Jump to content
Sign in to follow this  
mafai44

Malwarebytes Successfully blocked access to a potentially malicious...

Recommended Posts

Was helping my friend out by cleaning up his computer a little bit and I ran malwarebytes and found a few trojan viruses and thought I was good, every hour or so I get this message popping up "Malwarebytes Successfully blocked access to a potentially malicious website"

Process: svchost.exe

Was wondering if anyone can help me solve this. I would greatly appreciate it. Anything that I need to do or run let me know.

Share this post


Link to post
Share on other sites

Also, every time I run malwarebytes I get the same 7 "objects detected" and I remove them and then I run it again and they are still being detected.

The vendor name is all the same : PUP.MyWebSearch 6 / 7 are in the registry key and 1 is in the file. Not sure if this has something to do with the above but just letting you know.

Share this post


Link to post
Share on other sites

Hello mafai44 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please follow our instructions here:

http://forums.malwarebytes.org/index.php?showtopic=9573

Post the log files in your next reply.

Share this post


Link to post
Share on other sites

Ok, here is the DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19154

Run by Mom at 1:10:08 on 2012-07-28

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.1464 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Windows\system32\AERTSrv.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\Windows\system32\CTsvcCDA.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Program Files\iolo\common\lib\ioloServiceManager.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\AVG\AVG2012\avgidsagent.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Dell\DellDock\DellDock.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\iolo\Common\Lib\ioloLManager.exe

C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Windows\System32\wpcumi.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page =

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080805

uSearch Bar =

mStart Page = hxxp://www.yahoo.com

mDefault_Page_URL = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = *.local

mSearchAssistant =

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No File

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: !{a0154e07-2b48-475c-a82a-80efd84ea33e} - No File

TB: !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll

TB: {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - No File

TB: {22E03916-85C5-44B0-8DC9-1830C11238D9} - No File

TB: {795828A9-F271-43A8-8536-4484BB991D3D} - No File

TB: {B80F591E-FE9A-46CF-A13E-180377240586} - No File

TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [ECenter] c:\dell\e-center\EULALauncher.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode

mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [startCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [Dell PC TuneUp Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq

StartupFolder: c:\users\mom\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe

StartupFolder: c:\users\mom\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: c:\windows\system32\wpclsp.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab

TCP: DhcpNameServer = 192.168.1.1 68.237.161.12

TCP: Interfaces\{1F40D72F-E160-4BFB-ACFD-F812B5C74653} : DhcpNameServer = 192.168.1.1 68.237.161.12

TCP: Interfaces\{A2173ABC-AB11-4F61-9CE6-D714A827CF9A} : DhcpNameServer = 192.168.1.1 192.168.2.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.1.5\ViProtocol.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-6 387480]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-7-23 27496]

R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-8-5 12800]

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-9-6 64584]

R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-6 165032]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]

R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]

R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-8-5 596336]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-8-5 596336]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-23 655944]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-6 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-6 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-6 141792]

R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files\common files\avg secure search\vtoolbarupdater\12.1.5\ToolbarUpdater.exe [2012-7-23 830048]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-23 22344]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-6 153280]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-6 52320]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-6 314088]

R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2009-8-27 22016]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-6 136176]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-6 56064]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-6 136176]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-6 84488]

S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2009-8-27 22016]

S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\drivers\OEM05Afx.sys [2008-8-5 141376]

S3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\drivers\OEM05Vfx.sys [2008-8-5 7424]

S3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\drivers\OEM05Vid.sys [2008-8-5 235616]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]

.

=============== File Associations ===============

.

JSEFile=NOTEPAD.EXE %1

regfile=NOTEPAD.EXE %1

scrfile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2012-07-24 03:02:30 -------- d-----w- c:\program files\Defraggler

2012-07-24 02:40:35 5120 ----a-w- c:\windows\system32\wmi.dll

2012-07-24 02:40:35 172032 ----a-w- c:\windows\system32\wintrust.dll

2012-07-24 02:40:35 157696 ----a-w- c:\windows\system32\imagehlp.dll

2012-07-24 02:40:35 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-07-24 02:40:00 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-07-24 02:39:31 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe

2012-07-24 02:39:30 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll

2012-07-24 02:39:29 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll

2012-07-24 02:39:29 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll

2012-07-24 02:39:29 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll

2012-07-24 02:39:29 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL

2012-07-24 02:31:44 -------- d-----w- c:\windows\pss

2012-07-23 19:20:36 -------- d-----w- c:\windows\system32\appmgmt

2012-07-23 19:17:03 161736 ----a-w- c:\program files\14res.dll

2012-07-23 17:51:24 -------- d-----w- c:\users\mom\appdata\roaming\AVG2012

2012-07-23 17:50:22 -------- d-----w- c:\users\mom\appdata\local\AVG Secure Search

2012-07-23 17:50:16 -------- d-----w- c:\programdata\AVG Secure Search

2012-07-23 17:50:00 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-07-23 17:49:57 -------- d-----w- c:\program files\common files\AVG Secure Search

2012-07-23 17:49:55 -------- d-----w- c:\program files\AVG Secure Search

2012-07-23 17:47:13 -------- d--h--w- C:\$AVG

2012-07-23 17:47:13 -------- d-----w- c:\windows\system32\drivers\AVG

2012-07-23 17:47:13 -------- d-----w- c:\programdata\AVG2012

2012-07-23 17:46:46 -------- d-----w- c:\program files\AVG

2012-07-23 17:41:32 -------- d--h--w- c:\programdata\Common Files

2012-07-23 17:41:32 -------- d-----w- c:\programdata\MFAData

2012-07-23 17:38:59 -------- d-----w- c:\users\mom\appdata\roaming\SUPERAntiSpyware.com

2012-07-23 17:38:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-07-23 17:38:48 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-07-23 17:36:05 -------- d-----w- c:\users\mom\appdata\roaming\Malwarebytes

2012-07-23 17:35:58 -------- d-----w- c:\programdata\Malwarebytes

2012-07-23 17:35:57 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-23 17:35:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-23 17:34:21 -------- d-----w- c:\program files\CCleaner

.

==================== Find3M ====================

.

.

============= FINISH: 1:10:58.62 ===============

here is the Attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Ultimate

Boot Device: \Device\HarddiskVolume3

Install Date: 8/5/2008 3:33:29 AM

System Uptime: 7/27/2012 11:41:38 PM (2 hours ago)

.

Motherboard: Dell Inc. | | 0FM586

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 689 GiB total, 384.262 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 5.303 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: HP Officejet J6400

Device ID: ROOT\IMAGE\0000

Manufacturer: Hewlett-Packard

Name: HP Officejet J6400

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet J6400 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet J6400 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {4d36e979-e325-11ce-bfc1-08002be10318}

Description: Officejet J6400 series

Device ID: ROOT\PRINTER\0000

Manufacturer: HP

Name: Officejet J6400 series

PNP Device ID: ROOT\PRINTER\0000

Service:

.

==== System Restore Points ===================

.

RP1331: 2/2/2012 12:00:07 AM - Scheduled Checkpoint

RP1332: 2/3/2012 12:00:07 AM - Scheduled Checkpoint

RP1333: 2/4/2012 12:00:09 AM - Scheduled Checkpoint

RP1334: 2/5/2012 12:00:07 AM - Scheduled Checkpoint

RP1335: 2/6/2012 7:22:55 PM - Scheduled Checkpoint

RP1336: 2/7/2012 5:42:31 PM - Scheduled Checkpoint

RP1337: 2/9/2012 6:21:55 PM - Scheduled Checkpoint

RP1338: 2/11/2012 5:59:30 PM - Scheduled Checkpoint

RP1339: 2/13/2012 12:00:07 AM - Scheduled Checkpoint

RP1340: 2/14/2012 12:00:09 AM - Scheduled Checkpoint

RP1341: 2/15/2012 12:00:09 AM - Scheduled Checkpoint

RP1342: 2/16/2012 12:00:07 AM - Scheduled Checkpoint

RP1343: 2/17/2012 12:00:08 AM - Scheduled Checkpoint

RP1344: 2/19/2012 12:00:08 AM - Scheduled Checkpoint

RP1345: 2/20/2012 12:00:08 AM - Scheduled Checkpoint

RP1346: 2/21/2012 12:00:17 AM - Scheduled Checkpoint

RP1347: 2/22/2012 12:00:08 AM - Scheduled Checkpoint

RP1348: 2/23/2012 6:02:11 PM - Scheduled Checkpoint

RP1349: 2/24/2012 7:45:21 PM - Installed Wizard101

RP1350: 2/27/2012 5:25:37 PM - Scheduled Checkpoint

RP1351: 2/29/2012 12:00:04 AM - Scheduled Checkpoint

RP1352: 3/1/2012 12:00:06 AM - Scheduled Checkpoint

RP1353: 3/2/2012 12:00:05 AM - Scheduled Checkpoint

RP1354: 3/3/2012 12:00:05 AM - Scheduled Checkpoint

RP1355: 3/4/2012 12:00:05 AM - Scheduled Checkpoint

RP1356: 3/5/2012 12:00:08 AM - Scheduled Checkpoint

RP1357: 3/6/2012 3:39:03 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

3ivx MPEG-4 5.0.3 (remove only)

6400_Help

Adobe Acrobat 5.0

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Photoshop Elements 7.0

Adobe Reader 8.1.0

Adobe Shockwave Player 11.6

Advanced Audio FX Engine

Advanced Video FX Engine

Apple Software Update

ATI Catalyst Control Center

AVG 2012

Bonjour

bpd_scan

BPDSoftware

BPDSoftware_Ini

Browser Address Error Redirector

BufferChm

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help English

CCC Help French

CCC Help German

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Polish

CCC Help Portuguese

CCC Help Spanish

CCC Help Thai

CCC Help Turkish

CCleaner

Creative MediaSource 5

CustomerResearchQFolder

Defraggler

Dell-eBay

Dell Best of Web

Dell DataSafe Online

Dell Dock

Dell Getting Started Guide

Dell PC TuneUp

Dell Support Center (Support Software)

Dell Webcam Center

Dell Webcam Manager

Dell Wireless WLAN Card

Destination Component

DeviceDiscovery

DeviceManagementQFolder

DocProc

DocProcQFolder

EDocs

eSupportQFolder

Fax

FoxTab FLV Player

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

GoToAssist 8.0.0.514

GPBaseService

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Participation Program 10.0

HP Imaging Device Functions 10.0

HP Officejet J6400 Series

HP Photosmart Essential 2.5

HP Photosmart Essential 3.5

HP Smart Web Printing

HP Solution Center 10.0

HP Update

HPProductAssistant

HPSSupply

Intel® PRO Network Connections 12.1.11.0

J6400

Java 6 Update 5

Malwarebytes Anti-Malware version 1.62.0.1300

MarketResearch

McAfee SecurityCenter

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft IntelliPoint 6.2

Microsoft IntelliType Pro 6.2

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Monitor Webcam (SP2208WFP) Driver (1.00.08.0720)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee Plugin 1.0

NetDeviceManager

OCR Software by I.R.I.S. 10.0

Palm Desktop

Pando Media Booster

ProductContext

PSSWCORE

QualXServ Service Agreement

QuickTime

Realtek High Definition Audio Driver

Roblox for Mom

Scan

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB973704)

Security Update for Microsoft Office Excel 2007 (KB973593)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Shop for HP Supplies

Skins

SmartWebPrintingOC

SolutionCenter

Sound Blaster Audigy ADVANCED MB

Status

SUPERAntiSpyware

Toolbox

TrayApp

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office InfoPath 2007 (KB976416)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 (KB974561)

Update for Microsoft Office Word 2007 Help (KB963665)

Verizon Broadband Toolbar

Verizon Help and Support Tool

VideoToolkit01

WebReg

WIDCOMM Bluetooth Software 6.0.1.4300

.

==== Event Viewer Messages From Past Week ========

.

7/27/2012 11:44:11 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.

7/26/2012 9:36:32 PM, Error: Service Control Manager [7038] - The TapiSrv service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

7/26/2012 9:36:32 PM, Error: Service Control Manager [7038] - The SstpSvc service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

7/26/2012 9:36:32 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The service did not start due to a logon failure.

7/26/2012 9:36:32 PM, Error: Service Control Manager [7000] - The Telephony service failed to start due to the following error: The service did not start due to a logon failure.

7/26/2012 9:36:32 PM, Error: Service Control Manager [7000] - The Secure Socket Tunneling Protocol Service service failed to start due to the following error: The service did not start due to a logon failure.

7/26/2012 9:36:32 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 2147943515.

7/26/2012 9:36:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.

7/26/2012 9:35:58 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

7/26/2012 7:33:54 PM, Error: EventLog [6008] - The previous system shutdown at 7:31:34 PM on 7/26/2012 was unexpected.

7/25/2012 9:22:57 PM, Error: EventLog [6008] - The previous system shutdown at 9:21:12 PM on 7/25/2012 was unexpected.

7/25/2012 9:09:37 PM, Error: EventLog [6008] - The previous system shutdown at 9:07:27 PM on 7/25/2012 was unexpected.

7/25/2012 6:31:52 PM, Error: EventLog [6008] - The previous system shutdown at 6:29:46 PM on 7/25/2012 was unexpected.

7/25/2012 4:30:08 PM, Error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.

7/24/2012 8:35:13 PM, Error: EventLog [6008] - The previous system shutdown at 8:30:06 PM on 7/24/2012 was unexpected.

7/24/2012 10:02:16 PM, Error: Service Control Manager [7031] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

7/23/2012 4:01:59 PM, Error: EventLog [6008] - The previous system shutdown at 3:47:05 PM on 7/23/2012 was unexpected.

