6124 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:31:48.0617 6124 KeyIso - ok 20:31:48.0628 6124 KMService - ok 20:31:48.0648 6124 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 20:31:48.0649 6124 KSecDD - ok 20:31:48.0665 6124 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 20:31:48.0667 6124 KSecPkg - ok 20:31:48.0683 6124 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 20:31:48.0685 6124 ksthunk - ok 20:31:48.0721 6124 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 20:31:48.0726 6124 KtmRm - ok 20:31:48.0756 6124 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 20:31:48.0760 6124 LanmanServer - ok 20:31:48.0788 6124 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 20:31:48.0791 6124 LanmanWorkstation - ok 20:31:48.0806 6124 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 20:31:48.0808 6124 lltdio - ok 20:31:48.0835 6124 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 20:31:48.0839 6124 lltdsvc - ok 20:31:48.0853 6124 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 20:31:48.0854 6124 lmhosts - ok 20:31:48.0876 6124 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 20:31:48.0878 6124 LSI_FC - ok 20:31:48.0891 6124 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 20:31:48.0893 6124 LSI_SAS - ok 20:31:48.0913 6124 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 20:31:48.0915 6124 LSI_SAS2 - ok 20:31:48.0939 6124 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 20:31:48.0941 6124 LSI_SCSI - ok 20:31:48.0953 6124 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 20:31:48.0955 6124 luafv - ok 20:31:48.0978 6124 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 20:31:48.0981 6124 Mcx2Svc - ok 20:31:48.0990 6124 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 20:31:48.0992 6124 megasas - ok 20:31:49.0016 6124 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 20:31:49.0019 6124 MegaSR - ok 20:31:49.0094 6124 Microsoft SharePoint Workspace Audit Service - ok 20:31:49.0110 6124 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 20:31:49.0112 6124 MMCSS - ok 20:31:49.0133 6124 Modem (bffb0c93d9fb43ca42ef11c9240bff7f) C:\Windows\system32\drivers\modem.sys 20:31:49.0135 6124 Modem - ok 20:31:49.0160 6124 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 20:31:49.0162 6124 monitor - ok 20:31:49.0177 6124 motandroidusb - ok 20:31:49.0189 6124 motccgp - ok 20:31:49.0193 6124 motccgpfl - ok 20:31:49.0196 6124 MotDev - ok 20:31:49.0200 6124 motmodem - ok 20:31:49.0204 6124 MotoSwitchService - ok 20:31:49.0208 6124 Motousbnet - ok 20:31:49.0226 6124 motusbdevice - ok 20:31:49.0249 6124 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 20:31:49.0250 6124 mouclass - ok 20:31:49.0283 6124 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 20:31:49.0284 6124 mouhid - ok 20:31:49.0297 6124 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 20:31:49.0298 6124 mountmgr - ok 20:31:49.0343 6124 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 20:31:49.0345 6124 MozillaMaintenance - ok 20:31:49.0365 6124 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 20:31:49.0367 6124 mpio - ok 20:31:49.0379 6124 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 20:31:49.0381 6124 mpsdrv - ok 20:31:49.0404 6124 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 20:31:49.0407 6124 MRxDAV - ok 20:31:49.0424 6124 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 20:31:49.0427 6124 mrxsmb - ok 20:31:49.0443 6124 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:31:49.0447 6124 mrxsmb10 - ok 20:31:49.0466 6124 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:31:49.0468 6124 mrxsmb20 - ok 20:31:49.0481 6124 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 20:31:49.0482 6124 msahci - ok 20:31:49.0500 6124 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 20:31:49.0502 6124 msdsm - ok 20:31:49.0525 6124 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 20:31:49.0527 6124 MSDTC - ok 20:31:49.0540 6124 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 20:31:49.0542 6124 Msfs - ok 20:31:49.0549 6124 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 20:31:49.0550 6124 mshidkmdf - ok 20:31:49.0553 6124 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 20:31:49.0555 6124 msisadrv - ok 20:31:49.0588 6124 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 20:31:49.0591 6124 MSiSCSI - ok 20:31:49.0593 6124 msiserver - ok 20:31:49.0608 6124 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 20:31:49.0610 6124 MSKSSRV - ok 20:31:49.0636 6124 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 20:31:49.0637 6124 MSPCLOCK - ok 20:31:49.0640 6124 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 20:31:49.0642 6124 MSPQM - ok 20:31:49.0681 6124 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 20:31:49.0685 6124 MsRPC - ok 20:31:49.0702 6124 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 20:31:49.0703 6124 mssmbios - ok 