Anti-virus detecting trojans

glennski51 · September 5, 2012

Trojans are continually found in external hard drive backup process. Wondering if they are false positive as AVG detected trojans involved with Mbam process when I ran it. DDS logs below, thanks for the help!

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2

Run by glenn at 9:34:34 on 2012-09-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2017 [GMT -4:00]

.

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgfws.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Users\glenn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe

C:\Users\glenn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll

uRun: [Google Update] "C:\Users\glenn\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900

mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{A5D620A6-3A3C-4BFE-98D2-D0B08116F398} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{A5D620A6-3A3C-4BFE-98D2-D0B08116F398}\7457E63702F66602478656020716472796F64737 : DhcpNameServer = 192.168.2.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll

BHO-X64: Searchqu Toolbar - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900

mRun-x64: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"

mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun-x64: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\glenn\AppData\Roaming\Mozilla\Firefox\Profiles\vzvktb1k.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Users\glenn\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-9-25 189736]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-2 655944]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]

R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-3 722528]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys --> C:\Windows\system32\DRIVERS\RTL8187B.sys [?]

R3 SrvHsfPCI;SrvHsfPCI;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]

R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 250056]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-27 113120]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-09-03 01:29:42 -------- d-----w- C:\Users\glenn\AppData\Roaming\The Creative Assembly

2012-09-02 16:54:36 -------- d-----w- C:\Users\glenn\AppData\Roaming\Malwarebytes

2012-09-02 16:54:14 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-02 16:54:14 -------- d-----w- C:\ProgramData\Malwarebytes

2012-09-02 16:54:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-28 01:06:06 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-08-28 01:03:22 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-08-28 00:48:22 -------- d-----w- C:\Program Files (x86)\Steam

2012-08-28 00:30:17 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2012-08-27 21:58:59 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2012-08-27 21:58:50 157608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-08-27 21:58:50 113120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-08-27 21:58:49 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-08-27 21:58:49 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2012-08-15 10:06:03 503808 ----a-w- C:\Windows\System32\srcore.dll

2012-08-15 10:06:03 43008 ----a-w- C:\Windows\SysWow64\srclient.dll

2012-08-15 10:06:01 751104 ----a-w- C:\Windows\System32\win32spl.dll

2012-08-15 10:06:01 67072 ----a-w- C:\Windows\splwow64.exe

2012-08-15 10:06:01 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2012-08-15 10:06:01 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-08-15 10:06:00 136704 ----a-w- C:\Windows\System32\browser.dll

2012-08-15 10:05:59 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-08-15 10:05:59 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-08-15 10:05:58 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-08-15 10:05:57 956928 ----a-w- C:\Windows\System32\localspl.dll

2012-08-15 02:47:44 -------- d-----w- C:\Program Files\iPod

2012-08-15 02:47:43 -------- d-----w- C:\Program Files\iTunes

2012-08-15 02:47:43 -------- d-----w- C:\Program Files (x86)\iTunes

2012-08-15 02:46:00 -------- d-----w- C:\Program Files\Bonjour

2012-08-15 02:46:00 -------- d-----w- C:\Program Files (x86)\Bonjour

2012-08-09 02:36:19 -------- d-----w- C:\Windows\System32\SPReview

2012-08-09 02:33:33 -------- d-----w- C:\Windows\System32\EventProviders

.

==================== Find3M ====================

.

2012-09-04 00:24:42 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2012-08-28 01:05:56 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-08-14 18:54:26 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-14 18:54:26 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-09 02:50:53 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-08-09 02:50:53 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-25 20:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll

2012-06-20 16:54:52 71104 ----a-w- C:\Windows\CouponPrinter.ocx

.

============= FINISH: 9:35:25.77 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 1/29/2012 3:14:49 AM

System Uptime: 9/3/2012 11:22:59 AM (46 hours ago)

.

Motherboard: Gateway | | RS780

Processor: AMD Phenom 9100e Quad-Core Processor | AM2 | 900/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 596 GiB total, 390.074 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is FIXED (NTFS) - 932 GiB total, 390.65 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco Systems VPN Adapter for 64-bit Windows

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter for 64-bit Windows

PNP Device ID: ROOT\NET\0000

Service: CVirtA

.

Class GUID:

Description: 802.11 n WLAN

Device ID: USB\VID_050D&PID_825B\1.0

Manufacturer:

Name: 802.11 n WLAN

PNP Device ID: USB\VID_050D&PID_825B\1.0

Service:

.

==== System Restore Points ===================

.

RP57: 8/16/2012 3:00:16 AM - Windows Update

RP58: 8/27/2012 6:54:29 PM - Installed Steam

RP59: 8/27/2012 8:29:33 PM - Installed Steam

RP60: 8/27/2012 8:32:29 PM - Removed Steam

RP61: 8/27/2012 8:48:00 PM - Installed Steam

RP62: 8/27/2012 9:02:35 PM - Installed Java 7 Update 6

RP63: 8/27/2012 9:05:07 PM - Removed Java 7 Update 6

RP64: 8/27/2012 9:05:37 PM - Installed Java 7 Update 6

RP65: 9/2/2012 9:27:31 PM - Installed DirectX

RP66: 9/2/2012 9:29:09 PM - Installed Microsoft Visual C++ 2005 Redistributable

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

2007 Microsoft Office system

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop CS5.1

Adobe Reader X (10.1.4)

Amnesia - The Dark Descent

Apple Application Support

Apple Software Update

Bastion

Braid (Version 1.015)

Carbonite Online Backup Setup

Coupon Printer for Windows

Empire: Total War

Google Chrome

Java 7 Update 6

Java Auto Updater

Java 6 Update 31

jZip

LIMBO

Malwarebytes Anti-Malware version 1.62.0.1300

McAfee Security Scan Plus

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft XNA Framework Redistributable 3.1

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

PDF Settings CS5

PMB

Seagate Manager Installer

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Shutterfly Express Uploader

Steam

Super Meat Boy v1.5

Team Fortress 2

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Visual Studio 2008 x64 Redistributables

.

==== End Of File ===========================

Maurice Naggar · September 6, 2012

Hello glenn,

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

Go to your Desktop
Double-Click the Computer icon.
From the menu options, Select Tools, then Folder Options.
Next click the View tab.
Locate and uncheck Hide file extensions for known file types.
Locate and uncheck Hide protected operating system files (Recommended).
Locate and click Show hidden files and folders and drives.
Click Apply > OK.

Step 3

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

Accept the Terms of Use and press Start button;
Approve the install of the required ActiveX Control, then follow on-screen instructions;
Enable (check) the Remove found threats option, and run the scan.
After the scan completes, the Details tab in the Results window will display what was found and removed.
- A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.
Look at contents of this file using Notepad.
The Frequently Asked Questions for ESET Online Scanner can be viewed here
http://go.eset.com/us/online-scanner/faq
- It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
  (And the prompt re-enabling when finished.)
- If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
- Do not use the system while the scan is running. Once the full scan is underway, go take a long break

Re-enable the antivirus program.

Reply with copy of the Eset scan log

glennski51 · September 7, 2012

Thanks for the help Maurice. Well that really was a good long scan. Here's what eset came up with.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=9cf56f0755d40b42b30b808401f2a127

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-09-07 04:52:42

# local_time=2012-09-07 12:52:42 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1024 16777215 100 0 17569620 17569620 0 0

# compatibility_mode=5893 16776574 100 94 1577808 98523859 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=618386

# found=4

# cleaned=4

# scan_time=13154

I:\Seagate Backup\*******\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

I:\Seagate Backup\*******\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent23.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

I:\Seagate Backup\*******\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent33.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

I:\Seagate Backup\*******\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent63.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Maurice Naggar · September 7, 2012

Please next do the following.

Step 1

Download and Save McAfee Stinger to your Desktop

http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,if any.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click and select Run as Administrator.