7/23/2012 3:59:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.

7/23/2012 3:59:50 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/23/2012 3:48:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

7/23/2012 3:22:36 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/23/2012 2:48:21 PM, Error: EventLog [6008] - The previous system shutdown at 2:46:08 PM on 7/23/2012 was unexpected.

7/23/2012 2:22:01 PM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.9. The computer with the IP address 192.168.1.6 did not allow the name to be claimed by this computer.

7/23/2012 2:21:20 PM, Error: EventLog [6008] - The previous system shutdown at 2:18:29 PM on 7/23/2012 was unexpected.

7/23/2012 2:14:13 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.

7/23/2012 2:13:50 PM, Error: EventLog [6008] - The previous system shutdown at 2:12:09 PM on 7/23/2012 was unexpected.

7/23/2012 2:11:03 PM, Error: Service Control Manager [7034] - The GamingWonderland Service service terminated unexpectedly. It has done this 1 time(s).

7/23/2012 2:08:31 PM, Error: Service Control Manager [7034] - The Guffins Service service terminated unexpectedly. It has done this 1 time(s).

7/23/2012 2:04:29 PM, Error: EventLog [6008] - The previous system shutdown at 1:59:16 PM on 7/23/2012 was unexpected.

7/23/2012 10:47:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 suites (KB2596880).

7/23/2012 10:47:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office Excel 2007 (KB2597161).

7/23/2012 10:47:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 System (KB2553090).

7/23/2012 10:47:00 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Server 2003, Vista, Server 2008 x86 (KB2604111).

7/23/2012 10:46:42 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office PowerPoint 2007 (KB2596764).

7/23/2012 10:42:13 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office 2007 System (KB2539530).

7/23/2012 10:40:39 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office OneNote 2007 (KB980729).

7/23/2012 10:40:34 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 suites (KB2598041).

7/23/2012 10:40:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office 2007 System (KB2508958).

7/23/2012 10:40:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office Word 2007 (KB2596917).

7/23/2012 10:40:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows Vista (KB2679255).

7/23/2012 10:40:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 System (KB2553089).

7/23/2012 10:39:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for the 2007 Microsoft Office System (KB2288621).

7/23/2012 10:39:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Server 2003, Vista, Server 2008 x86 (KB2657424).

7/23/2012 10:38:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Microsoft Office File Validation Add-in.

7/23/2012 10:38:36 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office InfoPath 2007 (KB979441).

7/23/2012 10:38:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 suites (KB2596672).

7/23/2012 10:37:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office PowerPoint 2007 (KB2596912).

7/23/2012 10:37:46 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 suites (KB2596871).

7/23/2012 10:37:25 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for the 2007 Microsoft Office System (KB976321).

7/23/2012 10:37:03 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 suites (KB2597969).

7/23/2012 10:36:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 suites (KB2596785).

7/23/2012 10:34:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 suites (KB2597162).

7/23/2012 10:33:22 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 System (KB2288931).

7/23/2012 10:33:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 System (KB2584063).

7/23/2012 10:33:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2636927).

7/23/2012 10:32:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 suites (KB2596792).

7/23/2012 1:53:08 PM, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log

Share this post


Link to post
Share on other sites

Here is malwarebyes anti-malware log

2012/07/30 11:54:58 -0400 MOM-PC Scott MESSAGE Starting protection

2012/07/30 11:55:00 -0400 MOM-PC Scott MESSAGE Protection started successfully

2012/07/30 11:55:03 -0400 MOM-PC Scott MESSAGE Starting IP protection

2012/07/30 11:55:05 -0400 MOM-PC Scott MESSAGE IP Protection started successfully

2012/07/30 12:01:15 -0400 MOM-PC Scott IP-BLOCK 89.114.9.95 (Type: outgoing, Port: 49203, Process: svchost.exe)

Here is aswMBR log

2012/07/30 11:54:58 -0400 MOM-PC Scott MESSAGE Starting protection

2012/07/30 11:55:00 -0400 MOM-PC Scott MESSAGE Protection started successfully

2012/07/30 11:55:03 -0400 MOM-PC Scott MESSAGE Starting IP protection

2012/07/30 11:55:05 -0400 MOM-PC Scott MESSAGE IP Protection started successfully

2012/07/30 12:01:15 -0400 MOM-PC Scott IP-BLOCK 89.114.9.95 (Type: outgoing, Port: 49203, Process: svchost.exe)

Share this post


Link to post
Share on other sites

Sorry here is the malwarebytes log..

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.30.01

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19154

Scott :: MOM-PC [limited]

Protection: Enabled

7/30/2012 11:55:30 AM

mbam-log-2012-07-30 (11-55-30).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 145136

Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 6

HKCR\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Delete on reboot.

HKCR\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Delete on reboot.

HKCR\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Delete on reboot.

HKCR\FunWebProductsInstaller.Start.1 (PUP.MyWebSearch) -> Delete on reboot.

HKCR\FunWebProductsInstaller.Start (PUP.MyWebSearch) -> Delete on reboot.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Delete on reboot.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 2

HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Delete on reboot.

HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Delete on reboot.

Folders Detected: 1

C:\Program Files\Common Files\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> Delete on reboot.

Files Detected: 2

C:\Program Files\14res.dll (PUP.MyWebSearch) -> Delete on reboot.

C:\Program Files\14res.dll (Spyware.OnlineGames) -> Delete on reboot.

(end)

Here is aswMBR log

2012/07/30 11:54:58 -0400 MOM-PC Scott MESSAGE Starting protection

2012/07/30 11:55:00 -0400 MOM-PC Scott MESSAGE Protection started successfully

2012/07/30 11:55:03 -0400 MOM-PC Scott MESSAGE Starting IP protection

2012/07/30 11:55:05 -0400 MOM-PC Scott MESSAGE IP Protection started successfully

2012/07/30 12:01:15 -0400 MOM-PC Scott IP-BLOCK 89.114.9.95 (Type: outgoing, Port: 49203, Process: svchost.exe)

Share this post


Link to post
Share on other sites

Good with Malwarebytes' Anti-Malware log, now PLEASE read my instructions for aswMBR and post the log file. Please read my instructions very very carefully.

Share this post


Link to post
Share on other sites

Alright here you go.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-30 12:20:06

-----------------------------

12:20:06.880 OS Version: Windows 6.0.6002 Service Pack 2

12:20:06.880 Number of processors: 4 586 0xF0B

12:20:06.883 ComputerName: MOM-PC UserName: Mom

12:20:10.369 Initialize success

12:20:32.985 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

12:20:32.988 Disk 0 Vendor: Hitachi_HDS721075KLA330 GK8OA97A Size: 715404MB BusType: 3

12:20:32.995 Disk 0 MBR read successfully

12:20:32.998 Disk 0 MBR scan

12:20:33.001 Disk 0 TDL4@MBR code has been found

12:20:33.003 Disk 0 Windows VISTA default MBR code found via API

12:20:33.006 Disk 0 MBR hidden

12:20:33.009 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63

12:20:33.031 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640

12:20:33.044 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 705108 MB offset 21084160

12:20:33.048 Disk 0 MBR [TDL4] **ROOTKIT**

12:20:33.052 Disk 0 trace - called modules:

12:20:33.057 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8a3f049f]<<

12:20:33.061 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89587ac8]

12:20:33.067 3 CLASSPNP.SYS[8dc3d8b3] -> nt!IofCallDriver -> [0x87f3b918]

12:20:33.073 5 acpi.sys[8069e6bc] -> nt!IofCallDriver -> [0x8897f528]

12:20:33.078 \Driver\atapi[0x8a283650] -> IRP_MJ_CREATE -> 0x8a3f049f

12:20:33.083 Scan finished successfully

12:20:57.838 Disk 0 MBR has been saved successfully to "C:\Users\Mom\Desktop\MBR.dat"

12:20:57.842 The log file has been saved successfully to "C:\Users\Mom\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-30 18:34:40

-----------------------------

18:34:40.228 OS Version: Windows 6.0.6002 Service Pack 2

18:34:40.228 Number of processors: 4 586 0xF0B

18:34:40.228 ComputerName: MOM-PC UserName: Mom

18:34:43.145 Initialize success

18:34:52.574 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

18:34:52.574 Disk 0 Vendor: Hitachi_HDS721075KLA330 GK8OA97A Size: 715404MB BusType: 3

18:34:52.589 Disk 0 MBR read successfully

18:34:52.589 Disk 0 MBR scan

18:34:52.589 Disk 0 TDL4@MBR code has been found

18:34:52.605 Disk 0 Windows VISTA default MBR code found via API

18:34:52.605 Disk 0 MBR hidden

18:34:52.605 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63

18:34:52.620 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640

18:34:52.636 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 705108 MB offset 21084160

18:34:52.636 Disk 0 MBR [TDL4] **ROOTKIT**

18:34:52.636 Disk 0 trace - called modules:

18:34:52.636 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8a52b49f]<<

18:34:52.636 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x895ec7a8]

18:34:52.652 3 CLASSPNP.SYS[8de128b3] -> nt!IofCallDriver -> [0x88981378]

18:34:52.652 5 acpi.sys[8589d6bc] -> nt!IofCallDriver -> [0x88983528]

18:34:52.652 \Driver\atapi[0x8a2fdf38] -> IRP_MJ_CREATE -> 0x8a52b49f

18:34:52.667 Scan finished successfully

18:35:57.860 Disk 0 MBR has been saved successfully to "C:\Users\Mom\Desktop\MBR.dat"

18:35:57.875 The log file has been saved successfully to "C:\Users\Mom\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-30 18:34:40

-----------------------------

18:34:40.228 OS Version: Windows 6.0.6002 Service Pack 2

18:34:40.228 Number of processors: 4 586 0xF0B

18:34:40.228 ComputerName: MOM-PC UserName: Mom

18:34:43.145 Initialize success

18:34:52.574 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

18:34:52.574 Disk 0 Vendor: Hitachi_HDS721075KLA330 GK8OA97A Size: 715404MB BusType: 3

18:34:52.589 Disk 0 MBR read successfully

18:34:52.589 Disk 0 MBR scan

18:34:52.589 Disk 0 TDL4@MBR code has been found

18:34:52.605 Disk 0 Windows VISTA default MBR code found via API

18:34:52.605 Disk 0 MBR hidden

18:34:52.605 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63

18:34:52.620 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640

18:34:52.636 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 705108 MB offset 21084160

18:34:52.636 Disk 0 MBR [TDL4] **ROOTKIT**

18:34:52.636 Disk 0 trace - called modules:

18:34:52.636 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8a52b49f]<<

18:34:52.636 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x895ec7a8]

18:34:52.652 3 CLASSPNP.SYS[8de128b3] -> nt!IofCallDriver -> [0x88981378]

18:34:52.652 5 acpi.sys[8589d6bc] -> nt!IofCallDriver -> [0x88983528]

18:34:52.652 \Driver\atapi[0x8a2fdf38] -> IRP_MJ_CREATE -> 0x8a52b49f

18:34:52.667 Scan finished successfully

18:35:57.860 Disk 0 MBR has been saved successfully to "C:\Users\Mom\Desktop\MBR.dat"

18:35:57.875 The log file has been saved successfully to "C:\Users\Mom\Desktop\aswMBR.txt"

18:37:29.250 Disk 0 MBR has been saved successfully to "C:\Users\Mom\Desktop\MBR.dat"

18:37:29.255 The log file has been saved successfully to "C:\Users\Mom\Desktop\aswMBR.txt"

Share this post


Link to post
Share on other sites

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Share this post


Link to post
Share on other sites

Alright I have 2 logs here from the same scan so Ill just post both of them.