20:31:49.0705 6124 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 20:31:49.0707 6124 MSTEE - ok 20:31:49.0722 6124 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 20:31:49.0723 6124 MTConfig - ok 20:31:49.0739 6124 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 20:31:49.0741 6124 Mup - ok 20:31:49.0773 6124 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 20:31:49.0779 6124 napagent - ok 20:31:49.0813 6124 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 20:31:49.0817 6124 NativeWifiP - ok 20:31:49.0859 6124 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 20:31:49.0869 6124 NDIS - ok 20:31:49.0888 6124 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 20:31:49.0889 6124 NdisCap - ok 20:31:49.0919 6124 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 20:31:49.0920 6124 NdisTapi - ok 20:31:49.0932 6124 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 20:31:49.0933 6124 Ndisuio - ok 20:31:49.0955 6124 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 20:31:49.0957 6124 NdisWan - ok 20:31:49.0966 6124 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 20:31:49.0968 6124 NDProxy - ok 20:31:49.0980 6124 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 20:31:49.0981 6124 NetBIOS - ok 20:31:49.0999 6124 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 20:31:50.0002 6124 NetBT - ok 20:31:50.0017 6124 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:31:50.0018 6124 Netlogon - ok 20:31:50.0055 6124 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 20:31:50.0060 6124 Netman - ok 20:31:50.0078 6124 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 20:31:50.0083 6124 netprofm - ok 20:31:50.0154 6124 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:31:50.0156 6124 NetTcpPortSharing - ok 20:31:50.0181 6124 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 20:31:50.0183 6124 nfrd960 - ok 20:31:50.0211 6124 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 20:31:50.0215 6124 NlaSvc - ok 20:31:50.0227 6124 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 20:31:50.0228 6124 Npfs - ok 20:31:50.0237 6124 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 20:31:50.0239 6124 nsi - ok 20:31:50.0248 6124 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 20:31:50.0249 6124 nsiproxy - ok 20:31:50.0338 6124 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 20:31:50.0353 6124 Ntfs - ok 20:31:50.0447 6124 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 20:31:50.0448 6124 Null - ok 20:31:50.0475 6124 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 20:31:50.0477 6124 nvraid - ok 20:31:50.0497 6124 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 20:31:50.0499 6124 nvstor - ok 20:31:50.0512 6124 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 20:31:50.0514 6124 nv_agp - ok 20:31:50.0526 6124 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 20:31:50.0528 6124 ohci1394 - ok 20:31:50.0587 6124 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:31:50.0589 6124 ose - ok 20:31:50.0825 6124 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 20:31:50.0848 6124 osppsvc - ok 20:31:50.0914 6124 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 20:31:50.0919 6124 p2pimsvc - ok 20:31:50.0944 6124 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 20:31:50.0949 6124 p2psvc - ok 20:31:50.0984 6124 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 20:31:50.0986 6124 Parport - ok 20:31:51.0013 6124 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 20:31:51.0015 6124 partmgr - ok 20:31:51.0032 6124 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 20:31:51.0035 6124 PcaSvc - ok 20:31:51.0055 6124 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 20:31:51.0057 6124 pci - ok 20:31:51.0067 6124 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 20:31:51.0068 6124 pciide - ok 20:31:51.0094 6124 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 20:31:51.0097 6124 pcmcia - ok 20:31:51.0150 6124 PCTCore (b00029a297e54c2e2f169d83448b8508) C:\Windows\system32\drivers\PCTCore64.sys 20:31:51.0153 6124 PCTCore - ok 20:31:51.0189 6124 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys 20:31:51.0194 6124 pctDS - ok 20:31:51.0237 6124 pctEFA (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys 20:31:51.0245 6124 pctEFA - ok 20:31:51.0286 6124 PCTFW-PacketFilter (cf4ba30911dda294b464b6a3be387e31) C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys 20:31:51.0288 6124 PCTFW-PacketFilter - ok 20:31:51.0317 6124 pctgntdi (35ec9e1f64f4b59064ee80b16f71bd89) C:\Windows\System32\drivers\pctgntdi64.sys 20:31:51.0321 6124 pctgntdi - ok 20:31:51.0360 6124 pctNdis (aa1d53ca65dbf3c291918fa430647876) C:\Windows\system32\DRIVERS\pctNdis64.sys 20:31:51.0362 6124 pctNdis - ok 20:31:51.0364 6124 pctNdisMP (aa1d53ca65dbf3c291918fa430647876) C:\Windows\system32\DRIVERS\pctNdis64.sys 20:31:51.0365 6124 pctNdisMP - ok 20:31:51.0389 6124 pctplfw (3eba2976210dbe68483c9657b3c57a8a) C:\Windows\System32\drivers\pctplfw64.sys 20:31:51.0391 6124 pctplfw - ok 20:31:51.0405 6124 pctplsg (8bbc867ef6ceacbaaa5e2f8075c61aac) C:\Windows\System32\drivers\pctplsg64.sys 20:31:51.0407 6124 pctplsg - ok 20:31:51.0433 6124 PCTSD (dea3e7a33e268d4f1fbb4516c784646b) C:\Windows\system32\Drivers\PCTSD64.sys 20:31:51.0436 6124 PCTSD - ok 20:31:51.0447 6124 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 20:31:51.0448 6124 pcw - ok 20:31:51.0483 6124 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 20:31:51.0491 6124 PEAUTH - ok 20:31:51.0560 6124 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 20:31:51.0574 6124 PeerDistSvc - ok 20:31:51.0633 6124 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 20:31:51.0634 6124 PerfHost - ok 20:31:51.0755 6124 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 20:31:51.0768 6124 pla - ok 20:31:51.0802 6124 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 20:31:51.0808 6124 PlugPlay - ok 20:31:51.0816 6124 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 20:31:51.0818 6124 PNRPAutoReg - ok 20:31:51.0841 6124 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 20:31:51.0844 6124 PNRPsvc - ok 20:31:51.0908 6124 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys 20:31:51.0909 6124 Point64 - ok 20:31:51.0962 6124 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 20:31:51.0968 6124 PolicyAgent - ok 20:31:52.0006 6124 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 20:31:52.0009 6124 Power - ok 20:31:52.0042 6124 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 20:31:52.0044 6124 PptpMiniport - ok 20:31:52.0053 6124 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 20:31:52.0054 6124 Processor - ok 20:31:52.0102 6124 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 20:31:52.0112 6124 ProfSvc - ok 20:31:52.0129 6124 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:31:52.0131 6124 ProtectedStorage - ok 20:31:52.0161 6124 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 20:31:52.0163 6124 Psched - ok 20:31:52.0240 6124 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 20:31:52.0254 6124 ql2300 - ok 20:31:52.0337 6124 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 20:31:52.0339 6124 ql40xx - ok 20:31:52.0365 6124 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 20:31:52.0368 6124 QWAVE - ok 20:31:52.0382 6124 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 20:31:52.0383 6124 QWAVEdrv - ok 20:31:52.0396 6124 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 20:31:52.0397 6124 RasAcd - ok 20:31:52.0420 6124 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 20:31:52.0422 6124 RasAgileVpn - ok 20:31:52.0434 6124 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 20:31:52.0436 6124 RasAuto - ok 20:31:52.0452 6124 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 20:31:52.0455 6124 Rasl2tp - ok 20:31:52.0535 6124 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 20:31:52.0539 6124 RasMan - ok 20:31:52.0549 6124 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 20:31:52.0551 6124 RasPppoe - ok 20:31:52.0562 6124 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 20:31:52.0564 6124 RasSstp - ok 20:31:52.0586 6124 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 20:31:52.0590 6124 rdbss - ok 20:31:52.0593 6124 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 20:31:52.0595 6124 rdpbus - ok 20:31:52.0603 6124 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 20:31:52.0604 6124 RDPCDD - ok 20:31:52.0626 6124 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 20:31:52.0628 6124 RDPDR - ok 20:31:52.0645 6124 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 20:31:52.0647 6124 RDPENCDD - ok 20:31:52.0656 6124 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 20:31:52.0657 6124 RDPREFMP - ok 20:31:52.0698 6124 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys 20:31:52.0699 6124 RdpVideoMiniport - ok 20:31:52.0737 6124 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 20:31:52.0755 6124 RDPWD - ok 20:31:52.0778 6124 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 20:31:52.0781 6124 rdyboost - ok 20:31:52.0813 6124 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 20:31:52.0815 6124 RemoteAccess - ok 20:31:52.0834 6124 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 20:31:52.0837 6124 RemoteRegistry - ok 20:31:52.0851 6124 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 20:31:52.0854 6124 RpcEptMapper - ok 20:31:52.0864 6124 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 20:31:52.0865 6124 RpcLocator - ok 20:31:52.0892 6124 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 20:31:52.0895 6124 RpcSs - ok 20:31:52.0909 6124 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 20:31:52.0911 6124 rspndr - ok 20:31:52.0948 6124 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys 20:31:52.0954 6124 RTL8167 - ok 20:31:52.0976 6124 