On XP, double-click to start it.

The GUI interface will look like this

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Rename

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

RE-Enable your anti-virus program.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.

It is not intended as virus protection.

Step 2

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

glennski51 · September 7, 2012

Here are logs of the 2 scans

McAfee® Labs Stinger Version 10.2.0.780 built on Sep 7 2012

Virus data file v1000.0000 created on Sep 7 2012.

Ready to scan for 4939 viruses, trojans and variants.

Scan initiated on Fri Sep 07 08:45:54 2012

Rootkit scan result : Not Scanned

Master Boot Record(s):....2

Possibly Infected:.............0

Boot Sector(s):.................2

Possibly Infected: ............0

Number of clean files: 16629

09:12:07.0541 4344 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

09:12:09.0553 4344 ============================================================

09:12:09.0553 4344 Current date / time: 2012/09/07 09:12:09.0553

09:12:09.0553 4344 SystemInfo:

09:12:09.0553 4344

09:12:09.0553 4344 OS Version: 6.1.7601 ServicePack: 1.0

09:12:09.0553 4344 Product type: Workstation

09:12:09.0553 4344 ComputerName: *******I-PC

09:12:09.0553 4344 UserName: *****

09:12:09.0553 4344 Windows directory: C:\Windows

09:12:09.0553 4344 System windows directory: C:\Windows

09:12:09.0553 4344 Running under WOW64

09:12:09.0553 4344 Processor architecture: Intel x64

09:12:09.0553 4344 Number of processors: 4

09:12:09.0553 4344 Page size: 0x1000

09:12:09.0553 4344 Boot type: Normal boot

09:12:09.0553 4344 ============================================================

09:12:10.0551 4344 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x47B84, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040

09:12:10.0567 4344 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

09:12:16.0507 4344 ============================================================

09:12:16.0507 4344 \Device\Harddisk0\DR0:

09:12:16.0524 4344 MBR partitions:

09:12:16.0524 4344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

09:12:16.0524 4344 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A825000

09:12:16.0524 4344 \Device\Harddisk1\DR1:

09:12:16.0525 4344 MBR partitions:

09:12:16.0525 4344 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982

09:12:16.0525 4344 ============================================================

09:12:16.0558 4344 C: <-> \Device\Harddisk0\DR0\Partition2

09:12:16.0576 4344 I: <-> \Device\Harddisk1\DR1\Partition1

09:12:16.0576 4344 ============================================================

09:12:16.0577 4344 Initialize success

09:12:16.0577 4344 ============================================================

09:12:26.0699 4448 ============================================================

09:12:26.0699 4448 Scan started

09:12:26.0699 4448 Mode: Manual;

09:12:26.0699 4448 ============================================================

09:12:27.0291 4448 ================ Scan system memory ========================

09:12:27.0291 4448 System memory - ok

09:12:27.0291 4448 ================ Scan services =============================

09:12:27.0463 4448 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

09:12:27.0479 4448 1394ohci - ok

09:12:27.0510 4448 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

09:12:27.0541 4448 ACPI - ok

09:12:27.0557 4448 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

09:12:27.0572 4448 AcpiPmi - ok

09:12:27.0713 4448 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

09:12:27.0713 4448 AdobeARMservice - ok

09:12:28.0056 4448 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

09:12:28.0071 4448 AdobeFlashPlayerUpdateSvc - ok

09:12:28.0118 4448 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

09:12:28.0134 4448 adp94xx - ok

09:12:28.0165 4448 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

09:12:28.0165 4448 adpahci - ok

09:12:28.0196 4448 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

09:12:28.0196 4448 adpu320 - ok

09:12:28.0227 4448 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

09:12:28.0227 4448 AeLookupSvc - ok

09:12:28.0259 4448 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

09:12:28.0274 4448 AFD - ok

09:12:28.0305 4448 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

09:12:28.0305 4448 agp440 - ok

09:12:28.0337 4448 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

09:12:28.0337 4448 ALG - ok

09:12:28.0352 4448 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

09:12:28.0352 4448 aliide - ok

09:12:28.0383 4448 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

09:12:28.0383 4448 amdide - ok

09:12:28.0415 4448 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

09:12:28.0415 4448 AmdK8 - ok

09:12:28.0446 4448 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

09:12:28.0446 4448 AmdPPM - ok

09:12:28.0477 4448 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

09:12:28.0477 4448 amdsata - ok

09:12:28.0493 4448 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

09:12:28.0508 4448 amdsbs - ok

09:12:28.0508 4448 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

09:12:28.0524 4448 amdxata - ok

09:12:28.0555 4448 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

09:12:28.0555 4448 AppID - ok

09:12:28.0571 4448 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

09:12:28.0586 4448 AppIDSvc - ok

09:12:28.0602 4448 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

09:12:28.0602 4448 Appinfo - ok

09:12:28.0742 4448 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

09:12:28.0742 4448 Apple Mobile Device - ok

09:12:28.0758 4448 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

09:12:28.0773 4448 arc - ok

09:12:28.0773 4448 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

09:12:28.0789 4448 arcsas - ok

09:12:28.0805 4448 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

09:12:28.0805 4448 AsyncMac - ok

09:12:28.0836 4448 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

09:12:28.0836 4448 atapi - ok

09:12:28.0961 4448 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\drivers\atikmdag.sys

09:12:29.0085 4448 atikmdag - ok

09:12:29.0132 4448 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

09:12:29.0163 4448 AudioEndpointBuilder - ok

09:12:29.0179 4448 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

09:12:29.0195 4448 AudioSrv - ok

09:12:29.0241 4448 [ 96B4456F1DCA4EDA506ED31C7D2D6B05 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys

09:12:29.0241 4448 Avgfwfd - ok

09:12:29.0429 4448 [ BD5D11CEDBCDE4FA97D2387E7069B1FF ] avgfws C:\Program Files (x86)\AVG\AVG2012\avgfws.exe

09:12:29.0475 4448 avgfws - ok

09:12:29.0616 4448 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

09:12:29.0694 4448 AVGIDSAgent - ok

09:12:29.0756 4448 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys

09:12:29.0756 4448 AVGIDSDriver - ok

09:12:29.0803 4448 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys

09:12:29.0803 4448 AVGIDSFilter - ok

09:12:29.0865 4448 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys

09:12:29.0865 4448 AVGIDSHA - ok

09:12:29.0897 4448 [ 59955B4C288DD2A8B9FD2CD5158355C5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys

09:12:29.0912 4448 Avgldx64 - ok

09:12:29.0943 4448 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys

09:12:29.0959 4448 Avgmfx64 - ok

09:12:29.0990 4448 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys

09:12:29.0990 4448 Avgrkx64 - ok

09:12:30.0021 4448 [ 1BEE674AD792B1C63BB0DAC5FA724B23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys

09:12:30.0037 4448 Avgtdia - ok

09:12:30.0084 4448 [ A313C4AE276E3C975A1BC27170AA23C6 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys

09:12:30.0084 4448 avgtp - ok

09:12:30.0099 4448 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

09:12:30.0099 4448 avgwd - ok

09:12:30.0146 4448 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

09:12:30.0162 4448 AxInstSV - ok

09:12:30.0193 4448 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

09:12:30.0209 4448 b06bdrv - ok

09:12:30.0240 4448 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

09:12:30.0255 4448 b57nd60a - ok

09:12:30.0302 4448 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

09:12:30.0302 4448 BDESVC - ok

09:12:30.0318 4448 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

09:12:30.0318 4448 Beep - ok

09:12:30.0380 4448 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

09:12:30.0411 4448 BFE - ok

09:12:30.0443 4448 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

09:12:30.0489 4448 BITS - ok

09:12:30.0505 4448 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

09:12:30.0521 4448 blbdrive - ok

09:12:30.0614 4448 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

09:12:30.0614 4448 Bonjour Service - ok

09:12:30.0661 4448 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

09:12:30.0661 4448 bowser - ok

09:12:30.0677 4448 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

09:12:30.0677 4448 BrFiltLo - ok

09:12:30.0677 4448 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

09:12:30.0692 4448 BrFiltUp - ok

09:12:30.0708 4448 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

09:12:30.0723 4448 Browser - ok

09:12:30.0755 4448 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

09:12:30.0755 4448 Brserid - ok

09:12:30.0770 4448 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

09:12:30.0770 4448 BrSerWdm - ok

09:12:30.0786 4448 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

09:12:30.0786 4448 BrUsbMdm - ok

09:12:30.0786 4448 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

09:12:30.0786 4448 BrUsbSer - ok

09:12:30.0801 4448 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

09:12:30.0801 4448 BTHMODEM - ok

09:12:30.0833 4448 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

09:12:30.0833 4448 bthserv - ok

09:12:30.0848 4448 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

09:12:30.0864 4448 cdfs - ok

09:12:30.0895 4448 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

09:12:30.0895 4448 cdrom - ok

09:12:30.0926 4448 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

09:12:30.0926 4448 CertPropSvc - ok

09:12:30.0942 4448 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

09:12:30.0942 4448 circlass - ok

09:12:30.0973 4448 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

09:12:30.0989 4448 CLFS - ok

09:12:31.0067 4448 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:12:31.0067 4448 clr_optimization_v2.0.50727_32 - ok

09:12:31.0082 4448 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

09:12:31.0098 4448 clr_optimization_v2.0.50727_64 - ok

09:12:31.0238 4448 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:12:31.0254 4448 clr_optimization_v4.0.30319_32 - ok

09:12:31.0316 4448 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

09:12:31.0332 4448 clr_optimization_v4.0.30319_64 - ok

09:12:31.0363 4448 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

09:12:31.0379 4448 CmBatt - ok

09:12:31.0410 4448 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

09:12:31.0410 4448 cmdide - ok

09:12:31.0457 4448 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

09:12:31.0472 4448 CNG - ok

09:12:31.0503 4448 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

09:12:31.0503 4448 Compbatt - ok

09:12:31.0535 4448 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

09:12:31.0550 4448 CompositeBus - ok

09:12:31.0566 4448 COMSysApp - ok

09:12:31.0597 4448 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

09:12:31.0597 4448 crcdisk - ok

09:12:31.0644 4448 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

09:12:31.0644 4448 CryptSvc - ok

09:12:31.0691 4448 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys

09:12:31.0753 4448 CVirtA - ok

09:12:31.0847 4448 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

09:12:31.0862 4448 CVPND - ok

09:12:31.0909 4448 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys

09:12:31.0940 4448 CVPNDRVA - ok

09:12:31.0987 4448 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

09:12:32.0018 4448 DcomLaunch - ok

09:12:32.0049 4448 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

09:12:32.0065 4448 defragsvc - ok

09:12:32.0096 4448 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

09:12:32.0112 4448 DfsC - ok

09:12:32.0159 4448 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

09:12:32.0174 4448 Dhcp - ok

09:12:32.0205 4448 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

09:12:32.0205 4448 discache - ok

09:12:32.0237 4448 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

09:12:32.0237 4448 Disk - ok

09:12:32.0268 4448 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys

09:12:32.0283 4448 DNE - ok

09:12:32.0315 4448 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

09:12:32.0315 4448 Dnscache - ok

09:12:32.0346 4448 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

09:12:32.0361 4448 dot3svc - ok

09:12:32.0393 4448 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

09:12:32.0408 4448 DPS - ok

09:12:32.0424 4448 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

09:12:32.0455 4448 drmkaud - ok

09:12:32.0502 4448 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

09:12:32.0549 4448 DXGKrnl - ok

09:12:32.0580 4448 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

09:12:32.0580 4448 EapHost - ok

09:12:32.0673 4448 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

09:12:32.0767 4448 ebdrv - ok

09:12:32.0798 4448 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

09:12:32.0798 4448 EFS - ok

09:12:32.0861 4448 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

09:12:32.0892 4448 ehRecvr - ok

09:12:32.0923 4448 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

09:12:32.0923 4448 ehSched - ok

09:12:32.0954 4448 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

09:12:33.0001 4448 elxstor - ok

09:12:33.0017 4448 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

09:12:33.0032 4448 ErrDev - ok

09:12:33.0063 4448 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

09:12:33.0079 4448 EventSystem - ok

09:12:33.0095 4448 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

09:12:33.0110 4448 exfat - ok

09:12:33.0126 4448 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

09:12:33.0126 4448 fastfat - ok

09:12:33.0173 4448 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

09:12:33.0204 4448 Fax - ok

09:12:33.0219 4448 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

09:12:33.0219 4448 fdc - ok

09:12:33.0235 4448 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

09:12:33.0235 4448 fdPHost - ok

09:12:33.0251 4448 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

09:12:33.0251 4448 FDResPub - ok

09:12:33.0266 4448 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

09:12:33.0266 4448 FileInfo - ok

09:12:33.0282 4448 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

09:12:33.0282 4448 Filetrace - ok

09:12:33.0282 4448 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

09:12:33.0297 4448 flpydisk - ok

09:12:33.0329 4448 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

09:12:33.0344 4448 FltMgr - ok

09:12:33.0438 4448 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

09:12:33.0453 4448 FontCache - ok

09:12:33.0500 4448 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

09:12:33.0500 4448 FontCache3.0.0.0 - ok

09:12:33.0578 4448 [ 9513B437B7ADB1E6065B7F0D83D11ECF ] FreeAgentGoNext Service C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe

09:12:33.0578 4448 FreeAgentGoNext Service - ok

09:12:33.0594 4448 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

09:12:33.0609 4448 FsDepends - ok

09:12:33.0625 4448 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

09:12:33.0625 4448 Fs_Rec - ok

09:12:33.0672 4448 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

09:12:33.0672 4448 fvevol - ok

09:12:33.0687 4448 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

09:12:33.0703 4448 gagp30kx - ok

09:12:33.0750 4448 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

09:12:33.0765 4448 GEARAspiWDM - ok

09:12:33.0812 4448 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

09:12:33.0843 4448 gpsvc - ok

09:12:33.0859 4448 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

09:12:33.0875 4448 hcw85cir - ok

09:12:33.0937 4448 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

09:12:33.0953 4448 HdAudAddService - ok

09:12:33.0984 4448 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

09:12:33.0999 4448 HDAudBus - ok

09:12:33.0999 4448 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

09:12:34.0015 4448 HidBatt - ok

09:12:34.0031 4448 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

09:12:34.0031 4448 HidBth - ok

09:12:34.0062 4448 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

09:12:34.0062 4448 HidIr - ok

09:12:34.0077 4448 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

09:12:34.0093 4448 hidserv - ok

09:12:34.0109 4448 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys

09:12:34.0109 4448 HidUsb - ok

09:12:34.0155 4448 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

09:12:34.0155 4448 hkmsvc - ok

09:12:34.0202 4448 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

09:12:34.0218 4448 HomeGroupListener - ok

09:12:34.0249 4448 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

09:12:34.0265 4448 HomeGroupProvider - ok

09:12:34.0296 4448 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

09:12:34.0296 4448 HpSAMD - ok

09:12:34.0343 4448 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

09:12:34.0374 4448 HTTP - ok

09:12:34.0405 4448 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

09:12:34.0405 4448 hwpolicy - ok

09:12:34.0436 4448 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

09:12:34.0436 4448 i8042prt - ok

09:12:34.0467 4448 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

09:12:34.0483 4448 iaStorV - ok

09:12:34.0530 4448 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

09:12:34.0545 4448 idsvc - ok

09:12:34.0577 4448 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

09:12:34.0577 4448 iirsp - ok

09:12:34.0623 4448 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

09:12:34.0655 4448 IKEEXT - ok

09:12:34.0686 4448 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

09:12:34.0686 4448 intelide - ok

09:12:34.0717 4448 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

09:12:34.0717 4448 intelppm - ok

09:12:34.0748 4448 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

09:12:34.0764 4448 IPBusEnum - ok

09:12:34.0779 4448 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

09:12:34.0795 4448 IpFilterDriver - ok

09:12:34.0826 4448 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

09:12:34.0857 4448 iphlpsvc - ok

09:12:34.0889 4448 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

09:12:34.0889 4448 IPMIDRV - ok

09:12:34.0904 4448 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

09:12:34.0904 4448 IPNAT - ok

09:12:34.0982 4448 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

09:12:34.0998 4448 iPod Service - ok

09:12:35.0029 4448 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

09:12:35.0029 4448 IRENUM - ok

09:12:35.0060 4448 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

09:12:35.0060 4448 isapnp - ok

09:12:35.0107 4448 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

09:12:35.0123 4448 iScsiPrt - ok

09:12:35.0138 4448 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

09:12:35.0138 4448 kbdclass - ok

09:12:35.0169 4448 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

09:12:35.0185 4448 kbdhid - ok

09:12:35.0201 4448 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

09:12:35.0201 4448 KeyIso - ok

09:12:35.0232 4448 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

09:12:35.0247 4448 KSecDD - ok

09:12:35.0279 4448 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

09:12:35.0279 4448 KSecPkg - ok

09:12:35.0310 4448 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

09:12:35.0310 4448 ksthunk - ok

09:12:35.0341 4448 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

09:12:35.0357 4448 KtmRm - ok

09:12:35.0403 4448 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

09:12:35.0419 4448 LanmanServer - ok

09:12:35.0450 4448 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

09:12:35.0450 4448 LanmanWorkstation - ok

09:12:35.0481 4448 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

09:12:35.0481 4448 lltdio - ok

09:12:35.0528 4448 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

09:12:35.0544 4448 lltdsvc - ok

09:12:35.0559 4448 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

09:12:35.0559 4448 lmhosts - ok

09:12:35.0591 4448 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

09:12:35.0591 4448 LSI_FC - ok

09:12:35.0606 4448 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

09:12:35.0606 4448 LSI_SAS - ok

09:12:35.0622 4448 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

09:12:35.0622 4448 LSI_SAS2 - ok

09:12:35.0637 4448 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

09:12:35.0637 4448 LSI_SCSI - ok

09:12:35.0669 4448 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

09:12:35.0669 4448 luafv - ok

09:12:35.0778 4448 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

09:12:35.0778 4448 McComponentHostService - ok

09:12:35.0809 4448 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

09:12:35.0825 4448 Mcx2Svc - ok

09:12:35.0825 4448 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

09:12:35.0840 4448 megasas - ok

09:12:35.0856 4448 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

09:12:35.0856 4448 MegaSR - ok

09:12:35.0887 4448 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

09:12:35.0887 4448 MMCSS - ok

09:12:35.0903 4448 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

09:12:35.0903 4448 Modem - ok

09:12:35.0918 4448 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

09:12:35.0934 4448 monitor - ok

09:12:35.0949 4448 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys

09:12:35.0949 4448 mouclass - ok

09:12:35.0965 4448 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

09:12:35.0981 4448 mouhid - ok

09:12:35.0996 4448 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

09:12:35.0996 4448 mountmgr - ok

09:12:36.0012 4448 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

09:12:36.0027 4448 MozillaMaintenance - ok

09:12:36.0043 4448 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

09:12:36.0043 4448 mpio - ok

09:12:36.0059 4448 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

09:12:36.0059 4448 mpsdrv - ok

09:12:36.0105 4448 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

09:12:36.0121 4448 MpsSvc - ok

09:12:36.0152 4448 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

09:12:36.0152 4448 MRxDAV - ok

09:12:36.0183 4448 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

09:12:36.0183 4448 mrxsmb - ok

09:12:36.0215 4448 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

09:12:36.0215 4448 mrxsmb10 - ok

09:12:36.0230 4448 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

09:12:36.0230 4448 mrxsmb20 - ok

09:12:36.0261 4448 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

09:12:36.0261 4448 msahci - ok

09:12:36.0308 4448 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

09:12:36.0308 4448 msdsm - ok

09:12:36.0324 4448 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

09:12:36.0324 4448 MSDTC - ok

09:12:36.0355 4448 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

09:12:36.0355 4448 Msfs - ok

09:12:36.0371 4448 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

09:12:36.0371 4448 mshidkmdf - ok

09:12:36.0386 4448 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

09:12:36.0386 4448 msisadrv - ok

09:12:36.0417 4448 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

09:12:36.0417 4448 MSiSCSI - ok

09:12:36.0433 4448 msiserver - ok

09:12:36.0449 4448 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

09:12:36.0449 4448 MSKSSRV - ok

09:12:36.0464 4448 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

09:12:36.0464 4448 MSPCLOCK - ok

09:12:36.0464 4448 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

09:12:36.0480 4448 MSPQM - ok

09:12:36.0511 4448 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

09:12:36.0511 4448 MsRPC - ok

09:12:36.0542 4448 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

09:12:36.0542 4448 mssmbios - ok

09:12:36.0573 4448 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

09:12:36.0573 4448 MSTEE - ok

09:12:36.0589 4448 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

09:12:36.0589 4448 MTConfig - ok

09:12:36.0589 4448 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

09:12:36.0605 4448 Mup - ok

09:12:36.0636 4448 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

09:12:36.0651 4448 napagent - ok

09:12:36.0698 4448 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

09:12:36.0714 4448 NativeWifiP - ok

09:12:36.0761 4448 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys

09:12:36.0792 4448 NDIS - ok

09:12:36.0807 4448 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

09:12:36.0823 4448 NdisCap - ok

09:12:36.0839 4448 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

09:12:36.0839 4448 NdisTapi - ok

09:12:36.0870 4448 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

09:12:36.0870 4448 Ndisuio - ok

09:12:36.0901 4448 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

09:12:36.0901 4448 NdisWan - ok

09:12:36.0932 4448 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

09:12:36.0932 4448 NDProxy - ok

09:12:36.0948 4448 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

09:12:36.0963 4448 NetBIOS - ok

09:12:36.0979 4448 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

09:12:36.0979 4448 NetBT - ok

09:12:37.0010 4448 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

09:12:37.0010 4448 Netlogon - ok

09:12:37.0057 4448 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

09:12:37.0073 4448 Netman - ok

09:12:37.0104 4448 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

09:12:37.0119 4448 netprofm - ok

09:12:37.0135 4448 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

09:12:37.0151 4448 NetTcpPortSharing - ok

09:12:37.0166 4448 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

09:12:37.0166 4448 nfrd960 - ok

09:12:37.0197 4448 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

09:12:37.0229 4448 NlaSvc - ok

09:12:37.0229 4448 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

09:12:37.0244 4448 Npfs - ok

09:12:37.0260 4448 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

09:12:37.0260 4448 nsi - ok

09:12:37.0275 4448 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

09:12:37.0275 4448 nsiproxy - ok

09:12:37.0353 4448 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

09:12:37.0400 4448 Ntfs - ok

09:12:37.0447 4448 [ D4012918D3A3847B44B888D56BC095D6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys

09:12:37.0463 4448 NuidFltr - ok

09:12:37.0478 4448 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

09:12:37.0478 4448 Null - ok

09:12:37.0509 4448 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

09:12:37.0509 4448 nvraid - ok

09:12:37.0541 4448 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

09:12:37.0541 4448 nvstor - ok

09:12:37.0572 4448 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

09:12:37.0572 4448 nv_agp - ok

09:12:37.0681 4448 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

09:12:37.0697 4448 odserv - ok

09:12:37.0728 4448 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

09:12:37.0728 4448 ohci1394 - ok

09:12:37.0790 4448 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:12:37.0790 4448 ose - ok