First Log

08:26:04.0689 2972 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

08:26:04.0970 2972 ============================================================

08:26:04.0970 2972 Current date / time: 2012/07/31 08:26:04.0970

08:26:04.0970 2972 SystemInfo:

08:26:04.0970 2972

08:26:04.0970 2972 OS Version: 6.0.6002 ServicePack: 2.0

08:26:04.0970 2972 Product type: Workstation

08:26:04.0970 2972 ComputerName: MOM-PC

08:26:04.0970 2972 UserName: Mom

08:26:04.0970 2972 Windows directory: C:\Windows

08:26:04.0970 2972 System windows directory: C:\Windows

08:26:04.0970 2972 Processor architecture: Intel x86

08:26:04.0970 2972 Number of processors: 4

08:26:04.0970 2972 Page size: 0x1000

08:26:04.0970 2972 Boot type: Normal boot

08:26:04.0970 2972 ============================================================

08:26:06.0639 2972 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

08:26:06.0686 2972 ============================================================

08:26:06.0686 2972 \Device\Harddisk0\DR0:

08:26:06.0686 2972 MBR partitions:

08:26:06.0686 2972 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000

08:26:06.0686 2972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x5612A000

08:26:06.0686 2972 ============================================================

08:26:06.0779 2972 C: <-> \Device\Harddisk0\DR0\Partition1

08:26:06.0857 2972 D: <-> \Device\Harddisk0\DR0\Partition0

08:26:06.0857 2972 ============================================================

08:26:06.0857 2972 Initialize success

08:26:06.0857 2972 ============================================================

08:26:09.0104 5920 ============================================================

08:26:09.0104 5920 Scan started

08:26:09.0104 5920 Mode: Manual;

08:26:09.0104 5920 ============================================================

08:26:10.0399 5920 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

08:26:10.0399 5920 !SASCORE - ok

08:26:10.0851 5920 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

08:26:10.0851 5920 ACPI - ok

08:26:11.0038 5920 AdobeActiveFileMonitor7.0 (3fd8dc2c9735c2aa70155102cfb93eda) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

08:26:11.0038 5920 AdobeActiveFileMonitor7.0 - ok

08:26:11.0303 5920 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

08:26:11.0303 5920 adp94xx - ok

08:26:11.0335 5920 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

08:26:11.0350 5920 adpahci - ok

08:26:11.0350 5920 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

08:26:11.0350 5920 adpu160m - ok

08:26:11.0366 5920 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

08:26:11.0381 5920 adpu320 - ok

08:26:11.0397 5920 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

08:26:11.0397 5920 AeLookupSvc - ok

08:26:11.0428 5920 AERTFilters (330a1e4df07c2e29949ed8631cd8828e) C:\Windows\system32\AERTSrv.exe

08:26:11.0428 5920 AERTFilters - ok

08:26:11.0459 5920 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

08:26:11.0475 5920 AFD - ok

08:26:11.0475 5920 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

08:26:11.0491 5920 agp440 - ok

08:26:11.0506 5920 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

08:26:11.0506 5920 aic78xx - ok

08:26:11.0522 5920 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

08:26:11.0522 5920 ALG - ok

08:26:11.0522 5920 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

08:26:11.0522 5920 aliide - ok

08:26:11.0537 5920 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

08:26:11.0537 5920 amdagp - ok

08:26:11.0537 5920 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

08:26:11.0537 5920 amdide - ok

08:26:11.0553 5920 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

08:26:11.0553 5920 AmdK7 - ok

08:26:11.0569 5920 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

08:26:11.0569 5920 AmdK8 - ok

08:26:11.0569 5920 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

08:26:11.0584 5920 Appinfo - ok

08:26:11.0600 5920 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll

08:26:11.0600 5920 AppMgmt - ok

08:26:11.0615 5920 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

08:26:11.0615 5920 arc - ok

08:26:11.0615 5920 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

08:26:11.0615 5920 arcsas - ok

08:26:11.0631 5920 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

08:26:11.0631 5920 AsyncMac - ok

08:26:11.0662 5920 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

08:26:11.0662 5920 atapi - ok

08:26:11.0709 5920 Ati External Event Utility (c797d9ee6aeb9dbc01fc00b14216e02f) C:\Windows\system32\Ati2evxx.exe

08:26:11.0709 5920 Ati External Event Utility - ok

08:26:12.0442 5920 atikmdag (e615e3c567fbd10121723eff09d26b00) C:\Windows\system32\DRIVERS\atikmdag.sys

08:26:12.0458 5920 atikmdag - ok

08:26:12.0458 5920 Scan interrupted by user!

08:26:12.0458 5920 Scan interrupted by user!

08:26:12.0458 5920 Scan interrupted by user!

08:26:12.0458 5920 ============================================================

08:26:12.0458 5920 Scan finished

08:26:12.0458 5920 ============================================================

08:26:12.0458 6036 Detected object count: 0

08:26:12.0458 6036 Actual detected object count: 0

08:26:15.0437 5520 Deinitialize success

Second Log

08:26:37.0153 5544 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

08:26:37.0590 5544 ============================================================

08:26:37.0590 5544 Current date / time: 2012/07/31 08:26:37.0590

08:26:37.0590 5544 SystemInfo:

08:26:37.0590 5544

08:26:37.0590 5544 OS Version: 6.0.6002 ServicePack: 2.0

08:26:37.0590 5544 Product type: Workstation

08:26:37.0590 5544 ComputerName: MOM-PC

08:26:37.0590 5544 UserName: Mom

08:26:37.0590 5544 Windows directory: C:\Windows

08:26:37.0590 5544 System windows directory: C:\Windows

08:26:37.0590 5544 Processor architecture: Intel x86

08:26:37.0590 5544 Number of processors: 4

08:26:37.0590 5544 Page size: 0x1000

08:26:37.0590 5544 Boot type: Normal boot

08:26:37.0590 5544 ============================================================

08:26:43.0564 5544 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

08:26:43.0627 5544 ============================================================

08:26:43.0627 5544 \Device\Harddisk0\DR0:

08:26:43.0658 5544 MBR partitions:

08:26:43.0658 5544 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000

08:26:43.0658 5544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x5612A000

08:26:43.0658 5544 ============================================================

08:26:43.0783 5544 C: <-> \Device\Harddisk0\DR0\Partition1

08:26:43.0876 5544 D: <-> \Device\Harddisk0\DR0\Partition0

08:26:43.0876 5544 ============================================================

08:26:43.0876 5544 Initialize success

08:26:43.0876 5544 ============================================================

08:26:54.0812 3352 ============================================================

08:26:54.0812 3352 Scan started

08:26:54.0812 3352 Mode: Manual; SigCheck; TDLFS;

08:26:54.0812 3352 ============================================================

08:26:55.0514 3352 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

08:26:55.0639 3352 !SASCORE - ok

08:26:55.0717 3352 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

08:26:55.0748 3352 ACPI - ok

08:26:55.0935 3352 AdobeActiveFileMonitor7.0 (3fd8dc2c9735c2aa70155102cfb93eda) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

08:26:55.0951 3352 AdobeActiveFileMonitor7.0 - ok

08:26:56.0076 3352 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

08:26:56.0091 3352 adp94xx - ok

08:26:56.0138 3352 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

08:26:56.0154 3352 adpahci - ok

08:26:56.0247 3352 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

08:26:56.0263 3352 adpu160m - ok

08:26:56.0512 3352 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

08:26:56.0528 3352 adpu320 - ok

08:26:56.0544 3352 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

08:26:56.0606 3352 AeLookupSvc - ok

08:26:56.0637 3352 AERTFilters (330a1e4df07c2e29949ed8631cd8828e) C:\Windows\system32\AERTSrv.exe

08:26:56.0653 3352 AERTFilters - ok

08:26:56.0684 3352 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

08:26:56.0715 3352 AFD - ok

08:26:56.0715 3352 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

08:26:56.0731 3352 agp440 - ok

08:26:56.0746 3352 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

08:26:56.0762 3352 aic78xx - ok

08:26:56.0809 3352 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

08:26:56.0840 3352 ALG - ok

08:26:56.0965 3352 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

08:26:56.0980 3352 aliide - ok

08:26:57.0074 3352 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

08:26:57.0074 3352 amdagp - ok

08:26:57.0121 3352 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

08:26:57.0136 3352 amdide - ok

08:26:57.0308 3352 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

08:26:57.0355 3352 AmdK7 - ok

08:26:57.0370 3352 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

08:26:57.0402 3352 AmdK8 - ok

08:26:57.0417 3352 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

08:26:57.0433 3352 Appinfo - ok

08:26:57.0448 3352 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll

08:26:57.0495 3352 AppMgmt - ok

08:26:57.0526 3352 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

08:26:57.0526 3352 arc - ok

08:26:57.0542 3352 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

08:26:57.0558 3352 arcsas - ok

08:26:57.0636 3352 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

08:26:57.0667 3352 AsyncMac - ok

08:26:57.0682 3352 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

08:26:57.0698 3352 atapi - ok

08:26:57.0745 3352 Ati External Event Utility (c797d9ee6aeb9dbc01fc00b14216e02f) C:\Windows\system32\Ati2evxx.exe

08:26:57.0760 3352 Ati External Event Utility - ok

08:26:57.0963 3352 atikmdag (e615e3c567fbd10121723eff09d26b00) C:\Windows\system32\DRIVERS\atikmdag.sys

08:26:58.0041 3352 atikmdag - ok

08:26:58.0119 3352 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

08:26:58.0150 3352 AudioEndpointBuilder - ok

08:26:58.0150 3352 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

08:26:58.0182 3352 Audiosrv - ok

08:26:59.0040 3352 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\avgidsagent.exe

08:26:59.0211 3352 AVGIDSAgent - ok

08:26:59.0430 3352 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys

08:26:59.0648 3352 AVGIDSDriver - ok

08:26:59.0679 3352 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys

08:26:59.0695 3352 AVGIDSFilter - ok

08:26:59.0773 3352 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys

08:26:59.0788 3352 AVGIDSHX - ok

08:26:59.0835 3352 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys

08:26:59.0835 3352 AVGIDSShim - ok

08:26:59.0898 3352 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys

08:26:59.0913 3352 Avgldx86 - ok

08:26:59.0991 3352 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys

08:27:00.0007 3352 Avgmfx86 - ok

08:27:00.0132 3352 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys

08:27:00.0147 3352 Avgrkx86 - ok

08:27:00.0303 3352 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys

08:27:00.0319 3352 Avgtdix - ok

08:27:00.0350 3352 avgtp (684de9d6e62bfb177aabed3c62fdeab3) C:\Windows\system32\drivers\avgtpx86.sys

08:27:00.0366 3352 avgtp - ok

08:27:00.0490 3352 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe

08:27:00.0506 3352 avgwd - ok

08:27:00.0646 3352 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys

08:27:00.0724 3352 BCM43XX - ok

08:27:00.0740 3352 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

08:27:00.0771 3352 Beep - ok

08:27:00.0818 3352 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

08:27:00.0865 3352 BFE - ok

08:27:00.0927 3352 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll

08:27:00.0990 3352 BITS - ok

08:27:01.0021 3352 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

08:27:01.0068 3352 blbdrive - ok

08:27:01.0130 3352 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe

08:27:01.0146 3352 Bonjour Service - ok

08:27:01.0239 3352 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

08:27:01.0270 3352 bowser - ok

08:27:01.0317 3352 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

08:27:01.0348 3352 BrFiltLo - ok

08:27:01.0380 3352 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

08:27:01.0395 3352 BrFiltUp - ok

08:27:01.0458 3352 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

08:27:01.0489 3352 Browser - ok

08:27:01.0567 3352 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

08:27:01.0770 3352 Brserid - ok

08:27:01.0785 3352 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

08:27:01.0816 3352 BrSerWdm - ok

08:27:01.0832 3352 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

08:27:01.0879 3352 BrUsbMdm - ok

08:27:01.0910 3352 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

08:27:01.0957 3352 BrUsbSer - ok

08:27:02.0019 3352 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys

08:27:02.0050 3352 BthEnum - ok

08:27:02.0066 3352 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys

08:27:02.0082 3352 BTHMODEM - ok

08:27:02.0113 3352 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

08:27:02.0144 3352 BthPan - ok

08:27:02.0175 3352 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys

08:27:02.0238 3352 BTHPORT - ok

08:27:02.0253 3352 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll

08:27:02.0269 3352 BthServ - ok

08:27:02.0300 3352 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys

08:27:02.0347 3352 BTHUSB - ok

08:27:02.0362 3352 btwaudio (fc23e3a7ae18b02dcc1a34cbef3f80af) C:\Windows\system32\drivers\btwaudio.sys

08:27:02.0378 3352 btwaudio - ok

08:27:02.0456 3352 btwavdt (5e14c92763e51130bfb9a670afd7eddf) C:\Windows\system32\drivers\btwavdt.sys

08:27:02.0472 3352 btwavdt - ok

08:27:02.0628 3352 btwdins (cb3eba480beb1855fb63cdba5e406712) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

08:27:02.0659 3352 btwdins - ok

08:27:02.0690 3352 btwrchid (ac3fd5a3bbfa114098f75b80c4c1f3e7) C:\Windows\system32\DRIVERS\btwrchid.sys

08:27:02.0706 3352 btwrchid - ok

08:27:02.0721 3352 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

08:27:02.0752 3352 cdfs - ok

08:27:02.0784 3352 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

08:27:02.0815 3352 cdrom - ok

08:27:02.0830 3352 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

08:27:02.0862 3352 CertPropSvc - ok

08:27:02.0893 3352 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\Windows\system32\drivers\cfwids.sys

08:27:02.0908 3352 cfwids - ok

08:27:02.0924 3352 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

08:27:02.0955 3352 circlass - ok

08:27:03.0252 3352 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

08:27:03.0267 3352 CLFS - ok

08:27:03.0361 3352 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:27:03.0376 3352 clr_optimization_v2.0.50727_32 - ok

08:27:03.0423 3352 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

08:27:03.0439 3352 cmdide - ok

08:27:03.0501 3352 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys

08:27:03.0517 3352 Compbatt - ok

08:27:03.0517 3352 COMSysApp - ok

08:27:03.0548 3352 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

08:27:03.0564 3352 crcdisk - ok

08:27:03.0642 3352 Creative Labs Licensing Service (0c629820aad9c90e456b221c94d640ca) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

08:27:03.0642 3352 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - warning

08:27:03.0642 3352 Creative Labs Licensing Service - detected UnsignedFile.Multi.Generic (1)

08:27:03.0720 3352 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\Windows\system32\CTsvcCDA.exe

08:27:03.0735 3352 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning

08:27:03.0735 3352 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)

08:27:03.0798 3352 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

08:27:03.0844 3352 Crusoe - ok

08:27:03.0860 3352 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

08:27:03.0891 3352 CryptSvc - ok

08:27:03.0907 3352 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys

08:27:03.0938 3352 CSC - ok

08:27:04.0375 3352 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll

08:27:04.0406 3352 CscService - ok

08:27:04.0484 3352 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

08:27:04.0515 3352 DcomLaunch - ok

08:27:04.0656 3352 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

08:27:04.0671 3352 DfsC - ok

08:27:04.0765 3352 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

08:27:04.0843 3352 DFSR - ok

08:27:04.0905 3352 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

08:27:04.0936 3352 Dhcp - ok

08:27:05.0077 3352 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

08:27:05.0092 3352 disk - ok

08:27:05.0124 3352 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

08:27:05.0155 3352 Dnscache - ok

08:27:05.0451 3352 DockLoginService (13511564cac5a005255765e322c16967) C:\Program Files\Dell\DellDock\DockLogin.exe