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 20:31:52.0978 6124 s3cap - ok 20:31:53.0003 6124 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:31:53.0005 6124 SamSs - ok 20:31:53.0017 6124 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 20:31:53.0019 6124 sbp2port - ok 20:31:53.0036 6124 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 20:31:53.0040 6124 SCardSvr - ok 20:31:53.0054 6124 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 20:31:53.0055 6124 scfilter - ok 20:31:53.0107 6124 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 20:31:53.0120 6124 Schedule - ok 20:31:53.0161 6124 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 20:31:53.0162 6124 SCPolicySvc - ok 20:31:53.0252 6124 sdAuxService (cadc6d185d8560a1ec266b0a97c4f153) C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe 20:31:53.0256 6124 sdAuxService - ok 20:31:53.0315 6124 sdCoreService (1b556ab08795428e2f3dafcfcb54c782) C:\Program Files (x86)\PC Tools Security\pctsSvc.exe 20:31:53.0326 6124 sdCoreService - ok 20:31:53.0404 6124 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 20:31:53.0408 6124 SDRSVC - ok 20:31:53.0450 6124 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 20:31:53.0452 6124 secdrv - ok 20:31:53.0459 6124 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 20:31:53.0461 6124 seclogon - ok 20:31:53.0483 6124 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 20:31:53.0485 6124 SENS - ok 20:31:53.0498 6124 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 20:31:53.0500 6124 SensrSvc - ok 20:31:53.0557 6124 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 20:31:53.0559 6124 Serenum - ok 20:31:53.0579 6124 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 20:31:53.0581 6124 Serial - ok 20:31:53.0602 6124 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 20:31:53.0604 6124 sermouse - ok 20:31:53.0623 6124 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 20:31:53.0626 6124 SessionEnv - ok 20:31:53.0629 6124 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 20:31:53.0630 6124 sffdisk - ok 20:31:53.0634 6124 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 20:31:53.0636 6124 sffp_mmc - ok 20:31:53.0644 6124 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 20:31:53.0646 6124 sffp_sd - ok 20:31:53.0649 6124 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 20:31:53.0650 6124 sfloppy - ok 20:31:53.0678 6124 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 20:31:53.0683 6124 ShellHWDetection - ok 20:31:53.0698 6124 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 20:31:53.0699 6124 SiSRaid2 - ok 20:31:53.0714 6124 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 20:31:53.0715 6124 SiSRaid4 - ok 20:31:53.0749 6124 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 20:31:53.0751 6124 Smb - ok 20:31:53.0768 6124 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 20:31:53.0770 6124 SNMPTRAP - ok 20:31:53.0778 6124 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 20:31:53.0779 6124 spldr - ok 20:31:53.0810 6124 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 20:31:53.0814 6124 Spooler - ok 20:31:53.0955 6124 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 20:31:53.0987 6124 sppsvc - ok 20:31:54.0054 6124 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 20:31:54.0057 6124 sppuinotify - ok 20:31:54.0119 6124 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 20:31:54.0124 6124 srv - ok 20:31:54.0151 6124 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 20:31:54.0156 6124 srv2 - ok 20:31:54.0169 6124 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 20:31:54.0172 6124 srvnet - ok 20:31:54.0199 6124 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 20:31:54.0203 6124 SSDPSRV - ok 20:31:54.0223 6124 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 20:31:54.0225 6124 SstpSvc - ok 20:31:54.0249 6124 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 20:31:54.0250 6124 stexstor - ok 20:31:54.0306 6124 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 20:31:54.0313 6124 stisvc - ok 20:31:54.0345 6124 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 20:31:54.0347 6124 storflt - ok 20:31:54.0359 6124 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 20:31:54.0360 6124 storvsc - ok 20:31:54.0371 6124 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 20:31:54.0373 6124 swenum - ok 20:31:54.0558 6124 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 20:31:54.0564 6124 swprv - ok 20:31:54.0581 6124 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys 20:31:54.0583 6124 Synth3dVsc - ok 20:31:54.0653 6124 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 20:31:54.0669 6124 SysMain - ok 20:31:54.0736 6124 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 20:31:54.0739 6124 TabletInputService - ok 20:31:54.0765 6124 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 20:31:54.0769 6124 TapiSrv - ok 20:31:54.0787 6124 