09:12:37.0853 4448 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

09:12:37.0868 4448 p2pimsvc - ok

09:12:37.0899 4448 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

09:12:37.0915 4448 p2psvc - ok

09:12:37.0946 4448 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

09:12:37.0946 4448 Parport - ok

09:12:37.0977 4448 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

09:12:37.0977 4448 partmgr - ok

09:12:38.0009 4448 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

09:12:38.0024 4448 PcaSvc - ok

09:12:38.0055 4448 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

09:12:38.0071 4448 pci - ok

09:12:38.0102 4448 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

09:12:38.0102 4448 pciide - ok

09:12:38.0133 4448 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

09:12:38.0133 4448 pcmcia - ok

09:12:38.0149 4448 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

09:12:38.0149 4448 pcw - ok

09:12:38.0180 4448 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

09:12:38.0196 4448 PEAUTH - ok

09:12:38.0243 4448 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

09:12:38.0258 4448 PerfHost - ok

09:12:38.0336 4448 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

09:12:38.0367 4448 pla - ok

09:12:38.0399 4448 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

09:12:38.0414 4448 PlugPlay - ok

09:12:38.0742 4448 [ 63694C307273062A2167AE4CE80730EF ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

09:12:38.0742 4448 PMBDeviceInfoProvider - ok

09:12:38.0773 4448 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

09:12:38.0789 4448 PNRPAutoReg - ok

09:12:38.0804 4448 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

09:12:38.0820 4448 PNRPsvc - ok

09:12:38.0851 4448 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

09:12:38.0867 4448 PolicyAgent - ok

09:12:38.0898 4448 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

09:12:38.0913 4448 Power - ok

09:12:38.0945 4448 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

09:12:38.0945 4448 PptpMiniport - ok

09:12:38.0960 4448 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

09:12:38.0976 4448 Processor - ok

09:12:39.0023 4448 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

09:12:39.0038 4448 ProfSvc - ok

09:12:39.0054 4448 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

09:12:39.0054 4448 ProtectedStorage - ok

09:12:39.0101 4448 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

09:12:39.0116 4448 Psched - ok

09:12:39.0194 4448 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

09:12:39.0225 4448 ql2300 - ok

09:12:39.0241 4448 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

09:12:39.0241 4448 ql40xx - ok

09:12:39.0272 4448 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

09:12:39.0288 4448 QWAVE - ok

09:12:39.0303 4448 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

09:12:39.0303 4448 QWAVEdrv - ok

09:12:39.0303 4448 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

09:12:39.0303 4448 RasAcd - ok

09:12:39.0335 4448 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

09:12:39.0335 4448 RasAgileVpn - ok

09:12:39.0366 4448 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

09:12:39.0366 4448 RasAuto - ok

09:12:39.0381 4448 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

09:12:39.0397 4448 Rasl2tp - ok

09:12:39.0428 4448 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

09:12:39.0444 4448 RasMan - ok

09:12:39.0444 4448 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

09:12:39.0459 4448 RasPppoe - ok

09:12:39.0459 4448 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

09:12:39.0475 4448 RasSstp - ok

09:12:39.0491 4448 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

09:12:39.0506 4448 rdbss - ok

09:12:39.0522 4448 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

09:12:39.0522 4448 rdpbus - ok

09:12:39.0537 4448 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

09:12:39.0537 4448 RDPCDD - ok

09:12:39.0553 4448 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

09:12:39.0553 4448 RDPENCDD - ok

09:12:39.0584 4448 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

09:12:39.0584 4448 RDPREFMP - ok

09:12:39.0615 4448 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

09:12:39.0615 4448 RDPWD - ok

09:12:39.0662 4448 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

09:12:39.0662 4448 rdyboost - ok

09:12:39.0693 4448 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

09:12:39.0693 4448 RemoteAccess - ok

09:12:39.0709 4448 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

09:12:39.0725 4448 RemoteRegistry - ok

09:12:39.0740 4448 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

09:12:39.0740 4448 RpcEptMapper - ok

09:12:39.0756 4448 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

09:12:39.0771 4448 RpcLocator - ok

09:12:39.0803 4448 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

09:12:39.0818 4448 RpcSs - ok

09:12:39.0834 4448 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

09:12:39.0834 4448 rspndr - ok

09:12:39.0865 4448 [ F70A9384917659A4C5EF30F0F4EC484D ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys

09:12:39.0881 4448 RTL8187B - ok

09:12:39.0912 4448 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

09:12:39.0912 4448 SamSs - ok

09:12:39.0943 4448 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

09:12:39.0959 4448 sbp2port - ok

09:12:39.0974 4448 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

09:12:39.0990 4448 SCardSvr - ok

09:12:40.0021 4448 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

09:12:40.0021 4448 scfilter - ok

09:12:40.0083 4448 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

09:12:40.0115 4448 Schedule - ok

09:12:40.0146 4448 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

09:12:40.0146 4448 SCPolicySvc - ok

09:12:40.0177 4448 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

09:12:40.0193 4448 SDRSVC - ok

09:12:40.0224 4448 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

09:12:40.0224 4448 secdrv - ok

09:12:40.0255 4448 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

09:12:40.0255 4448 seclogon - ok

09:12:40.0271 4448 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

09:12:40.0286 4448 SENS - ok

09:12:40.0302 4448 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

09:12:40.0302 4448 SensrSvc - ok

09:12:40.0317 4448 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

09:12:40.0317 4448 Serenum - ok

09:12:40.0333 4448 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

09:12:40.0333 4448 Serial - ok

09:12:40.0364 4448 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

09:12:40.0364 4448 sermouse - ok

09:12:40.0395 4448 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

09:12:40.0411 4448 SessionEnv - ok

09:12:40.0442 4448 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

09:12:40.0442 4448 sffdisk - ok

09:12:40.0458 4448 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

09:12:40.0473 4448 sffp_mmc - ok

09:12:40.0489 4448 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

09:12:40.0489 4448 sffp_sd - ok

09:12:40.0505 4448 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

09:12:40.0505 4448 sfloppy - ok

09:12:40.0536 4448 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

09:12:40.0551 4448 SharedAccess - ok

09:12:40.0583 4448 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

09:12:40.0598 4448 ShellHWDetection - ok

09:12:40.0614 4448 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

09:12:40.0629 4448 SiSRaid2 - ok

09:12:40.0645 4448 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

09:12:40.0645 4448 SiSRaid4 - ok

09:12:40.0676 4448 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

09:12:40.0676 4448 Smb - ok

09:12:40.0692 4448 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

09:12:40.0707 4448 SNMPTRAP - ok

09:12:40.0707 4448 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

09:12:40.0723 4448 spldr - ok

09:12:40.0770 4448 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

09:12:40.0785 4448 Spooler - ok

09:12:40.0895 4448 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

09:12:40.0973 4448 sppsvc - ok

09:12:41.0004 4448 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

09:12:41.0004 4448 sppuinotify - ok

09:12:41.0035 4448 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

09:12:41.0051 4448 srv - ok

09:12:41.0082 4448 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

09:12:41.0097 4448 srv2 - ok

09:12:41.0129 4448 [ 93132C69394A99D992095D8CFE464801 ] SrvHsfPCI C:\Windows\system32\DRIVERS\VSTBS26.SYS