08:27:05.0467 3352 DockLoginService - ok

08:27:05.0560 3352 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

08:27:05.0576 3352 dot3svc - ok

08:27:05.0654 3352 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

08:27:05.0685 3352 Dot4 - ok

08:27:05.0701 3352 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

08:27:05.0716 3352 Dot4Print - ok

08:27:05.0826 3352 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

08:27:05.0857 3352 dot4usb - ok

08:27:05.0872 3352 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

08:27:05.0904 3352 DPS - ok

08:27:05.0935 3352 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

08:27:05.0966 3352 drmkaud - ok

08:27:06.0013 3352 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

08:27:06.0028 3352 DXGKrnl - ok

08:27:06.0200 3352 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys

08:27:06.0216 3352 e1express - ok

08:27:06.0262 3352 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

08:27:06.0294 3352 E1G60 - ok

08:27:06.0325 3352 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

08:27:06.0356 3352 EapHost - ok

08:27:06.0652 3352 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

08:27:06.0668 3352 Ecache - ok

08:27:06.0918 3352 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

08:27:06.0933 3352 ehRecvr - ok

08:27:06.0949 3352 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

08:27:06.0964 3352 ehSched - ok

08:27:07.0011 3352 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

08:27:07.0074 3352 ehstart - ok

08:27:07.0120 3352 ElRawDisk (dc8fcbd7e98fe7be4e7ca9780835fab7) C:\Windows\system32\drivers\elrawdsk.sys

08:27:07.0136 3352 ElRawDisk ( UnsignedFile.Multi.Generic ) - warning

08:27:07.0136 3352 ElRawDisk - detected UnsignedFile.Multi.Generic (1)

08:27:07.0152 3352 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

08:27:07.0183 3352 elxstor - ok

08:27:07.0214 3352 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

08:27:07.0276 3352 EMDMgmt - ok

08:27:07.0292 3352 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

08:27:07.0323 3352 ErrDev - ok

08:27:07.0354 3352 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

08:27:07.0386 3352 EventSystem - ok

08:27:07.0448 3352 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

08:27:07.0479 3352 exfat - ok

08:27:07.0651 3352 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

08:27:07.0698 3352 fastfat - ok

08:27:07.0900 3352 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe

08:27:07.0963 3352 Fax - ok

08:27:08.0010 3352 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

08:27:08.0056 3352 fdc - ok

08:27:08.0088 3352 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

08:27:08.0119 3352 fdPHost - ok

08:27:08.0119 3352 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

08:27:08.0181 3352 FDResPub - ok

08:27:08.0197 3352 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

08:27:08.0212 3352 FileInfo - ok

08:27:08.0244 3352 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

08:27:08.0275 3352 Filetrace - ok

08:27:08.0368 3352 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

08:27:08.0415 3352 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning

08:27:08.0415 3352 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)

08:27:08.0493 3352 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

08:27:08.0540 3352 flpydisk - ok

08:27:08.0602 3352 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

08:27:08.0618 3352 FltMgr - ok

08:27:08.0774 3352 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

08:27:08.0821 3352 FontCache - ok

08:27:08.0930 3352 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

08:27:08.0946 3352 FontCache3.0.0.0 - ok

08:27:08.0992 3352 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys

08:27:09.0070 3352 Fs_Rec - ok

08:27:09.0117 3352 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys

08:27:09.0133 3352 fvevol - ok

08:27:09.0211 3352 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

08:27:09.0226 3352 gagp30kx - ok

08:27:09.0367 3352 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

08:27:09.0382 3352 GoToAssist - ok

08:27:09.0445 3352 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

08:27:09.0507 3352 gpsvc - ok

08:27:09.0726 3352 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

08:27:09.0741 3352 gupdate - ok

08:27:09.0741 3352 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

08:27:09.0757 3352 gupdatem - ok

08:27:09.0788 3352 gusvc - ok

08:27:09.0866 3352 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

08:27:09.0928 3352 HDAudBus - ok

08:27:09.0975 3352 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

08:27:10.0006 3352 HidBth - ok

08:27:10.0100 3352 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

08:27:10.0131 3352 HidIr - ok

08:27:10.0178 3352 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll

08:27:10.0209 3352 hidserv - ok

08:27:10.0225 3352 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

08:27:10.0256 3352 HidUsb - ok

08:27:10.0256 3352 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

08:27:10.0287 3352 hkmsvc - ok

08:27:10.0303 3352 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

08:27:10.0318 3352 HpCISSs - ok

08:27:10.0365 3352 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

08:27:10.0381 3352 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

08:27:10.0381 3352 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

08:27:10.0396 3352 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

08:27:10.0396 3352 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

08:27:10.0396 3352 hpqddsvc - detected UnsignedFile.Multi.Generic (1)

08:27:10.0443 3352 HPSLPSVC (75f122cdca3c71bd09089f2ca824b796) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL

08:27:10.0459 3352 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning

08:27:10.0459 3352 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)

08:27:10.0630 3352 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

08:27:10.0708 3352 HTTP - ok

08:27:10.0755 3352 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

08:27:10.0771 3352 i2omp - ok

08:27:10.0802 3352 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

08:27:10.0833 3352 i8042prt - ok

08:27:10.0880 3352 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys

08:27:10.0896 3352 iaStor - ok

08:27:10.0927 3352 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

08:27:10.0958 3352 iaStorV - ok

08:27:11.0052 3352 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

08:27:11.0130 3352 IDriverT ( UnsignedFile.Multi.Generic ) - warning

08:27:11.0130 3352 IDriverT - detected UnsignedFile.Multi.Generic (1)

08:27:11.0192 3352 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

08:27:11.0223 3352 idsvc - ok

08:27:11.0239 3352 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

08:27:11.0254 3352 iirsp - ok

08:27:11.0301 3352 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

08:27:11.0364 3352 IKEEXT - ok

08:27:11.0442 3352 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys

08:27:11.0488 3352 IntcAzAudAddService - ok

08:27:11.0707 3352 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys

08:27:11.0722 3352 intelide - ok

08:27:11.0785 3352 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

08:27:11.0832 3352 intelppm - ok

08:27:12.0081 3352 ioloFileInfoList (091d8a24bc424e643428e8fc1e17f744) C:\Program Files\iolo\common\lib\ioloServiceManager.exe

08:27:12.0097 3352 ioloFileInfoList - ok

08:27:12.0112 3352 ioloSystemService (091d8a24bc424e643428e8fc1e17f744) C:\Program Files\iolo\common\lib\ioloServiceManager.exe

08:27:12.0128 3352 ioloSystemService - ok

08:27:12.0175 3352 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

08:27:12.0206 3352 IPBusEnum - ok

08:27:12.0222 3352 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:27:12.0253 3352 IpFilterDriver - ok

08:27:12.0284 3352 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

08:27:12.0315 3352 iphlpsvc - ok

08:27:12.0315 3352 IpInIp - ok

08:27:12.0346 3352 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

08:27:12.0378 3352 IPMIDRV - ok

08:27:12.0393 3352 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

08:27:12.0424 3352 IPNAT - ok

08:27:12.0424 3352 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

08:27:12.0456 3352 IRENUM - ok

08:27:12.0565 3352 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

08:27:12.0580 3352 isapnp - ok

08:27:12.0658 3352 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

08:27:12.0674 3352 iScsiPrt - ok

08:27:12.0908 3352 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

08:27:12.0924 3352 iteatapi - ok

08:27:12.0955 3352 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

08:27:12.0970 3352 iteraid - ok

08:27:13.0002 3352 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

08:27:13.0017 3352 kbdclass - ok

08:27:13.0033 3352 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

08:27:13.0064 3352 kbdhid - ok

08:27:13.0158 3352 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

08:27:13.0173 3352 KeyIso - ok

08:27:13.0204 3352 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

08:27:13.0220 3352 KSecDD - ok

08:27:13.0267 3352 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

08:27:13.0298 3352 KtmRm - ok

08:27:13.0329 3352 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll

08:27:13.0345 3352 LanmanServer - ok

08:27:13.0392 3352 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

08:27:13.0423 3352 LanmanWorkstation - ok

08:27:13.0454 3352 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

08:27:13.0501 3352 lltdio - ok

08:27:13.0516 3352 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

08:27:13.0548 3352 lltdsvc - ok

08:27:13.0563 3352 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

08:27:13.0610 3352 lmhosts - ok

08:27:13.0626 3352 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

08:27:13.0641 3352 LSI_FC - ok

08:27:13.0657 3352 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

08:27:13.0672 3352 LSI_SAS - ok

08:27:13.0688 3352 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

08:27:13.0704 3352 LSI_SCSI - ok

08:27:13.0719 3352 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

08:27:13.0735 3352 luafv - ok

08:27:13.0750 3352 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys

08:27:13.0782 3352 MBAMProtector - ok

08:27:14.0062 3352 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

08:27:14.0094 3352 MBAMService - ok

08:27:14.0218 3352 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files\Common Files\Motive\McciCMService.exe

08:27:14.0234 3352 McciCMService ( UnsignedFile.Multi.Generic ) - warning

08:27:14.0234 3352 McciCMService - detected UnsignedFile.Multi.Generic (1)

08:27:14.0390 3352 mcmscsvc (b26a3ea976e6fd5c03c65f6e5824ad7c) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

08:27:14.0406 3352 mcmscsvc - ok

08:27:14.0421 3352 McNASvc (b26a3ea976e6fd5c03c65f6e5824ad7c) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

08:27:14.0437 3352 McNASvc - ok

08:27:14.0468 3352 McShield (f2861f8954d464f84c407a06a8d41d2f) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

08:27:14.0484 3352 McShield - ok

08:27:14.0889 3352 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

08:27:14.0905 3352 Mcx2Svc - ok

08:27:14.0936 3352 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

08:27:14.0952 3352 megasas - ok

08:27:15.0123 3352 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

08:27:15.0139 3352 MegaSR - ok

08:27:15.0217 3352 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\Windows\system32\drivers\mfeapfk.sys

08:27:15.0232 3352 mfeapfk - ok

08:27:15.0264 3352 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\Windows\system32\drivers\mfeavfk.sys

08:27:15.0279 3352 mfeavfk - ok

08:27:15.0310 3352 mfebopk (a528b15e330edb83ea649be318d841d5) C:\Windows\system32\drivers\mfebopk.sys

08:27:15.0310 3352 mfebopk - ok

08:27:15.0342 3352 mfefire (a6dcd516f8c9e1dd3eac10ba97ea42c1) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

08:27:15.0357 3352 mfefire - ok

08:27:15.0388 3352 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\Windows\system32\drivers\mfefirek.sys

08:27:15.0404 3352 mfefirek - ok

08:27:15.0466 3352 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\Windows\system32\drivers\mfehidk.sys

08:27:15.0482 3352 mfehidk - ok

08:27:15.0529 3352 mfenlfk (3a1aa28066785449da570462e0532d0c) C:\Windows\system32\DRIVERS\mfenlfk.sys

08:27:15.0529 3352 mfenlfk - ok

08:27:15.0576 3352 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\Windows\system32\drivers\mferkdet.sys

08:27:15.0576 3352 mferkdet - ok

08:27:15.0591 3352 mfevtp (822bd7b6a2214ef6db595579b583a4d3) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

08:27:15.0607 3352 mfevtp - ok

08:27:15.0622 3352 mfewfpk (b2baac6bbedda3e26e82db13fa0e5bee) C:\Windows\system32\drivers\mfewfpk.sys

08:27:15.0638 3352 mfewfpk - ok

08:27:15.0763 3352 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

08:27:15.0810 3352 MMCSS - ok

08:27:15.0997 3352 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

08:27:16.0044 3352 Modem - ok

08:27:16.0059 3352 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

08:27:16.0090 3352 monitor - ok

08:27:16.0106 3352 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

08:27:16.0122 3352 mouclass - ok

08:27:16.0137 3352 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

08:27:16.0215 3352 mouhid - ok

08:27:16.0231 3352 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

08:27:16.0246 3352 MountMgr - ok

08:27:16.0434 3352 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

08:27:16.0434 3352 mpio - ok

08:27:16.0558 3352 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

08:27:16.0605 3352 mpsdrv - ok

08:27:16.0636 3352 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

08:27:16.0683 3352 MpsSvc - ok

08:27:16.0699 3352 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

08:27:16.0714 3352 Mraid35x - ok

08:27:16.0746 3352 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

08:27:16.0761 3352 MREMP50 ( UnsignedFile.Multi.Generic ) - warning

08:27:16.0761 3352 MREMP50 - detected UnsignedFile.Multi.Generic (1)

08:27:16.0777 3352 MREMP50a64 - ok

08:27:16.0777 3352 MREMPR5 - ok

08:27:16.0777 3352 MRENDIS5 - ok

08:27:16.0792 3352 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

08:27:16.0808 3352 MRESP50 ( UnsignedFile.Multi.Generic ) - warning

08:27:16.0808 3352 MRESP50 - detected UnsignedFile.Multi.Generic (1)

08:27:16.0808 3352 MRESP50a64 - ok

08:27:16.0855 3352 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

08:27:16.0870 3352 MRxDAV - ok

08:27:17.0214 3352 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

08:27:17.0260 3352 mrxsmb - ok

08:27:17.0292 3352 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:27:17.0323 3352 mrxsmb10 - ok

08:27:17.0401 3352 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:27:17.0416 3352 mrxsmb20 - ok