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 20:31:54.0789 6124 TBS - ok 20:31:54.0923 6124 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 20:31:54.0940 6124 Tcpip - ok 20:31:55.0043 6124 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 20:31:55.0051 6124 TCPIP6 - ok 20:31:55.0094 6124 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 20:31:55.0096 6124 tcpipreg - ok 20:31:55.0109 6124 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 20:31:55.0111 6124 TDPIPE - ok 20:31:55.0143 6124 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 20:31:55.0144 6124 TDTCP - ok 20:31:55.0171 6124 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 20:31:55.0173 6124 tdx - ok 20:31:55.0183 6124 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys 20:31:55.0184 6124 TermDD - ok 20:31:55.0207 6124 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys 20:31:55.0209 6124 terminpt - ok 20:31:55.0246 6124 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 20:31:55.0254 6124 TermService - ok 20:31:55.0272 6124 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 20:31:55.0275 6124 Themes - ok 20:31:55.0294 6124 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 20:31:55.0295 6124 THREADORDER - ok 20:31:55.0312 6124 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 20:31:55.0314 6124 TrkWks - ok 20:31:55.0365 6124 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 20:31:55.0367 6124 TrustedInstaller - ok 20:31:55.0382 6124 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 20:31:55.0383 6124 tssecsrv - ok 20:31:55.0410 6124 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 20:31:55.0412 6124 TsUsbFlt - ok 20:31:55.0423 6124 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 20:31:55.0424 6124 TsUsbGD - ok 20:31:55.0445 6124 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys 20:31:55.0447 6124 tsusbhub - ok 20:31:55.0454 6124 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 20:31:55.0457 6124 tunnel - ok 20:31:55.0462 6124 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 20:31:55.0463 6124 uagp35 - ok 20:31:55.0502 6124 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 20:31:55.0506 6124 udfs - ok 20:31:55.0521 6124 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 20:31:55.0524 6124 UI0Detect - ok 20:31:55.0534 6124 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 20:31:55.0536 6124 uliagpkx - ok 20:31:55.0550 6124 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 20:31:55.0551 6124 umbus - ok 20:31:55.0554 6124 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 20:31:55.0556 6124 UmPass - ok 20:31:55.0581 6124 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll 20:31:55.0621 6124 UmRdpService - ok 20:31:55.0751 6124 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 20:31:55.0756 6124 upnphost - ok 20:31:55.0776 6124 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 20:31:55.0778 6124 usbccgp - ok 20:31:55.0795 6124 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 20:31:55.0797 6124 usbcir - ok 20:31:55.0811 6124 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 20:31:55.0812 6124 usbehci - ok 20:31:55.0841 6124 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 20:31:55.0845 6124 usbhub - ok 20:31:55.0862 6124 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 20:31:55.0863 6124 usbohci - ok 20:31:55.0880 6124 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys 20:31:55.0882 6124 usbprint - ok 20:31:55.0908 6124 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:31:55.0910 6124 USBSTOR - ok 20:31:55.0931 6124 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 20:31:55.0933 6124 usbuhci - ok 20:31:55.0948 6124 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 20:31:55.0951 6124 UxSms - ok 20:31:55.0967 6124 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:31:55.0968 6124 VaultSvc - ok 20:31:55.0983 6124 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 20:31:55.0984 6124 vdrvroot - ok 20:31:56.0015 6124 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 20:31:56.0022 6124 vds - ok 20:31:56.0045 6124 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 20:31:56.0046 6124 vga - ok 20:31:56.0058 6124 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 20:31:56.0059 6124 VgaSave - ok 20:31:56.0062 6124 VGPU - ok 20:31:56.0080 6124 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 20:31:56.0083 6124 vhdmp - ok 20:31:56.0099 6124 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 20:31:56.0100 6124 viaide - ok 20:31:56.0122 6124 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 20:31:56.0125 6124 vmbus - ok 20:31:56.0142 6124 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 20:31:56.0143 6124 VMBusHID - ok 20:31:56.0156 6124 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 20:31:56.0158 6124 volmgr - ok 20:31:56.0189 6124 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 20:31:56.0193 6124 volmgrx - ok 20:31:56.0211 