09:12:41.0160 4448 SrvHsfPCI - ok

09:12:41.0207 4448 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS

09:12:41.0253 4448 SrvHsfV92 - ok

09:12:41.0300 4448 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

09:12:41.0316 4448 SrvHsfWinac - ok

09:12:41.0347 4448 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

09:12:41.0347 4448 srvnet - ok

09:12:41.0378 4448 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

09:12:41.0394 4448 SSDPSRV - ok

09:12:41.0409 4448 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

09:12:41.0425 4448 SstpSvc - ok

09:12:41.0441 4448 Steam Client Service - ok

09:12:41.0456 4448 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

09:12:41.0456 4448 stexstor - ok

09:12:41.0503 4448 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

09:12:41.0534 4448 stisvc - ok

09:12:41.0565 4448 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

09:12:41.0565 4448 swenum - ok

09:12:41.0675 4448 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

09:12:41.0690 4448 SwitchBoard - ok

09:12:41.0706 4448 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

09:12:41.0737 4448 swprv - ok

09:12:41.0784 4448 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

09:12:41.0831 4448 SysMain - ok

09:12:41.0862 4448 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

09:12:41.0862 4448 TabletInputService - ok

09:12:41.0893 4448 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

09:12:41.0909 4448 TapiSrv - ok

09:12:41.0924 4448 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

09:12:41.0924 4448 TBS - ok

09:12:42.0002 4448 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

09:12:42.0049 4448 Tcpip - ok

09:12:42.0111 4448 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

09:12:42.0127 4448 TCPIP6 - ok

09:12:42.0189 4448 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

09:12:42.0189 4448 tcpipreg - ok

09:12:42.0236 4448 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

09:12:42.0236 4448 TDPIPE - ok

09:12:42.0252 4448 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

09:12:42.0267 4448 TDTCP - ok

09:12:42.0299 4448 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

09:12:42.0299 4448 tdx - ok

09:12:42.0330 4448 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

09:12:42.0345 4448 TermDD - ok

09:12:42.0377 4448 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

09:12:42.0408 4448 TermService - ok

09:12:42.0423 4448 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

09:12:42.0439 4448 Themes - ok

09:12:42.0455 4448 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

09:12:42.0455 4448 THREADORDER - ok

09:12:42.0470 4448 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

09:12:42.0470 4448 TrkWks - ok

09:12:42.0501 4448 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

09:12:42.0501 4448 TrustedInstaller - ok

09:12:42.0533 4448 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

09:12:42.0533 4448 tssecsrv - ok

09:12:42.0611 4448 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

09:12:42.0611 4448 TsUsbFlt - ok

09:12:42.0657 4448 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

09:12:42.0673 4448 tunnel - ok

09:12:42.0720 4448 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

09:12:42.0720 4448 uagp35 - ok

09:12:42.0751 4448 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

09:12:42.0767 4448 udfs - ok

09:12:42.0798 4448 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

09:12:42.0813 4448 UI0Detect - ok

09:12:42.0845 4448 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

09:12:42.0845 4448 uliagpkx - ok

09:12:42.0891 4448 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

09:12:42.0891 4448 umbus - ok

09:12:42.0907 4448 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

09:12:42.0923 4448 UmPass - ok

09:12:42.0938 4448 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

09:12:42.0954 4448 upnphost - ok

09:12:42.0985 4448 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

09:12:42.0985 4448 USBAAPL64 - ok

09:12:43.0016 4448 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

09:12:43.0016 4448 usbccgp - ok

09:12:43.0047 4448 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

09:12:43.0047 4448 usbcir - ok

09:12:43.0063 4448 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

09:12:43.0063 4448 usbehci - ok

09:12:43.0079 4448 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

09:12:43.0094 4448 usbhub - ok

09:12:43.0094 4448 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

09:12:43.0110 4448 usbohci - ok

09:12:43.0141 4448 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

09:12:43.0141 4448 usbprint - ok

09:12:43.0172 4448 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

09:12:43.0172 4448 usbscan - ok

09:12:43.0188 4448 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS

09:12:43.0188 4448 USBSTOR - ok

09:12:43.0203 4448 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

09:12:43.0203 4448 usbuhci - ok

09:12:43.0219 4448 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

09:12:43.0235 4448 UxSms - ok

09:12:43.0250 4448 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

09:12:43.0250 4448 VaultSvc - ok

09:12:43.0266 4448 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

09:12:43.0266 4448 vdrvroot - ok

09:12:43.0313 4448 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

09:12:43.0328 4448 vds - ok

09:12:43.0344 4448 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

09:12:43.0344 4448 vga - ok

09:12:43.0359 4448 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

09:12:43.0359 4448 VgaSave - ok

09:12:43.0391 4448 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

09:12:43.0391 4448 vhdmp - ok

09:12:43.0422 4448 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

09:12:43.0422 4448 viaide - ok

09:12:43.0437 4448 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

09:12:43.0437 4448 volmgr - ok

09:12:43.0469 4448 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

09:12:43.0500 4448 volmgrx - ok

09:12:43.0531 4448 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

09:12:43.0547 4448 volsnap - ok

09:12:43.0562 4448 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

09:12:43.0578 4448 vsmraid - ok

09:12:43.0625 4448 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

09:12:43.0671 4448 VSS - ok

09:12:43.0999 4448 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

09:12:44.0015 4448 vToolbarUpdater12.2.6 - ok

09:12:44.0030 4448 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

09:12:44.0030 4448 vwifibus - ok

09:12:44.0061 4448 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

09:12:44.0077 4448 W32Time - ok

09:12:44.0093 4448 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

09:12:44.0093 4448 WacomPen - ok

09:12:44.0124 4448 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

09:12:44.0124 4448 WANARP - ok

09:12:44.0139 4448 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

09:12:44.0139 4448 Wanarpv6 - ok

09:12:44.0217 4448 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

09:12:44.0249 4448 WatAdminSvc - ok

09:12:44.0311 4448 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

09:12:44.0342 4448 wbengine - ok

09:12:44.0373 4448 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

09:12:44.0373 4448 WbioSrvc - ok

09:12:44.0405 4448 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

09:12:44.0420 4448 wcncsvc - ok

09:12:44.0451 4448 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

09:12:44.0451 4448 WcsPlugInService - ok

09:12:44.0467 4448 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

09:12:44.0467 4448 Wd - ok

09:12:44.0498 4448 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

09:12:44.0514 4448 Wdf01000 - ok

09:12:44.0529 4448 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

09:12:44.0545 4448 WdiServiceHost - ok

09:12:44.0545 4448 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

09:12:44.0545 4448 WdiSystemHost - ok

09:12:44.0576 4448 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

09:12:44.0576 4448 WebClient - ok

09:12:44.0607 4448 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

09:12:44.0607 4448 Wecsvc - ok

09:12:44.0639 4448 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

09:12:44.0639 4448 wercplsupport - ok

09:12:44.0654 4448 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

09:12:44.0654 4448 WerSvc - ok

09:12:44.0670 4448 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

09:12:44.0670 4448 WfpLwf - ok

09:12:44.0685 4448 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

09:12:44.0701 4448 WIMMount - ok

09:12:44.0717 4448 WinDefend - ok

09:12:44.0717 4448 WinHttpAutoProxySvc - ok

09:12:44.0763 4448 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

09:12:44.0779 4448 Winmgmt - ok

09:12:44.0841 4448 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

09:12:44.0888 4448 WinRM - ok

09:12:44.0951 4448 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

09:12:44.0951 4448 WinUsb - ok

09:12:44.0982 4448 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

09:12:45.0013 4448 Wlansvc - ok

09:12:45.0029 4448 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

09:12:45.0029 4448 WmiAcpi - ok

09:12:45.0060 4448 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

09:12:45.0060 4448 wmiApSrv - ok

09:12:45.0075 4448 WMPNetworkSvc - ok

09:12:45.0091 4448 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

09:12:45.0107 4448 WPCSvc - ok

09:12:45.0122 4448 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