08:27:17.0432 3352 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

08:27:17.0448 3352 msahci - ok

08:27:17.0682 3352 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

08:27:17.0697 3352 msdsm - ok

08:27:17.0884 3352 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

08:27:17.0931 3352 MSDTC - ok

08:27:17.0947 3352 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

08:27:17.0978 3352 Msfs - ok

08:27:17.0994 3352 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

08:27:18.0009 3352 msisadrv - ok

08:27:18.0025 3352 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

08:27:18.0056 3352 MSiSCSI - ok

08:27:18.0072 3352 msiserver - ok

08:27:18.0072 3352 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

08:27:18.0103 3352 MSKSSRV - ok

08:27:18.0118 3352 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

08:27:18.0150 3352 MSPCLOCK - ok

08:27:18.0212 3352 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

08:27:18.0274 3352 MSPQM - ok

08:27:18.0306 3352 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

08:27:18.0321 3352 MsRPC - ok

08:27:18.0477 3352 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

08:27:18.0493 3352 mssmbios - ok

08:27:18.0524 3352 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

08:27:18.0555 3352 MSTEE - ok

08:27:18.0571 3352 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

08:27:18.0586 3352 Mup - ok

08:27:19.0008 3352 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

08:27:19.0039 3352 napagent - ok

08:27:19.0054 3352 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

08:27:19.0101 3352 NativeWifiP - ok

08:27:19.0148 3352 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

08:27:19.0164 3352 NDIS - ok

08:27:19.0257 3352 Ndisrd (4598df84a3694dd693ea453645f1b3c8) C:\Windows\system32\DRIVERS\ndisrd.sys

08:27:19.0257 3352 Ndisrd ( UnsignedFile.Multi.Generic ) - warning

08:27:19.0257 3352 Ndisrd - detected UnsignedFile.Multi.Generic (1)

08:27:19.0257 3352 NdisrdMP (4598df84a3694dd693ea453645f1b3c8) C:\Windows\system32\DRIVERS\ndisrd.sys

08:27:19.0273 3352 NdisrdMP ( UnsignedFile.Multi.Generic ) - warning

08:27:19.0273 3352 NdisrdMP - detected UnsignedFile.Multi.Generic (1)

08:27:19.0304 3352 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

08:27:19.0335 3352 NdisTapi - ok

08:27:19.0491 3352 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

08:27:19.0507 3352 Ndisuio - ok

08:27:19.0554 3352 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

08:27:19.0569 3352 NdisWan - ok

08:27:19.0569 3352 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

08:27:19.0600 3352 NDProxy - ok

08:27:19.0647 3352 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll

08:27:19.0663 3352 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

08:27:19.0663 3352 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

08:27:19.0663 3352 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

08:27:19.0694 3352 NetBIOS - ok

08:27:19.0944 3352 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

08:27:19.0975 3352 netbt - ok

08:27:19.0990 3352 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

08:27:20.0006 3352 Netlogon - ok

08:27:20.0037 3352 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

08:27:20.0068 3352 Netman - ok

08:27:20.0084 3352 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

08:27:20.0115 3352 netprofm - ok

08:27:20.0256 3352 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

08:27:20.0271 3352 NetTcpPortSharing - ok

08:27:20.0302 3352 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

08:27:20.0318 3352 nfrd960 - ok

08:27:20.0334 3352 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

08:27:20.0365 3352 NlaSvc - ok

08:27:20.0380 3352 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

08:27:20.0412 3352 Npfs - ok

08:27:20.0427 3352 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

08:27:20.0458 3352 nsi - ok

08:27:20.0458 3352 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

08:27:20.0490 3352 nsiproxy - ok

08:27:20.0724 3352 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

08:27:20.0755 3352 Ntfs - ok

08:27:20.0770 3352 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

08:27:20.0817 3352 ntrigdigi - ok

08:27:20.0833 3352 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

08:27:20.0864 3352 Null - ok

08:27:20.0880 3352 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

08:27:20.0895 3352 nvraid - ok

08:27:20.0911 3352 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

08:27:20.0926 3352 nvstor - ok

08:27:20.0942 3352 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

08:27:20.0958 3352 nv_agp - ok

08:27:20.0973 3352 NwlnkFlt - ok

08:27:20.0973 3352 NwlnkFwd - ok

08:27:21.0207 3352 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

08:27:21.0223 3352 odserv - ok

08:27:21.0441 3352 OEM05Afx (58f478fd0115012ceec75fb73628901c) C:\Windows\system32\Drivers\OEM05Afx.sys

08:27:21.0472 3352 OEM05Afx - ok

08:27:21.0504 3352 OEM05Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM05Vfx.sys

08:27:21.0519 3352 OEM05Vfx - ok

08:27:21.0691 3352 OEM05Vid (3c60c2022cb93073da2574da90c962c2) C:\Windows\system32\DRIVERS\OEM05Vid.sys

08:27:21.0706 3352 OEM05Vid - ok

08:27:21.0722 3352 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

08:27:21.0753 3352 ohci1394 - ok

08:27:21.0784 3352 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

08:27:21.0784 3352 ose - ok

08:27:21.0862 3352 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

08:27:21.0909 3352 p2pimsvc - ok

08:27:21.0925 3352 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

08:27:21.0940 3352 p2psvc - ok

08:27:21.0987 3352 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

08:27:22.0034 3352 Parport - ok

08:27:22.0050 3352 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys

08:27:22.0065 3352 partmgr - ok

08:27:22.0096 3352 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

08:27:22.0128 3352 Parvdm - ok

08:27:22.0174 3352 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

08:27:22.0190 3352 PcaSvc - ok

08:27:22.0424 3352 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

08:27:22.0440 3352 pci - ok

08:27:22.0502 3352 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

08:27:22.0518 3352 pciide - ok

08:27:22.0549 3352 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

08:27:22.0564 3352 pcmcia - ok

08:27:22.0658 3352 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

08:27:22.0752 3352 PEAUTH - ok

08:27:22.0923 3352 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

08:27:23.0017 3352 pla - ok

08:27:23.0516 3352 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

08:27:23.0547 3352 PlugPlay - ok

08:27:23.0688 3352 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll

08:27:23.0719 3352 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

08:27:23.0719 3352 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

08:27:24.0452 3352 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

08:27:24.0592 3352 PNRPAutoReg - ok

08:27:24.0592 3352 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

08:27:24.0655 3352 PNRPsvc - ok

08:27:25.0825 3352 Point32 (437827d69040c0c2565d47b024ed5372) C:\Windows\system32\DRIVERS\point32k.sys

08:27:25.0950 3352 Point32 - ok

08:27:28.0664 3352 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

08:27:28.0929 3352 PolicyAgent - ok

08:27:29.0163 3352 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

08:27:29.0257 3352 PptpMiniport - ok

08:27:29.0413 3352 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

08:27:29.0475 3352 Processor - ok

08:27:29.0522 3352 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

08:27:29.0538 3352 ProfSvc - ok

08:27:29.0584 3352 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

08:27:29.0600 3352 ProtectedStorage - ok

08:27:29.0772 3352 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

08:27:29.0803 3352 PSched - ok

08:27:29.0896 3352 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys

08:27:29.0912 3352 PxHelp20 - ok

08:27:30.0208 3352 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

08:27:30.0240 3352 ql2300 - ok

08:27:30.0364 3352 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

08:27:30.0380 3352 ql40xx - ok

08:27:31.0113 3352 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

08:27:31.0176 3352 QWAVE - ok

08:27:31.0191 3352 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

08:27:31.0207 3352 QWAVEdrv - ok

08:27:31.0534 3352 R300 (e615e3c567fbd10121723eff09d26b00) C:\Windows\system32\DRIVERS\atikmdag.sys