6124 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 20:31:56.0215 6124 volsnap - ok 20:31:56.0239 6124 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 20:31:56.0242 6124 vsmraid - ok 20:31:56.0317 6124 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 20:31:56.0333 6124 VSS - ok 20:31:56.0424 6124 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 20:31:56.0426 6124 vwifibus - ok 20:31:56.0449 6124 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 20:31:56.0454 6124 W32Time - ok 20:31:56.0472 6124 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 20:31:56.0474 6124 WacomPen - ok 20:31:56.0501 6124 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 20:31:56.0502 6124 WANARP - ok 20:31:56.0518 6124 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 20:31:56.0519 6124 Wanarpv6 - ok 20:31:56.0603 6124 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 20:31:56.0615 6124 WatAdminSvc - ok 20:31:56.0689 6124 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 20:31:56.0703 6124 wbengine - ok 20:31:56.0751 6124 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 20:31:56.0755 6124 WbioSrvc - ok 20:31:56.0776 6124 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 20:31:56.0781 6124 wcncsvc - ok 20:31:56.0795 6124 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 20:31:56.0797 6124 WcsPlugInService - ok 20:31:56.0820 6124 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 20:31:56.0821 6124 Wd - ok 20:31:56.0858 6124 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 20:31:56.0865 6124 Wdf01000 - ok 20:31:56.0882 6124 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 20:31:56.0885 6124 WdiServiceHost - ok 20:31:56.0887 6124 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 20:31:56.0890 6124 WdiSystemHost - ok 20:31:56.0915 6124 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 20:31:56.0919 6124 WebClient - ok 20:31:56.0934 6124 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 20:31:56.0938 6124 Wecsvc - ok 20:31:56.0955 6124 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 20:31:56.0957 6124 wercplsupport - ok 20:31:56.0974 6124 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 20:31:56.0976 6124 WerSvc - ok 20:31:56.0984 6124 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 20:31:56.0985 6124 WfpLwf - ok 20:31:57.0000 6124 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 20:31:57.0002 6124 WIMMount - ok 20:31:57.0051 6124 WinDefend - ok 20:31:57.0055 6124 WinHttpAutoProxySvc - ok 20:31:57.0115 6124 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 20:31:57.0118 6124 Winmgmt - ok 20:31:57.0225 6124 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 20:31:57.0244 6124 WinRM - ok 20:31:57.0376 6124 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 20:31:57.0377 6124 WinUsb - ok 20:31:57.0422 6124 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 20:31:57.0431 6124 Wlansvc - ok 20:31:57.0467 6124 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 20:31:57.0468 6124 WmiAcpi - ok 20:31:57.0486 6124 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 20:31:57.0489 6124 wmiApSrv - ok 20:31:57.0531 6124 WMPNetworkSvc - ok 20:31:57.0541 6124 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 20:31:57.0543 6124 WPCSvc - ok 20:31:57.0562 6124 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 20:31:57.0564 6124 WPDBusEnum - ok 20:31:57.0580 6124 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 20:31:57.0581 6124 ws2ifsl - ok 20:31:57.0631 6124 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 20:31:57.0634 6124 wscsvc - ok 20:31:57.0636 6124 WSearch - ok 20:31:57.0760 6124 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 20:31:57.0782 6124 wuauserv - ok 20:31:57.0876 6124 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 20:31:57.0878 6124 WudfPf - ok 20:31:57.0907 6124 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 20:31:57.0909 6124 WUDFRd - ok 20:31:57.0925 6124 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 20:31:57.0927 6124 wudfsvc - ok 20:31:57.0946 6124 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 20:31:57.0950 6124 WwanSvc - ok 20:31:57.0979 6124 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 20:31:58.0233 6124 \Device\Harddisk0\DR0 - ok 20:31:58.0235 6124 Boot (0x1200) (95bfa177587d388ef0d03c32cf2ef56c) \Device\Harddisk0\DR0\Partition0 20:31:58.0237 6124 \Device\Harddisk0\DR0\Partition0 - ok 20:31:58.0255 6124 Boot (0x1200) (7437e5b35a0adbc69e972070001578f9) \Device\Harddisk0\DR0\Partition1 20:31:58.0256 6124 \Device\Harddisk0\DR0\Partition1 - ok 20:31:58.0257 6124 ============================================================ 20:31:58.0257 6124 Scan finished 20:31:58.0257 6124 ============================================================ 20:31:58.0264 4460 Detected object count: 0 20:31:58.0264 4460 Actual detected object count: 0 I will now start the comp in safe mode and will run the combofix.