09:12:45.0122 4448 WPDBusEnum - ok

09:12:45.0138 4448 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

09:12:45.0153 4448 ws2ifsl - ok

09:12:45.0169 4448 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

09:12:45.0169 4448 wscsvc - ok

09:12:45.0185 4448 WSearch - ok

09:12:45.0278 4448 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

09:12:45.0341 4448 wuauserv - ok

09:12:45.0372 4448 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

09:12:45.0372 4448 WudfPf - ok

09:12:45.0419 4448 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

09:12:45.0419 4448 WUDFRd - ok

09:12:45.0465 4448 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

09:12:45.0465 4448 wudfsvc - ok

09:12:45.0497 4448 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

09:12:45.0512 4448 WwanSvc - ok

09:12:45.0543 4448 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys

09:12:45.0559 4448 yukonw7 - ok

09:12:45.0590 4448 ================ Scan global ===============================

09:12:45.0606 4448 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

09:12:45.0621 4448 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

09:12:45.0637 4448 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

09:12:45.0668 4448 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

09:12:45.0699 4448 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

09:12:45.0699 4448 [Global] - ok

09:12:45.0699 4448 ================ Scan MBR ==================================

09:12:45.0715 4448 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

09:12:45.0933 4448 \Device\Harddisk0\DR0 - ok

09:12:45.0949 4448 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1

09:12:45.0949 4448 \Device\Harddisk1\DR1 - ok

09:12:45.0949 4448 ================ Scan VBR ==================================

09:12:45.0965 4448 [ EDEC65156692363DBB832D62F76197FF ] \Device\Harddisk0\DR0\Partition1

09:12:45.0965 4448 \Device\Harddisk0\DR0\Partition1 - ok

09:12:45.0980 4448 [ 9C100CCFB35D0180B10FFF12FFB12825 ] \Device\Harddisk0\DR0\Partition2

09:12:45.0980 4448 \Device\Harddisk0\DR0\Partition2 - ok

09:12:45.0980 4448 [ 6E8CB53BE654C00C6C3DBD901D83F832 ] \Device\Harddisk1\DR1\Partition1

09:12:45.0980 4448 \Device\Harddisk1\DR1\Partition1 - ok

09:12:45.0996 4448 ============================================================

09:12:45.0996 4448 Scan finished

09:12:45.0996 4448 ============================================================

09:12:46.0011 4692 Detected object count: 0

09:12:46.0011 4692 Actual detected object count: 0

Maurice Naggar · September 7, 2012

As you mentioned at the top, the items tagged were on your backup folder on the I drive. The ones listed before were in the Spybot quarantine area.

You should temporarily, turn off your backup utility, and disconnect the I drive.

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member only. If you are a casual viewer, do NOT try this on your system!

If you are not and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

glennski51 · September 7, 2012

Here is the combofix log. Everything seems to be running okay. I'll run some scans with antivirus and also see if anything pops up on auto detect. Keeping backup drive disconnected for now.

ComboFix 12-09-07.03 - glenn 09/07/2012 11:40:45.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2341 [GMT -4:00]

Running from: c:\users\glenn\Desktop\ComboFix.exe

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\install.exe

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk

.

((((((((((((((((((((((((( Files Created from 2012-08-07 to 2012-09-07 )))))))))))))))))))))))))))))))

.

2012-09-07 15:48 . 2012-09-07 15:48 -------- d-----w- c:\users\*******\AppData\Local\temp

2012-09-07 15:48 . 2012-09-07 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-07 15:48 . 2012-09-07 15:48 -------- d-----w- c:\users\kristi\AppData\Local\temp

2012-09-07 12:46 . 2012-09-07 12:46 16200 ----a-w- c:\windows\stinger.sys

2012-09-07 12:44 . 2012-09-07 15:31 -------- d-----w- c:\program files (x86)\stinger

2012-09-07 01:09 . 2012-09-07 01:09 -------- d-----w- c:\program files (x86)\ESET

2012-09-07 00:56 . 2012-09-07 00:57 -------- d-----w- c:\program files (x86)\ERUNT

2012-09-05 21:15 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-03 01:29 . 2012-09-03 01:29 -------- d-----w- c:\users\glenn\AppData\Roaming\The Creative Assembly

2012-09-02 16:54 . 2012-09-02 16:54 -------- d-----w- c:\users\glenn\AppData\Roaming\Malwarebytes

2012-09-02 16:54 . 2012-09-02 16:54 -------- d-----w- c:\programdata\Malwarebytes

2012-09-02 16:54 . 2012-09-05 21:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-28 01:06 . 2012-08-28 01:05 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-08-28 01:03 . 2012-08-28 01:03 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-08-28 01:03 . 2012-08-28 01:05 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-08-28 00:56 . 2012-08-28 00:56 -------- d-----w- c:\users\*******\AppData\Local\Mozilla

2012-08-28 00:54 . 2012-08-28 00:54 -------- d-----w- c:\users\*******\AppData\Local\AVG Secure Search

2012-08-28 00:48 . 2012-09-05 21:14 -------- d-----w- c:\program files (x86)\Steam

2012-08-28 00:30 . 2012-09-05 21:14 -------- d-----w- c:\program files (x86)\Common Files\Steam

2012-08-27 21:58 . 2012-08-27 21:59 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-08-27 21:58 . 2012-08-27 21:58 157608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-08-27 21:58 . 2012-08-27 21:58 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-08-27 21:58 . 2012-08-27 21:58 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-08-27 21:58 . 2012-08-27 21:58 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

2012-08-15 10:06 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll

2012-08-15 10:06 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll

2012-08-15 10:06 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll

2012-08-15 10:06 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-15 10:06 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe

2012-08-15 10:06 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2012-08-15 10:06 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll

2012-08-15 10:05 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-08-15 10:05 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll

2012-08-15 10:05 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-08-15 10:05 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-08-15 10:05 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll

2012-08-15 02:47 . 2012-08-15 02:47 -------- d-----w- c:\program files\iPod

2012-08-15 02:47 . 2012-08-15 02:48 -------- d-----w- c:\program files\iTunes

2012-08-15 02:47 . 2012-08-15 02:48 -------- d-----w- c:\program files (x86)\iTunes

2012-08-15 02:46 . 2012-08-15 02:46 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-08-15 02:46 . 2012-08-15 02:46 -------- d-----w- c:\program files\Common Files\Apple

2012-08-15 02:46 . 2012-08-15 02:46 -------- d-----w- c:\program files\Bonjour

2012-08-15 02:46 . 2012-08-15 02:46 -------- d-----w- c:\program files (x86)\Bonjour

2012-08-15 02:45 . 2012-08-15 02:47 -------- d-----w- c:\program files (x86)\Common Files\Apple

2012-08-09 02:52 . 2012-08-16 07:00 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-08-09 02:36 . 2012-08-09 02:36 -------- d-----w- c:\windows\system32\SPReview

2012-08-09 02:33 . 2012-08-09 02:33 -------- d-----w- c:\windows\system32\EventProviders

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-04 00:24 . 2012-07-11 13:25 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2012-08-28 01:05 . 2012-07-06 14:11 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-14 18:54 . 2012-03-31 04:57 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-14 18:54 . 2012-03-31 04:57 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-09 02:50 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-08-09 02:50 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll

2012-06-20 16:54 . 2012-01-30 04:25 71104 ----a-w- c:\windows\CouponPrinter.ocx

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-09-04 00:24 1734240 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-09-04 1734240]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-28 1353080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-09-04 947808]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"CarboniteSetupLite"="c:\program files (x86)\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]

"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]

"ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-07-11 1020512]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-04 1022048]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-27 113120]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-30 1255736]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-04 31080]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]

S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-04 722528]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 416768]

S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 18:54]

.

2012-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3240784298-388009509-860317759-1000Core.job

- c:\users\*******\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-06 01:47]

.

2012-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3240784298-388009509-860317759-1000UA.job

- c:\users\*******\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-06 01:47]

.