08:27:31.0644 3352 R300 - ok

08:27:32.0112 3352 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

08:27:32.0143 3352 RasAcd - ok

08:27:32.0158 3352 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

08:27:32.0190 3352 RasAuto - ok

08:27:32.0221 3352 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

08:27:32.0236 3352 Rasl2tp - ok

08:27:32.0517 3352 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

08:27:32.0533 3352 RasMan - ok

08:27:32.0580 3352 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

08:27:32.0595 3352 RasPppoe - ok

08:27:32.0689 3352 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

08:27:32.0736 3352 RasSstp - ok

08:27:32.0782 3352 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

08:27:32.0814 3352 rdbss - ok

08:27:32.0829 3352 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

08:27:32.0845 3352 RDPCDD - ok

08:27:33.0079 3352 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys

08:27:33.0094 3352 rdpdr - ok

08:27:33.0126 3352 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

08:27:33.0172 3352 RDPENCDD - ok

08:27:33.0250 3352 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

08:27:33.0282 3352 RDPWD - ok

08:27:33.0328 3352 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

08:27:33.0360 3352 RemoteAccess - ok

08:27:33.0547 3352 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

08:27:33.0594 3352 RemoteRegistry - ok

08:27:33.0625 3352 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys

08:27:33.0656 3352 RFCOMM - ok

08:27:33.0687 3352 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys

08:27:33.0703 3352 RimUsb - ok

08:27:33.0796 3352 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

08:27:33.0812 3352 RpcLocator - ok

08:27:34.0233 3352 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

08:27:34.0264 3352 RpcSs - ok

08:27:34.0342 3352 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

08:27:34.0374 3352 rspndr - ok

08:27:34.0452 3352 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

08:27:34.0467 3352 SamSs - ok

08:27:34.0654 3352 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

08:27:34.0670 3352 SASDIFSV - ok

08:27:34.0701 3352 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

08:27:34.0717 3352 SASKUTIL - ok

08:27:34.0857 3352 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

08:27:34.0873 3352 sbp2port - ok

08:27:34.0935 3352 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

08:27:34.0966 3352 SCardSvr - ok

08:27:35.0029 3352 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

08:27:35.0091 3352 Schedule - ok

08:27:35.0107 3352 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

08:27:35.0122 3352 SCPolicySvc - ok

08:27:35.0154 3352 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

08:27:35.0169 3352 SDRSVC - ok

08:27:35.0200 3352 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

08:27:35.0232 3352 secdrv - ok

08:27:35.0247 3352 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

08:27:35.0278 3352 seclogon - ok

08:27:35.0310 3352 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

08:27:35.0341 3352 SENS - ok

08:27:35.0372 3352 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys

08:27:35.0403 3352 Serenum - ok

08:27:35.0481 3352 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys

08:27:35.0512 3352 Serial - ok

08:27:35.0528 3352 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

08:27:35.0559 3352 sermouse - ok

08:27:35.0606 3352 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

08:27:35.0622 3352 SessionEnv - ok

08:27:35.0746 3352 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

08:27:35.0793 3352 sffdisk - ok

08:27:35.0793 3352 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

08:27:35.0824 3352 sffp_mmc - ok

08:27:35.0840 3352 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

08:27:35.0871 3352 sffp_sd - ok

08:27:35.0871 3352 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

08:27:35.0934 3352 sfloppy - ok

08:27:36.0043 3352 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

08:27:36.0074 3352 SharedAccess - ok

08:27:36.0105 3352 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

08:27:36.0121 3352 ShellHWDetection - ok

08:27:36.0136 3352 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

08:27:36.0152 3352 sisagp - ok

08:27:36.0168 3352 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

08:27:36.0199 3352 SiSRaid2 - ok

08:27:36.0214 3352 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

08:27:36.0230 3352 SiSRaid4 - ok

08:27:37.0837 3352 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

08:27:37.0915 3352 slsvc - ok

08:27:38.0008 3352 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

08:27:38.0040 3352 SLUINotify - ok

08:27:38.0071 3352 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

08:27:38.0118 3352 Smb - ok

08:27:38.0149 3352 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

08:27:38.0164 3352 SNMPTRAP - ok

08:27:38.0180 3352 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

08:27:38.0196 3352 spldr - ok

08:27:38.0242 3352 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

08:27:38.0258 3352 Spooler - ok

08:27:38.0336 3352 sprtsvc_dellsupportcenter - ok

08:27:38.0445 3352 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

08:27:38.0508 3352 srv - ok

08:27:38.0539 3352 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

08:27:38.0586 3352 srv2 - ok

08:27:38.0648 3352 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

08:27:38.0664 3352 srvnet - ok

08:27:38.0679 3352 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

08:27:38.0710 3352 SSDPSRV - ok

08:27:38.0726 3352 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

08:27:38.0742 3352 SstpSvc - ok

08:27:38.0788 3352 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys

08:27:38.0804 3352 StillCam - ok

08:27:38.0851 3352 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

08:27:38.0898 3352 stisvc - ok

08:27:38.0913 3352 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

08:27:38.0929 3352 swenum - ok

08:27:38.0960 3352 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

08:27:38.0991 3352 swprv - ok

08:27:39.0007 3352 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

08:27:39.0022 3352 Symc8xx - ok

08:27:39.0022 3352 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

08:27:39.0038 3352 Sym_hi - ok

08:27:39.0054 3352 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

08:27:39.0069 3352 Sym_u3 - ok

08:27:39.0100 3352 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

08:27:39.0132 3352 SysMain - ok

08:27:39.0163 3352 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

08:27:39.0178 3352 TabletInputService - ok

08:27:39.0194 3352 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

08:27:39.0225 3352 TapiSrv - ok

08:27:39.0303 3352 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

08:27:39.0350 3352 TBS - ok

08:27:39.0553 3352 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys

08:27:39.0600 3352 Tcpip - ok

08:27:39.0600 3352 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys

08:27:39.0631 3352 Tcpip6 - ok

08:27:39.0756 3352 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

08:27:39.0771 3352 tcpipreg - ok

08:27:39.0802 3352 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

08:27:39.0834 3352 TDPIPE - ok

08:27:39.0849 3352 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

08:27:39.0880 3352 TDTCP - ok

08:27:39.0912 3352 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

08:27:39.0927 3352 tdx - ok

08:27:39.0958 3352 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

08:27:39.0974 3352 TermDD - ok

08:27:40.0005 3352 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

08:27:40.0052 3352 TermService - ok

08:27:40.0114 3352 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

08:27:40.0130 3352 Themes - ok

08:27:40.0177 3352 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

08:27:40.0208 3352 THREADORDER - ok

08:27:40.0270 3352 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

08:27:40.0317 3352 TrkWks - ok

08:27:40.0364 3352 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

08:27:40.0380 3352 TrustedInstaller - ok

08:27:40.0395 3352 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

08:27:40.0442 3352 tssecsrv - ok

08:27:40.0458 3352 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

08:27:40.0473 3352 tunmp - ok

08:27:40.0536 3352 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

08:27:40.0551 3352 tunnel - ok

08:27:40.0567 3352 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

08:27:40.0582 3352 uagp35 - ok

08:27:40.0614 3352 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

08:27:40.0629 3352 udfs - ok

08:27:40.0692 3352 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

08:27:40.0723 3352 UI0Detect - ok

08:27:40.0754 3352 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

08:27:40.0770 3352 uliagpkx - ok

08:27:40.0801 3352 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

08:27:40.0816 3352 uliahci - ok

08:27:40.0832 3352 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

08:27:40.0848 3352 UlSata - ok

08:27:40.0863 3352 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

08:27:40.0879 3352 ulsata2 - ok

08:27:40.0879 3352 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

08:27:40.0910 3352 umbus - ok

08:27:40.0957 3352 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll

08:27:40.0972 3352 UmRdpService - ok

08:27:40.0988 3352 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

08:27:41.0019 3352 upnphost - ok

08:27:41.0035 3352 USBAAPL - ok

08:27:41.0066 3352 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

08:27:41.0082 3352 usbaudio - ok

08:27:41.0128 3352 usbbus (5353218b3265e3b8190335059f697a11) C:\Windows\system32\DRIVERS\lgusbbus.sys

08:27:41.0144 3352 usbbus - ok

08:27:41.0191 3352 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

08:27:41.0238 3352 usbccgp - ok

08:27:41.0269 3352 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

08:27:41.0316 3352 usbcir - ok

08:27:41.0378 3352 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\Windows\system32\DRIVERS\lgusbdiag.sys

08:27:41.0409 3352 UsbDiag - ok

08:27:41.0425 3352 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

08:27:41.0456 3352 usbehci - ok

08:27:41.0628 3352 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

08:27:41.0659 3352 usbhub - ok

08:27:41.0706 3352 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\Windows\system32\DRIVERS\lgusbmodem.sys

08:27:41.0721 3352 USBModem - ok

08:27:41.0737 3352 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

08:27:41.0784 3352 usbohci - ok

08:27:41.0799 3352 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

08:27:41.0815 3352 usbprint - ok

08:27:41.0846 3352 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

08:27:41.0862 3352 usbscan - ok

08:27:41.0877 3352 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:27:41.0908 3352 USBSTOR - ok

08:27:41.0924 3352 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

08:27:41.0940 3352 usbuhci - ok

08:27:41.0955 3352 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

08:27:41.0986 3352 UxSms - ok

08:27:42.0049 3352 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

08:27:42.0127 3352 vds - ok

08:27:42.0158 3352 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

08:27:42.0189 3352 vga - ok

08:27:42.0205 3352 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

08:27:42.0236 3352 VgaSave - ok

08:27:42.0252 3352 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

08:27:42.0267 3352 viaagp - ok

08:27:42.0283 3352 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

08:27:42.0298 3352 ViaC7 - ok

08:27:42.0314 3352 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

08:27:42.0330 3352 viaide - ok

08:27:42.0330 3352 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

08:27:42.0345 3352 volmgr - ok

08:27:42.0595 3352 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

08:27:42.0610 3352 volmgrx - ok

08:27:42.0688 3352 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

08:27:42.0704 3352 volsnap - ok

08:27:42.0844 3352 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

08:27:42.0860 3352 vsmraid - ok

08:27:43.0328 3352 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

08:27:43.0390 3352 VSS - ok

08:27:43.0609 3352 vToolbarUpdater12.1.5 (3da649c6ec481d8f36b54f33fc01dd1e) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe

08:27:43.0624 3352 vToolbarUpdater12.1.5 - ok

08:27:43.0952 3352 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

08:27:43.0999 3352 W32Time - ok

08:27:44.0030 3352 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

08:27:44.0077 3352 WacomPen - ok

08:27:44.0139 3352 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

08:27:44.0170 3352 Wanarp - ok

08:27:44.0170 3352 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

08:27:44.0202 3352 Wanarpv6 - ok

08:27:44.0248 3352 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe

08:27:44.0295 3352 wbengine - ok

08:27:44.0311 3352 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

08:27:44.0342 3352 wcncsvc - ok

08:27:44.0358 3352 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

08:27:44.0389 3352 WcsPlugInService - ok

08:27:44.0420 3352 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

08:27:44.0436 3352 Wd - ok

08:27:44.0467 3352 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

08:27:44.0482 3352 Wdf01000 - ok

08:27:44.0514 3352 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

08:27:44.0545 3352 WdiServiceHost - ok

08:27:44.0560 3352 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

08:27:44.0576 3352 WdiSystemHost - ok

08:27:44.0794 3352 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

08:27:44.0810 3352 WebClient - ok

08:27:44.0857 3352 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

08:27:44.0872 3352 Wecsvc - ok

08:27:44.0888 3352 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

08:27:44.0966 3352 wercplsupport - ok

08:27:44.0997 3352 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

08:27:45.0028 3352 WerSvc - ok

08:27:45.0231 3352 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

08:27:45.0247 3352 WinDefend - ok

08:27:45.0262 3352 WinHttpAutoProxySvc - ok

08:27:45.0325 3352 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

08:27:45.0340 3352 Winmgmt - ok

08:27:45.0933 3352 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

08:27:45.0964 3352 WinRM - ok

08:27:46.0292 3352 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

08:27:46.0323 3352 Wlansvc - ok

08:27:46.0323 3352 wltrysvc - ok

08:27:46.0386 3352 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

08:27:46.0401 3352 WmiAcpi - ok

08:27:46.0542 3352 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

08:27:46.0635 3352 wmiApSrv - ok

08:27:46.0713 3352 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

08:27:46.0760 3352 WMPNetworkSvc - ok

08:27:46.0776 3352 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

08:27:46.0791 3352 WPCSvc - ok

08:27:46.0838 3352 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

08:27:46.0869 3352 WPDBusEnum - ok

08:27:46.0916 3352 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

08:27:46.0932 3352 WpdUsb - ok

08:27:46.0947 3352 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

08:27:46.0978 3352 ws2ifsl - ok

08:27:46.0994 3352 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll

08:27:47.0025 3352 wscsvc - ok

08:27:47.0056 3352 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys

08:27:47.0088 3352 WSDPrintDevice - ok

08:27:47.0088 3352 WSearch - ok

08:27:47.0587 3352 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

08:27:47.0634 3352 wuauserv - ok

08:27:47.0790 3352 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

08:27:47.0821 3352 WUDFRd - ok

08:27:47.0930 3352 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

08:27:47.0961 3352 wudfsvc - ok

08:27:48.0024 3352 MBR (0x1B8) (e9f67288208d53ef770f82e186904857) \Device\Harddisk0\DR0

08:27:48.0086 3352 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

08:27:48.0086 3352 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

08:27:48.0445 3352 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

08:27:48.0445 3352 \Device\Harddisk0\DR0 - detected TDSS File System (1)

08:27:48.0460 3352 Boot (0x1200) (fd2efe5de9480c4fdf2818f4c3af49a1) \Device\Harddisk0\DR0\Partition0

08:27:48.0460 3352 \Device\Harddisk0\DR0\Partition0 - ok

08:27:48.0476 3352 Boot (0x1200) (2e54b5aa3831a4198cd1ecbd2e7c07b3) \Device\Harddisk0\DR0\Partition1

08:27:48.0476 3352 \Device\Harddisk0\DR0\Partition1 - ok

08:27:48.0476 3352 ============================================================

08:27:48.0476 3352 Scan finished

08:27:48.0476 3352 ============================================================

08:27:48.0492 4248 Detected object count: 17

08:27:48.0492 4248 Actual detected object count: 17

08:28:21.0109 4248 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

08:28:21.0109 4248 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:28:21.0109 4248 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user

08:28:21.0109 4248 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:28:21.0109 4248 ElRawDisk ( UnsignedFile.Multi.Generic ) - skipped by user

08:28:21.0109 4248 ElRawDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:28:21.0109 4248 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

08:28:21.0109 4248 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:28:21.0109 4248 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

08:28:21.0109 4248 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:28:21.0109 4248 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

08:28:21.0109 4248 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:28:21.0114 4248 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user

08:28:21.0114 4248 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:28:21.0114 4248 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

08:28:21.0114 4248 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:28:21.0114 4248 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user

08:28:21.0114 4248 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:28:21.0114 4248 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user

08:28:21.0114 4248 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:28:21.0114 4248 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user

08:28:21.0114 4248 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:28:21.0119 4248 Ndisrd ( UnsignedFile.Multi.Generic ) - skipped by user

08:28:21.0119 4248 Ndisrd ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:28:21.0119 4248 NdisrdMP ( UnsignedFile.Multi.Generic ) - skipped by user

08:28:21.0119 4248 NdisrdMP ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:28:21.0119 4248 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

08:28:21.0119 4248 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:28:21.0119 4248 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

08:28:21.0119 4248 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:28:25.0104 4248 \Device\Harddisk0\DR0\# - copied to quarantine

08:28:25.0104 4248 \Device\Harddisk0\DR0 - copied to quarantine

08:28:25.0239 4248 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

08:28:25.0264 4248 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

08:28:25.0289 4248 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

08:28:25.0304 4248 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

08:28:25.0314 4248 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

08:28:25.0359 4248 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

08:28:25.0399 4248 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

08:28:25.0404 4248 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

08:28:25.0419 4248 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

08:28:25.0424 4248 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

08:28:25.0454 4248 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

08:28:25.0484 4248 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

08:28:25.0554 4248 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

08:28:25.0569 4248 \Device\Harddisk0\DR0 - ok

08:28:25.0589 4248 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

08:28:25.0594 4248 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

08:28:25.0594 4248 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

08:28:30.0994 2260 Deinitialize success

Share this post


Link to post
Share on other sites

Please re-run TDSSKiller and use Delete option for this entry:

08:28:25.0594 4248 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

08:28:25.0594 4248 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Next:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Share this post


Link to post
Share on other sites

<p>Alright, here is combofix log</p>

<p> </p>

<p> </p>

<p> </p>

<div>ComboFix 12-07-30.03 - Mom 07/31/2012  18:44:01.1.4 - x86</div>

<div>Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.3325.1686 [GMT -4:00]</div>

<div>Running from: c:\users\Scott\Downloads\ComboFix.exe</div>

<div>AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}</div>

<div>SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}</div>

<div>SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\ddv.exe</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\dudl.dll</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\eb.exe</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\eb.sys</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\energy.drv</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\exec.sys</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\fix.exe</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\grid.drv</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\PE.dll</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\PE.drv</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.drv</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.exe</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe</div>

<div>c:\users\Public\RemoveSGP0.exe</div>

<div>c:\windows\system32\drivers\snetcfg.exe</div>

<div>c:\windows\system32\ndisapi.dll</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((   Files Created from 2012-06-28 to 2012-07-31  )))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>2012-07-31 23:00 . 2012-07-31 23:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Mom\AppData\Local\temp</div>

<div>2012-07-31 23:00 . 2012-07-31 23:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div>

<div>2012-07-31 23:00 . 2012-07-31 23:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Courtney\AppData\Local\temp</div>

<div>2012-07-31 22:37 . 2012-06-02 22:19<span class="Apple-tab-span" style="white-space:pre"> </span>53784<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuauclt.exe</div>

<div>2012-07-31 22:37 . 2012-06-02 22:19<span class="Apple-tab-span" style="white-space:pre"> </span>45080<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wups2.dll</div>

<div>2012-07-31 22:37 . 2012-06-02 22:19<span class="Apple-tab-span" style="white-space:pre"> </span>1933848<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuaueng.dll</div>

<div>2012-07-31 22:37 . 2012-06-02 22:12<span class="Apple-tab-span" style="white-space:pre"> </span>2422272<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wucltux.dll</div>

<div>2012-07-31 22:36 . 2012-06-02 19:19<span class="Apple-tab-span" style="white-space:pre"> </span>171904<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuwebv.dll</div>

<div>2012-07-31 22:36 . 2012-06-02 19:12<span class="Apple-tab-span" style="white-space:pre"> </span>33792<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuapp.exe</div>

<div>2012-07-31 12:28 . 2012-07-31 22:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\TDSSKiller_Quarantine</div>

<div>2012-07-24 03:02 . 2012-07-24 03:02<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Defraggler</div>

<div>2012-07-24 02:40 . 2012-02-29 15:11<span class="Apple-tab-span" style="white-space:pre"> </span>5120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wmi.dll</div>

<div>2012-07-24 02:40 . 2012-02-29 15:11<span class="Apple-tab-span" style="white-space:pre"> </span>172032<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wintrust.dll</div>

<div>2012-07-24 02:40 . 2012-02-29 15:09<span class="Apple-tab-span" style="white-space:pre"> </span>157696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\imagehlp.dll</div>