#13 YMR

YMR

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 28 June 2012 - 12:12 PM

I ran TDSSKiller in Safe Mode - same result - no infections. I ran Combo fix (in safe mode) - it started the scan, was stuck for a few second and then the computer was restarted in normal mode. Combofix asked to disable the AVG (it could only be disabled till restart) so i did. Combofix asked to download updates - I enabled it It ran the scan - somehow the "trojan remover" software started working (probably because of the restart). I shut it down immediately (it said something about a missing file). Combofix found an infection. Then restarted. Then created the log. Here it is: ComboFix 12-06-28.01 - Home 06/28/2012 20:52:00.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1255.972.1033.18.3993.2826 [GMT 3:00] Running from: c:\users\Home\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C1B6EEEA-8DED-46D9-9457-CA566C88549A}.xps c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\Installer\{ac271d7b-5e2d-0342-1218-e7728d5d5798}\@ c:\windows\Installer\{ac271d7b-5e2d-0342-1218-e7728d5d5798}\L\00000004.@ c:\windows\Installer\{ac271d7b-5e2d-0342-1218-e7728d5d5798}\L\00000008.@ c:\windows\Installer\{ac271d7b-5e2d-0342-1218-e7728d5d5798}\U\00000004.@ c:\windows\Installer\{ac271d7b-5e2d-0342-1218-e7728d5d5798}\U\00000008.@ c:\windows\Installer\{ac271d7b-5e2d-0342-1218-e7728d5d5798}\U\000000cb.@ c:\windows\Installer\{ac271d7b-5e2d-0342-1218-e7728d5d5798}\U\80000000.@ c:\windows\Installer\{ac271d7b-5e2d-0342-1218-e7728d5d5798}\U\80000032.@ c:\windows\Installer\{ac271d7b-5e2d-0342-1218-e7728d5d5798}\U\80000064.@ . Infected copy of c:\windows\system32\services.exe was found and disinfected Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe . Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe . . ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 ))))))))))))))))))))))))))))))) . . 2012-06-28 17:56 . 2012-06-28 17:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-25 13:32 . 2012-06-25 13:32 -------- d-----w- c:\program files (x86)\ESET 2012-06-24 20:31 . 2012-06-24 20:31 -------- d-----w- c:\users\Home\AppData\Local\ElevatedDiagnostics 2012-06-24 17:04 . 2012-06-24 17:04 -------- d-----w- c:\users\Home\AppData\Roaming\PCTools 2012-06-24 16:52 . 2012-06-24 16:52 -------- d-----w- c:\users\Home\AppData\Roaming\Spam Monitor 2012-06-24 16:50 . 2012-06-24 16:50 180488 ----a-w- c:\windows\system32\drivers\pctplfw64.sys 2012-06-24 16:50 . 2012-06-24 16:50 77784 ----a-w- c:\windows\system32\drivers\pctNdis64.sys 2012-06-24 16:50 . 2012-06-24 16:50 42968 ----a-w- c:\windows\system32\drivers\pctNdis-DNS64.sys 2012-06-24 16:50 . 2012-06-24 16:50 119688 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter64.sys 2012-06-24 15:59 . 2011-07-01 12:36 149456 ----a-w- c:\windows\SGDetectionTool.dll 2012-06-24 15:59 . 2011-07-01 12:36 2029520 ----a-w- c:\windows\PCTBDCore.dll 2012-06-24 15:59 . 2011-07-01 12:36 1533904 ----a-w- c:\windows\PCTBDRes.dll 2012-06-24 15:59 . 2011-07-01 12:36 767952 ----a-w- c:\windows\BDTSupport.dll 2012-06-24 15:56 . 2010-07-16 11:53 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys 2012-06-24 15:56 . 2010-06-29 07:35 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys 2012-06-24 15:56 . 2011-07-11 06:05 337048 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys 2012-06-24 15:56 . 2011-07-11 06:05 143896 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys 2012-06-24 15:56 . 2011-07-11 09:02 282440 ----a-w- c:\windows\system32\drivers\PCTCore64.sys 2012-06-24 15:56 . 2011-03-10 06:08 279344 ----a-w- c:\windows\system32\drivers\PCTSD64.sys 2012-06-24 15:56 . 2011-07-11 06:07 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys 2012-06-24 15:56 . 2012-06-25 05:18 -------- d-----w- c:\program files (x86)\PC Tools Security 2012-06-24 15:56 . 2012-06-24 16:50 -------- d-----w- c:\program files (x86)\Common Files\PC Tools 2012-06-24 15:56 . 2012-06-24 15:56 -------- d-----w- c:\programdata\PC Tools 2012-06-24 07:20 . 2012-06-24 07:20 -------- d-----w- c:\programdata\Arizona Rose 2012-06-24 07:17 . 2012-06-24 07:17 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-06-24 07:17 . 2012-06-24 07:20 -------- d-----w- c:\users\Home\AppData\Roaming\DAEMON Tools Pro 2012-06-24 07:17 . 2012-06-24 07:17 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro 2012-06-24 07:16 . 2012-06-24 07:20 -------- d-----w- c:\programdata\DAEMON Tools Pro 2012-06-24 06:51 . 2012-06-24 06:54 -------- d-----w- c:\program files (x86)\Trojan Remover 2012-06-24 06:51 . 2012-06-24 06:51 -------- d-----w- c:\users\Home\AppData\Roaming\Simply Super Software 2012-06-24 06:51 . 2012-06-24 06:51 -------- d-----w- c:\programdata\Simply Super Software 2012-06-24 06:51 . 2006-06-19 10:01 69632 ----a-w- c:\windows\SysWow64\ztvcabinet.dll 2012-06-24 06:51 . 2006-05-25 12:52 162304 ----a-w- c:\windows\SysWow64\ztvunrar36.dll 2012-06-24 06:51 . 2005-08-25 22:50 77312 ----a-w- c:\windows\SysWow64\ztvunace26.dll 2012-06-24 06:51 . 2003-02-02 17:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll 2012-06-24 06:51 . 2002-03-05 22:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll 2012-06-21 09:48 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 09:48 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 09:48 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 09:48 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 09:47 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 09:47 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 09:47 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 09:47 . 