2012-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3240784298-388009509-860317759-1003Core.job

- c:\users\kristi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-27 20:59]

.

2012-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3240784298-388009509-860317759-1003UA.job

- c:\users\kristi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-27 20:59]

.

2012-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3240784298-388009509-860317759-1004Core.job

- c:\users\glenn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-27 21:32]

.

2012-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3240784298-388009509-860317759-1004UA.job

- c:\users\glenn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-27 21:32]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll

FF - ProfilePath - c:\users\glenn\AppData\Roaming\Mozilla\Firefox\Profiles\vzvktb1k.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

.

**************************************************************************

.

Completion time: 2012-09-07 12:17:50 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-07 16:17

.

Pre-Run: 444,171,124,736 bytes free

Post-Run: 444,062,146,560 bytes free

.

- - End Of File - - D2B519AAC76282C89A7814F7353791C8

Maurice Naggar · September 7, 2012

Go to Control Panel >> Add-or-remove Programs

Uninstall McAfee Security Scan Plus

Exit Control Panel

Java runtime

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Accept the EULA & Download the latest version of >> Windows Offline << from here
or >> from here <<
and save it to your desktop.
Get the Offline version for both 32-bit and 64-bit. Install both. Your system is 64-bit & has 32-bit & 64-bit IE browsers.
Close any programs you may have running - especially your web browser(s).
Go to Start > Settings > Control Panel, select Programs and Features and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-7u7-windows-i586.exe to install the newest version.
( jre-7u7-windows-x64.exe if this is a 64-bit Windows o.s.)

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and Applets
    Trace and Log Files
  [*]Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

Download Security Check by screen317 from here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Edited September 7, 2012 by Maurice Naggar

glennski51 · September 7, 2012

thanks for all the help. security check text is below. I ran a clean mbam whole scan today. Weird thing is avg detected the same trojan name on same objects, but process is the mbam.exe now instead of the seagate backup exe process that it was before. If I try and fix with avg it says object is inacessible.

Trojan horse Crypt_s.JR;"c:\Users\kristi\Documents\FromLaptop\Grad Summer 06\shuffle.exe";"Object is inaccessible.";"9/7/2012, 2:25:28 PM";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" Trojan horse Crypt_s.JR;"c:\Users\kristi\Documents\FromLaptop\Grad Summer 06\avg.exe";"Object is inaccessible.";"9/7/2012, 2:25:27 PM";"file";"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"

Trojan horse Crypt_s.JR;"c:\Users\kristi\Documents\FromLaptop\Grad Summer 06\shuffle.exe";"Object is inaccessible.";"9/4/2012, 10:15:11 PM";"file";"C:\Program Files (x86)\Seagate\SeagateManager\Backup\MaxBackServiceInt.exe" Trojan horse Crypt_s.JR;"c:\Users\kristi\Documents\FromLaptop\Grad Summer 06\avg.exe";"Object is inaccessible.";"9/4/2012, 10:15:11 PM";"file";"C:\Program Files (x86)\Seagate\SeagateManager\Backup\MaxBackServiceInt.exe"

Results of screen317's Security Check version 0.99.50

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

AVG Internet Security 2012

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

Java 7 Update 7

Adobe Flash Player 11.3.300.271 Flash Player out of Date!

Adobe Reader X (10.1.4)

Mozilla Firefox (14.0.1)

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

AVG avgwdsvc.exe

AVG avgtray.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 9%

````````````````````End of Log``````````````````````

Maurice Naggar · September 8, 2012

Please take a few minutes and see section H of the MBAM F.A.Q. help http://forums.malwarebytes.org/index.php?act=findpost&pid=167851

Set the trust settings in AVG and in MBAM

Obviously, AVG is giving you a false positive on MBAM.

To de-install Flash Player

Use Programs and Features (Windows 7 & Vista) or Add-or-Remove Programs (Windows XP) to de-install older versions of Flash Player.

For stubborn cases,

Download and save the Flash Player uninstaller >> uninstall Flash Player for 32-bit Windows<<

If you have Windows 64-bit, use this Flash Player uninstaller >> uninstall Flash Player for 64-bit Windows<<

Close all browsers and instant messenger (IM) programs.

Run the uninstaller.

To get latest Flash Player

Go to http://www.adobe.com/go/getflash

and get the latest Flash Player

Un-Check any checkbox for McAfee Security Scan Plus, or Google or any other widget or toolbar !!!

Reference: How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

http://support.microsoft.com/kb/827218

ESET Online scan

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

Accept the Terms of Use and press Start button;
Approve the install of the required ActiveX Control, then follow on-screen instructions;
Enable (check) the Remove found threats option, and run the scan.
After the scan completes, the Details tab in the Results window will display what was found and removed.
- A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.
Look at contents of this file using Notepad.
The Frequently Asked Questions for ESET Online Scanner can be viewed here
http://go.eset.com/us/online-scanner/faq
- It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
  (And the prompt re-enabling when finished.)
- If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
- Do not use the system while the scan is running. Once the full scan is underway, go take a long break

Re-enable the antivirus program.

Reply with copy of the Eset scan log

glennski51 · September 8, 2012

Uninstalled adobe and then reinstalled latest version.

eset came back clean

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=9cf56f0755d40b42b30b808401f2a127

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-09-08 05:03:40

# local_time=2012-09-08 01:03:40 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1024 16777215 100 0 17708260 17708260 0 0

# compatibility_mode=5893 16776574 100 94 1716448 98662499 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=173455

# found=0

# cleaned=0

# scan_time=4771

Maurice Naggar · September 8, 2012

Very, very good.

How are we doing now ?

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the MBAM scan log for review.

glennski51 · September 8, 2012

Everything seems to be good. I set all the exclusions for malwarebytes within avg so that shouldn't be an issue anymore. Here is the mbam text.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.09.08.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

glenn :: *******-PC [administrator]

Protection: Enabled

9/8/2012 2:24:49 PM

mbam-log-2012-09-08 (14-24-49).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 238665

Time elapsed: 2 minute(s), 57 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Maurice Naggar · September 8, 2012

Very good. We can wrap this up now.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix ),

put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

Highlight the line in this CODEBOX.
Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
```
c:\users\glenn\Desktop\ComboFix.exe /uninstall
```
Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
Then tap Enter

IF in the case Combofix un-install has an issue, skip that step.

Download OTC to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

Stinger.exe

SecurityCheck.exe

TDSSKILLER.exe

Use Control Panel >> Programs and Features

Uninstall ESET Online scanner

exit Control Panel when done.

Safer practices & malware prevention

Have a hardware router between the incoming internet-modem and your computer.
Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
Check in at Windows Update and install any Critical Updates offered.
Make certain that Automatic Updates is enabled.
How to configure and use Automatic Updates in Windows
http://support.microsoft.com/kb/306525
Check on other update issues as well, visit Secunia Online Software Inspector (OSI)
See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
Download, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)
Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
That would help to keep your browser away from known spyware/malware sites.
Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
Having a total image backup of your system stored on DVD/CD is highly important.
Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if another disaster hits.
Examples of image backup software: Acronis True Image, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.asp
or Paragon Backup & Recovery http://www.paragon-software.com/home/br-free/download.html
Consider using Web of Trust WOT add-on for your browser(s)
http://www.mywot.com/en/download
http://www.mywot.com/en/faq/add-on
On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
ESET Online Scanner
BitDefender Quickscan
Trend Micro Housecall
F-Secure Online Scanner
Microsoft Safety Scanner
Panda ActiveScan
See Six tips to help you stay safer online
Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !

We are finished here. Best regards.

glennski51 · September 8, 2012

Thanks a lot for your help Maurice. Everything is uninstalled or removed as requested. Going to get to implementing these safeguards.

Maurice Naggar · September 9, 2012

Very very good. Glad to have helped. All the best to you.

Cheers.

Anti-virus detecting trojans

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information