<div>2012-07-24 02:40 . 2012-02-29 13:32<span class="Apple-tab-span" style="white-space:pre"> </span>12800<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\fs_rec.sys</div>

<div>2012-07-24 02:40 . 2012-03-30 12:39<span class="Apple-tab-span" style="white-space:pre"> </span>905600<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\tcpip.sys</div>

<div>2012-07-24 02:39 . 2012-02-01 13:58<span class="Apple-tab-span" style="white-space:pre"> </span>47104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Windows Journal\PDIALOG.exe</div>

<div>2012-07-24 02:39 . 2012-02-01 15:10<span class="Apple-tab-span" style="white-space:pre"> </span>936960<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\Microsoft Shared\ink\journal.dll</div>

<div>2012-07-24 02:39 . 2012-02-01 15:11<span class="Apple-tab-span" style="white-space:pre"> </span>1218048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Windows Journal\NBDoc.DLL</div>

<div>2012-07-24 02:39 . 2012-02-01 15:10<span class="Apple-tab-span" style="white-space:pre"> </span>983040<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Windows Journal\JNTFiltr.dll</div>

<div>2012-07-24 02:39 . 2012-02-01 15:10<span class="Apple-tab-span" style="white-space:pre"> </span>964608<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Windows Journal\JNWDRV.dll</div>

<div>2012-07-24 02:39 . 2012-02-01 15:10<span class="Apple-tab-span" style="white-space:pre"> </span>1404928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll</div>

<div>2012-07-24 02:36 . 2012-07-24 02:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Courtney\AppData\Local\AVG Secure Search</div>

<div>2012-07-24 02:36 . 2012-07-24 02:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Courtney\AppData\Roaming\AVG2012</div>

<div>2012-07-23 20:06 . 2012-07-23 20:06<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Scott\AppData\Roaming\QuickScan</div>

<div>2012-07-23 19:17 . 2011-10-16 16:40<span class="Apple-tab-span" style="white-space:pre"> </span>161736<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\14res.dll</div>

<div>2012-07-23 18:08 . 2012-07-23 18:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Scott\AppData\Local\AVG Secure Search</div>

<div>2012-07-23 18:08 . 2012-07-23 18:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Scott\AppData\Roaming\AVG2012</div>

<div>2012-07-23 17:56 . 2012-07-23 17:56<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Scott\AppData\Roaming\SUPERAntiSpyware.com</div>

<div>2012-07-23 17:53 . 2012-07-23 17:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Scott\AppData\Roaming\Malwarebytes</div>

<div>2012-07-23 17:51 . 2012-07-23 17:51<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Mom\AppData\Roaming\AVG2012</div>

<div>2012-07-23 17:50 . 2012-07-23 17:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Mom\AppData\Local\AVG Secure Search</div>

<div>2012-07-23 17:50 . 2012-07-23 17:54<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\AVG Secure Search</div>

<div>2012-07-23 17:50 . 2012-07-23 17:50<span class="Apple-tab-span" style="white-space:pre"> </span>27496<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgtpx86.sys</div>

<div>2012-07-23 17:49 . 2012-07-23 17:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\AVG Secure Search</div>

<div>2012-07-23 17:49 . 2012-07-23 17:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVG Secure Search</div>

<div>2012-07-23 17:47 . 2012-07-31 22:33<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\AVG</div>

<div>2012-07-23 17:47 . 2012-07-23 18:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\AVG2012</div>

<div>2012-07-23 17:47 . 2012-07-23 17:47<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\$AVG</div>

<div>2012-07-23 17:46 . 2012-07-23 17:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVG</div>

<div>2012-07-23 17:41 . 2012-07-31 22:33<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\MFAData</div>

<div>2012-07-23 17:41 . 2012-07-23 17:41<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d--h--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Common Files</div>

<div>2012-07-23 17:38 . 2012-07-23 17:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Mom\AppData\Roaming\SUPERAntiSpyware.com</div>

<div>2012-07-23 17:38 . 2012-07-23 17:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\SUPERAntiSpyware</div>

<div>2012-07-23 17:38 . 2012-07-23 17:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\SUPERAntiSpyware.com</div>

<div>2012-07-23 17:36 . 2012-07-23 17:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Mom\AppData\Roaming\Malwarebytes</div>

<div>2012-07-23 17:35 . 2012-07-23 17:35<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Malwarebytes</div>

<div>2012-07-23 17:35 . 2012-07-23 17:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Malwarebytes' Anti-Malware</div>

<div>2012-07-23 17:35 . 2012-07-03 17:46<span class="Apple-tab-span" style="white-space:pre"> </span>22344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div>

<div>2012-07-23 17:34 . 2012-07-23 17:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\CCleaner</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>*Note* empty entries & legit default entries are not shown </div>

<div>REGEDIT4</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]</div>

<div>2012-07-23 17:49<span class="Apple-tab-span" style="white-space:pre"> </span>2086496<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]</div>

<div>"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-07-23 2086496]</div>

<div>.</div>

<div>[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]</div>

<div>[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]</div>

<div>[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]</div>

<div>"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]</div>

<div>"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]</div>

<div>"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]</div>

<div>"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]</div>

<div>"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]</div>

<div>"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-08-07 1548288]</div>

<div>"Dell PC TuneUp Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2008-11-18 314224]</div>

<div>"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]</div>

<div>"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]</div>

<div>"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]</div>

<div>"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]</div>

<div>"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]</div>

<div>"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]</div>

<div>"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-23 1147488]</div>

<div>.</div>

<div>c:\users\Courtney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</div>

<div>Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]</div>

<div>OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]</div>

<div>.</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</div>

<div>Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]</div>

<div>OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]</div>

<div>.</div>

<div>c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</div>

<div>Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]</div>

<div>OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]</div>

<div>.</div>

<div>c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</div>

<div>Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div>

<div>"EnableUIADesktopToggle"= 0 (0x0)</div>

<div>.</div>

<div>[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]</div>

<div>"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]</div>

<div>2011-05-04 17:54<span class="Apple-tab-span" style="white-space:pre"> </span>551296<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\SUPERAntiSpyware\SASWINLO.DLL</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]</div>

<div>2008-08-05 12:08<span class="Apple-tab-span" style="white-space:pre"> </span>10536<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]</div>

<div>"aux2"=wdmaud.drv</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]</div>

<div>BootExecute<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]</div>

<div>@=""</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]</div>

<div>@=""</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]</div>

<div>@=""</div>

<div>.</div>

<div>[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]</div>

<div>path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk</div>

<div>backup=c:\windows\pss\Bluetooth.lnk.CommonStartup</div>

<div>backupExtension=.CommonStartup</div>

<div>.</div>

<div>[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]</div>

<div>path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk</div>

<div>backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup</div>

<div>backupExtension=.CommonStartup</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]</div>

<div>2008-08-14 04:04<span class="Apple-tab-span" style="white-space:pre"> </span>206064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Dell Support Center\bin\sprtcmd.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]</div>

<div>2008-03-11 16:44<span class="Apple-tab-span" style="white-space:pre"> </span>16384<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Dell Support Center\gs_agent\custom\dsca.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]</div>

<div>2011-06-28 11:01<span class="Apple-tab-span" style="white-space:pre"> </span>1195408<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\McAfee.com\Agent\mcagent.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM05Cfg.exe]</div>

<div>2007-08-22 05:39<span class="Apple-tab-span" style="white-space:pre"> </span>28672<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\OEM05Cfg.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM05Mon.exe]</div>

<div>2007-08-22 05:39<span class="Apple-tab-span" style="white-space:pre"> </span>36864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\OEM05Mon.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]</div>

<div>2009-11-11 04:08<span class="Apple-tab-span" style="white-space:pre"> </span>417792<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\QuickTime\QTTask.exe</div>

<div>.</div>

<div>S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]</div>

<div>S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]</div>

<div>S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]</div>

<div>.</div>

<div>.</div>

<div>--- Other Services/Drivers In Memory ---</div>

<div>.</div>

<div>*NewlyCreated* - 07157053</div>

<div>*Deregistered* - 07157053</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]</div>

<div>bthsvcs<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>BthServ</div>

<div>HPZ12<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>Pml Driver HPZ12 Net Driver HPZ12</div>

<div>hpdevmgmt<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>hpqcxs08 hpqddsvc</div>

<div>HPService<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>HPSLPSVC</div>

<div>LocalServiceAndNoImpersonation<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>FontCache</div>

<div>.</div>

<div>Contents of the 'Scheduled Tasks' folder</div>

<div>.</div>

<div>2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div>

<div>- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-06 22:15]</div>

<div>.</div>

<div>2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div>

<div>- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-06 22:15]</div>

<div>.</div>

<div>2012-07-31 c:\windows\Tasks\User_Feed_Synchronization-{78C0B445-C76B-4AC0-9569-9B08E4A4EF41}.job</div>

<div>- c:\windows\system32\msfeedssync.exe [2011-10-12 21:29]</div>

<div>.</div>

<div>2012-03-10 c:\windows\Tasks\User_Feed_Synchronization-{F2A5AD57-D337-4858-8247-926F5611C300}.job</div>

<div>- c:\windows\system32\msfeedssync.exe [2011-10-12 21:29]</div>

<div>.</div>

<div>.</div>

<div>------- Supplementary Scan -------</div>

<div>.</div>

<div>uStart Page = hxxp://www.google.com/</div>

<div>mStart Page = hxxp://www.yahoo.com</div>

<div>uInternet Settings,ProxyOverride = *.local</div>

<div>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000</div>

<div>IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm</div>

<div>IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm</div>

<div>LSP: c:\windows\system32\wpclsp.dll</div>

<div>Trusted Zone: internet</div>

<div>Trusted Zone: mcafee.com</div>

<div>TCP: DhcpNameServer = 192.168.1.1 68.237.161.12</div>

<div>Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll</div>

<div>.</div>

<div>.</div>

<div>------- File Associations -------</div>

<div>.</div>

<div>JSEFile=NOTEPAD.EXE %1</div>

<div>.</div>

<div>- - - - ORPHANS REMOVED - - - -</div>

<div>.</div>

<div>Toolbar-10 - (no file)</div>

<div>WebBrowser-{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - (no file)</div>

<div>WebBrowser-{22E03916-85C5-44B0-8DC9-1830C11238D9} - (no file)</div>

<div>WebBrowser-{795828A9-F271-43A8-8536-4484BB991D3D} - (no file)</div>

<div>WebBrowser-{B80F591E-FE9A-46CF-A13E-180377240586} - (no file)</div>

<div>WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)</div>

<div>WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)</div>

<div>MSConfigStartUp-FBSSA - c:\program files\SGPSA\ie3sh.exe</div>

<div>AddRemove-FoxTab FLV Player - c:\program files\FoxTabFLVPlayer\Uninstall\Uninstall.exe</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>**************************************************************************</div>

<div>.</div>

<div>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net</div>

<div>Rootkit scan 2012-07-31 19:00</div>

<div>Windows 6.0.6002 Service Pack 2 NTFS</div>

<div>.</div>

<div>scanning hidden processes ...  </div>

<div>.</div>

<div>scanning hidden autostart entries ... </div>

<div>.</div>

<div>scanning hidden files ...  </div>

<div>.</div>

<div>scan completed successfully</div>

<div>hidden files: 0</div>

<div>.</div>

<div>**************************************************************************</div>

<div>.</div>

<div>--------------------- LOCKED REGISTRY KEYS ---------------------</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</div>

<div>@Denied: (A) (Users)</div>

<div>@Denied: (A) (Everyone)</div>

<div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div>

<div>"BlindDial"=dword:00000000</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]</div>

<div>@Denied: (A) (Users)</div>

<div>@Denied: (A) (Everyone)</div>

<div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div>

<div>"BlindDial"=dword:00000000</div>

<div>.</div>

<div>Completion time: 2012-07-31  19:04:03</div>

<div>ComboFix-quarantined-files.txt  2012-07-31 23:04</div>

<div>.</div>

<div>Pre-Run: 463,744,622,592 bytes free</div>

<div>Post-Run: 463,880,069,120 bytes free</div>

<div>.</div>

<div>- - End Of File - - B42BAFBC144B542DDC0A68984F484DEF</div>

<div> </div>

Share this post


Link to post
Share on other sites

<p> </p>

<div>ComboFix 12-07-30.03 - Mom 07/31/2012  18:44:01.1.4 - x86</div>

<div>Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.3325.1686 [GMT -4:00]</div>

<div>Running from: c:\users\Scott\Downloads\ComboFix.exe</div>

<div>AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}</div>

<div>SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}</div>

<div>SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\ddv.exe</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\dudl.dll</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\eb.exe</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\eb.sys</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\energy.drv</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\exec.sys</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\fix.exe</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\grid.drv</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\PE.dll</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\PE.drv</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.drv</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.exe</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe</div>

<div>c:\users\Public\RemoveSGP0.exe</div>

<div>c:\windows\system32\drivers\snetcfg.exe</div>

<div>c:\windows\system32\ndisapi.dll</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((   Files Created from 2012-06-28 to 2012-07-31  )))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>2012-07-31 23:00 . 2012-07-31 23:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Mom\AppData\Local\temp</div>

<div>2012-07-31 23:00 . 2012-07-31 23:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div>

<div>2012-07-31 23:00 . 2012-07-31 23:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Courtney\AppData\Local\temp</div>

<div>2012-07-31 22:37 . 2012-06-02 22:19<span class="Apple-tab-span" style="white-space:pre"> </span>53784<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuauclt.exe</div>

<div>2012-07-31 22:37 . 2012-06-02 22:19<span class="Apple-tab-span" style="white-space:pre"> </span>45080<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wups2.dll</div>