2012-06-02 12:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 09:47 . 2012-06-02 12:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-17 15:57 . 2012-06-17 15:57 -------- d-----w- c:\users\Home\AppData\Roaming\V5 Play 2012-06-15 11:34 . 2012-06-15 11:38 -------- d-----w- c:\users\Home\AppData\Local\Microsoft Games 2012-06-14 05:41 . 2012-06-14 05:41 -------- d-----w- c:\users\Home\AppData\Roaming\quickclick 2012-06-12 15:49 . 2012-06-12 15:49 -------- d-----w- c:\programdata\Fugazo 2012-06-05 16:29 . 2012-06-05 16:29 -------- d-----w- C:\Output Files 2012-06-05 16:28 . 2012-06-05 16:31 -------- d-----w- c:\program files (x86)\office Convert Pdf to Jpg Jpeg Tiff Free 2012-06-05 16:20 . 2012-06-05 16:20 -------- d-----w- c:\users\Home\AppData\Local\Adobe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-23 07:38 . 2012-04-22 20:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-23 07:38 . 2012-04-22 20:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr 2012-05-01 10:52 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll 2012-05-01 10:52 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll 2012-05-01 10:52 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll 2012-05-01 10:51 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll 2012-05-01 10:51 . 2010-11-21 03:24 1008640 ----a-w- c:\windows\system32\user32.dll 2012-04-22 20:56 . 2012-04-22 20:57 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-04-19 01:50 . 2012-04-19 01:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [-] 2012-05-01 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll . [-] 2012-05-01 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll [7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-19 880496] "DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-06-24 1240848] "PCTools FGuard"="c:\program files (x86)\PC Tools Security\BDT\FGuard.exe" [2011-07-01 247760] . c:\users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ted - Shortcut.lnk - c:\program files (x86)\Torrent Episode Downloader\ted.exe [2012-4-22 41984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 KMService;KMService;c:\windows\system32\srvany.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056] R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x] R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x] R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x] R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x] R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys [2012-06-24 119688] R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis64.sys [2012-06-24 77784] R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys [2012-06-24 180488] R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2011-07-11 92896] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992] R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2011-02-18 371472] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-15 1255736] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2011-07-11 282440] S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2010-06-29 452872] S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2010-07-16 816016] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-24 283200] S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2011-07-11 337048] S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2011-03-10 279344] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-07-01 337872] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776] S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis64.sys [2012-06-24 77784] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] . . Contents of the 'Scheduled Tasks' folder . 2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 07:38] . 2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214088107-3745027895-4013750955-1000Core.job - c:\users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-01 16:02] . 2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214088107-3745027895-4013750955-1000UA.job - c:\users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-01 16:02] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://express-google-search.blogspot.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\lblo695t.default\ FF - prefs.js: browser.startup.homepage - hxxp://express-google-search.blogspot.com FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q= FF - prefs.js: browser.startup.homepage - hxxp://express-google-search.blogspot.com FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q= . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe c:\program files (x86)\Java\jre6\bin\javaw.exe . ************************************************************************** . Completion time: 2012-06-28 21:01:16 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-28 18:01 . Pre-Run: 755,331,448,832 bytes free Post-Run: 755,649,294,336 bytes free . - - End Of File - - F92B0368B525DB1817769DF0B595CA42

#14 YMR

YMR

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 28 June 2012 - 12:18 PM

I see i still have the utorrent - this is very strange as I removed it via the add/remove program when you suggested it... :huh:

#15 YMR

YMR

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 28 June 2012 - 12:25 PM

Also, do you know what this message means?

Attached Images

  • Capture.JPG




Similar Topics: Patched_c.LXT [Solved]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users