<div>2012-07-31 22:37 . 2012-06-02 22:19<span class="Apple-tab-span" style="white-space:pre"> </span>1933848<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuaueng.dll</div>

<div>2012-07-31 22:37 . 2012-06-02 22:12<span class="Apple-tab-span" style="white-space:pre"> </span>2422272<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wucltux.dll</div>

<div>2012-07-31 22:36 . 2012-06-02 19:19<span class="Apple-tab-span" style="white-space:pre"> </span>171904<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuwebv.dll</div>

<div>2012-07-31 22:36 . 2012-06-02 19:12<span class="Apple-tab-span" style="white-space:pre"> </span>33792<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuapp.exe</div>

<div>2012-07-31 12:28 . 2012-07-31 22:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\TDSSKiller_Quarantine</div>

<div>2012-07-24 03:02 . 2012-07-24 03:02<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Defraggler</div>

<div>2012-07-24 02:40 . 2012-02-29 15:11<span class="Apple-tab-span" style="white-space:pre"> </span>5120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wmi.dll</div>

<div>2012-07-24 02:40 . 2012-02-29 15:11<span class="Apple-tab-span" style="white-space:pre"> </span>172032<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wintrust.dll</div>

<div>2012-07-24 02:40 . 2012-02-29 15:09<span class="Apple-tab-span" style="white-space:pre"> </span>157696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\imagehlp.dll</div>

<div>2012-07-24 02:40 . 2012-02-29 13:32<span class="Apple-tab-span" style="white-space:pre"> </span>12800<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\fs_rec.sys</div>

<div>2012-07-24 02:40 . 2012-03-30 12:39<span class="Apple-tab-span" style="white-space:pre"> </span>905600<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\tcpip.sys</div>

<div>2012-07-24 02:39 . 2012-02-01 13:58<span class="Apple-tab-span" style="white-space:pre"> </span>47104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Windows Journal\PDIALOG.exe</div>

<div>2012-07-24 02:39 . 2012-02-01 15:10<span class="Apple-tab-span" style="white-space:pre"> </span>936960<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\Microsoft Shared\ink\journal.dll</div>

<div>2012-07-24 02:39 . 2012-02-01 15:11<span class="Apple-tab-span" style="white-space:pre"> </span>1218048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Windows Journal\NBDoc.DLL</div>

<div>2012-07-24 02:39 . 2012-02-01 15:10<span class="Apple-tab-span" style="white-space:pre"> </span>983040<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Windows Journal\JNTFiltr.dll</div>

<div>2012-07-24 02:39 . 2012-02-01 15:10<span class="Apple-tab-span" style="white-space:pre"> </span>964608<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Windows Journal\JNWDRV.dll</div>

<div>2012-07-24 02:39 . 2012-02-01 15:10<span class="Apple-tab-span" style="white-space:pre"> </span>1404928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll</div>

<div>2012-07-24 02:36 . 2012-07-24 02:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Courtney\AppData\Local\AVG Secure Search</div>

<div>2012-07-24 02:36 . 2012-07-24 02:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Courtney\AppData\Roaming\AVG2012</div>

<div>2012-07-23 20:06 . 2012-07-23 20:06<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Scott\AppData\Roaming\QuickScan</div>

<div>2012-07-23 19:17 . 2011-10-16 16:40<span class="Apple-tab-span" style="white-space:pre"> </span>161736<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\14res.dll</div>

<div>2012-07-23 18:08 . 2012-07-23 18:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Scott\AppData\Local\AVG Secure Search</div>

<div>2012-07-23 18:08 . 2012-07-23 18:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Scott\AppData\Roaming\AVG2012</div>

<div>2012-07-23 17:56 . 2012-07-23 17:56<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Scott\AppData\Roaming\SUPERAntiSpyware.com</div>

<div>2012-07-23 17:53 . 2012-07-23 17:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Scott\AppData\Roaming\Malwarebytes</div>

<div>2012-07-23 17:51 . 2012-07-23 17:51<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Mom\AppData\Roaming\AVG2012</div>

<div>2012-07-23 17:50 . 2012-07-23 17:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Mom\AppData\Local\AVG Secure Search</div>

<div>2012-07-23 17:50 . 2012-07-23 17:54<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\AVG Secure Search</div>

<div>2012-07-23 17:50 . 2012-07-23 17:50<span class="Apple-tab-span" style="white-space:pre"> </span>27496<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgtpx86.sys</div>

<div>2012-07-23 17:49 . 2012-07-23 17:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\AVG Secure Search</div>

<div>2012-07-23 17:49 . 2012-07-23 17:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVG Secure Search</div>

<div>2012-07-23 17:47 . 2012-07-31 22:33<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\AVG</div>

<div>2012-07-23 17:47 . 2012-07-23 18:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\AVG2012</div>

<div>2012-07-23 17:47 . 2012-07-23 17:47<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\$AVG</div>

<div>2012-07-23 17:46 . 2012-07-23 17:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVG</div>

<div>2012-07-23 17:41 . 2012-07-31 22:33<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\MFAData</div>

<div>2012-07-23 17:41 . 2012-07-23 17:41<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d--h--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Common Files</div>

<div>2012-07-23 17:38 . 2012-07-23 17:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Mom\AppData\Roaming\SUPERAntiSpyware.com</div>

<div>2012-07-23 17:38 . 2012-07-23 17:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\SUPERAntiSpyware</div>

<div>2012-07-23 17:38 . 2012-07-23 17:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\SUPERAntiSpyware.com</div>

<div>2012-07-23 17:36 . 2012-07-23 17:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Mom\AppData\Roaming\Malwarebytes</div>

<div>2012-07-23 17:35 . 2012-07-23 17:35<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Malwarebytes</div>

<div>2012-07-23 17:35 . 2012-07-23 17:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Malwarebytes' Anti-Malware</div>

<div>2012-07-23 17:35 . 2012-07-03 17:46<span class="Apple-tab-span" style="white-space:pre"> </span>22344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div>

<div>2012-07-23 17:34 . 2012-07-23 17:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\CCleaner</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>*Note* empty entries & legit default entries are not shown </div>

<div>REGEDIT4</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]</div>

<div>2012-07-23 17:49<span class="Apple-tab-span" style="white-space:pre"> </span>2086496<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]</div>

<div>"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-07-23 2086496]</div>

<div>.</div>

<div>[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]</div>

<div>[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]</div>

<div>[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]</div>

<div>"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]</div>

<div>"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]</div>

<div>"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]</div>

<div>"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]</div>

<div>"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]</div>

<div>"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-08-07 1548288]</div>

<div>"Dell PC TuneUp Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2008-11-18 314224]</div>

<div>"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]</div>

<div>"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]</div>

<div>"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]</div>

<div>"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]</div>

<div>"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]</div>

<div>"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]</div>

<div>"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-23 1147488]</div>

<div>.</div>

<div>c:\users\Courtney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</div>

<div>Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]</div>

<div>OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]</div>

<div>.</div>

<div>c:\users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</div>

<div>Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]</div>

<div>OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]</div>

<div>.</div>

<div>c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</div>

<div>Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]</div>

<div>OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]</div>

<div>.</div>

<div>c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</div>

<div>Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div>

<div>"EnableUIADesktopToggle"= 0 (0x0)</div>

<div>.</div>

<div>[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]</div>

<div>"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]</div>

<div>2011-05-04 17:54<span class="Apple-tab-span" style="white-space:pre"> </span>551296<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\SUPERAntiSpyware\SASWINLO.DLL</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]</div>

<div>2008-08-05 12:08<span class="Apple-tab-span" style="white-space:pre"> </span>10536<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]</div>

<div>"aux2"=wdmaud.drv</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]</div>

<div>BootExecute<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]</div>

<div>@=""</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]</div>

<div>@=""</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]</div>

<div>@=""</div>

<div>.</div>

<div>[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]</div>

<div>path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk</div>

<div>backup=c:\windows\pss\Bluetooth.lnk.CommonStartup</div>

<div>backupExtension=.CommonStartup</div>

<div>.</div>

<div>[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]</div>

<div>path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk</div>

<div>backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup</div>

<div>backupExtension=.CommonStartup</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]</div>

<div>2008-08-14 04:04<span class="Apple-tab-span" style="white-space:pre"> </span>206064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Dell Support Center\bin\sprtcmd.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]</div>

<div>2008-03-11 16:44<span class="Apple-tab-span" style="white-space:pre"> </span>16384<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Dell Support Center\gs_agent\custom\dsca.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]</div>

<div>2011-06-28 11:01<span class="Apple-tab-span" style="white-space:pre"> </span>1195408<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\McAfee.com\Agent\mcagent.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM05Cfg.exe]</div>

<div>2007-08-22 05:39<span class="Apple-tab-span" style="white-space:pre"> </span>28672<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\OEM05Cfg.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM05Mon.exe]</div>

<div>2007-08-22 05:39<span class="Apple-tab-span" style="white-space:pre"> </span>36864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\OEM05Mon.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]</div>

<div>2009-11-11 04:08<span class="Apple-tab-span" style="white-space:pre"> </span>417792<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\QuickTime\QTTask.exe</div>

<div>.</div>

<div>S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]</div>

<div>S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]</div>

<div>S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]</div>

<div>.</div>

<div>.</div>

<div>--- Other Services/Drivers In Memory ---</div>

<div>.</div>

<div>*NewlyCreated* - 07157053</div>

<div>*Deregistered* - 07157053</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]</div>

<div>bthsvcs<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>BthServ</div>

<div>HPZ12<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>Pml Driver HPZ12 Net Driver HPZ12</div>

<div>hpdevmgmt<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>hpqcxs08 hpqddsvc</div>

<div>HPService<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>HPSLPSVC</div>

<div>LocalServiceAndNoImpersonation<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>FontCache</div>

<div>.</div>

<div>Contents of the 'Scheduled Tasks' folder</div>

<div>.</div>

<div>2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div>

<div>- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-06 22:15]</div>

<div>.</div>

<div>2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div>

<div>- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-06 22:15]</div>

<div>.</div>

<div>2012-07-31 c:\windows\Tasks\User_Feed_Synchronization-{78C0B445-C76B-4AC0-9569-9B08E4A4EF41}.job</div>

<div>- c:\windows\system32\msfeedssync.exe [2011-10-12 21:29]</div>

<div>.</div>

<div>2012-03-10 c:\windows\Tasks\User_Feed_Synchronization-{F2A5AD57-D337-4858-8247-926F5611C300}.job</div>

<div>- c:\windows\system32\msfeedssync.exe [2011-10-12 21:29]</div>

<div>.</div>

<div>.</div>

<div>------- Supplementary Scan -------</div>

<div>.</div>

<div>uStart Page = hxxp://www.google.com/</div>

<div>mStart Page = hxxp://www.yahoo.com</div>

<div>uInternet Settings,ProxyOverride = *.local</div>

<div>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000</div>

<div>IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm</div>

<div>IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm</div>

<div>LSP: c:\windows\system32\wpclsp.dll</div>

<div>Trusted Zone: internet</div>

<div>Trusted Zone: mcafee.com</div>

<div>TCP: DhcpNameServer = 192.168.1.1 68.237.161.12</div>

<div>Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll</div>

<div>.</div>

<div>.</div>

<div>------- File Associations -------</div>

<div>.</div>

<div>JSEFile=NOTEPAD.EXE %1</div>

<div>.</div>

<div>- - - - ORPHANS REMOVED - - - -</div>

<div>.</div>

<div>Toolbar-10 - (no file)</div>

<div>WebBrowser-{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - (no file)</div>

<div>WebBrowser-{22E03916-85C5-44B0-8DC9-1830C11238D9} - (no file)</div>

<div>WebBrowser-{795828A9-F271-43A8-8536-4484BB991D3D} - (no file)</div>

<div>WebBrowser-{B80F591E-FE9A-46CF-A13E-180377240586} - (no file)</div>

<div>WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)</div>

<div>WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)</div>

<div>MSConfigStartUp-FBSSA - c:\program files\SGPSA\ie3sh.exe</div>

<div>AddRemove-FoxTab FLV Player - c:\program files\FoxTabFLVPlayer\Uninstall\Uninstall.exe</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>**************************************************************************</div>

<div>.</div>

<div>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net</div>

<div>Rootkit scan 2012-07-31 19:00</div>

<div>Windows 6.0.6002 Service Pack 2 NTFS</div>

<div>.</div>

<div>scanning hidden processes ...  </div>

<div>.</div>

<div>scanning hidden autostart entries ... </div>

<div>.</div>

<div>scanning hidden files ...  </div>

<div>.</div>

<div>scan completed successfully</div>

<div>hidden files: 0</div>

<div>.</div>

<div>**************************************************************************</div>

<div>.</div>

<div>--------------------- LOCKED REGISTRY KEYS ---------------------</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</div>

<div>@Denied: (A) (Users)</div>

<div>@Denied: (A) (Everyone)</div>

<div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div>

<div>"BlindDial"=dword:00000000</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]</div>

<div>@Denied: (A) (Users)</div>

<div>@Denied: (A) (Everyone)</div>

<div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div>

<div>"BlindDial"=dword:00000000</div>

<div>.</div>

<div>Completion time: 2012-07-31  19:04:03</div>

<div>ComboFix-quarantined-files.txt  2012-07-31 23:04</div>

<div>.</div>

<div>Pre-Run: 463,744,622,592 bytes free</div>

<div>Post-Run: 463,880,069,120 bytes free</div>

<div>.</div>

<div>- - End Of File - - B42BAFBC144B542DDC0A68984F484DEF</div>

<div> </div>

Share this post


Link to post
Share on other sites

Please before post your log file make sure you did in Toggle editing mode

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.