Jump to content

Persistent Malware


Recommended Posts

Hello. Around Oct. 4th, my Free AVG 2012 picked up a Trojan horse Agent3.AOWL, then Malwarebytes picked up infections from the following paths:

c:\Users\****\AppData\LocalLow\Sun\Java\deployment\cache\6.0\15\455b38f-280635a9 (Rootkit.0Access) -> Quarantined and deleted successfully.

c:\Windows\Temp\9b88.exe (Rootkit.0Access) -> Quarantined and deleted successfully.

c:\Windows\Temp\wpbt0.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Windows\Temp\0.06601593707129882.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

c:\Windows\Temp\0.6584026221947342.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

Nothing is showing up on scans anymore but Malwarebytes continues to report blocks to outgoing processes through ping.exe, svchost.exe and firefox.exe (or chrome.exe if that's in use)... so I have reason to believe the infection may not be removed entirely.

Below are the logs from hijackthis and DDS, and "ARK" and "Attach" are attached per introductory thread. Thanks for any help in sorting this out.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:02:59 PM, on 10/11/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Google\Google Talk\googletalk.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59596

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [DirectxProfileManager] rundll32.exe "C:\ProgramData\DirectxProfileManager.dll",DllRegisterServer (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DirectxProfileManager] rundll32.exe "C:\ProgramData\DirectxProfileManager.dll",DllRegisterServer (User 'Default user')

O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab

O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - https://support.dell.com/systemprofiler/DellSystemLite.CAB

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20) -

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter.exe

O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter64.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 13968 bytes

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27

Run by MaryHelen at 21:22:02 on 2011-10-11

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2382 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter.exe

C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter64.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Program Files (x86)\Google\Google Talk\googletalk.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyServer = http=127.0.0.1:59596

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [<NO NAME>]

dRun: [DirectxProfileManager] rundll32.exe "C:\ProgramData\DirectxProfileManager.dll",DllRegisterServer

dRun: [ Update] rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\SoftGrid Client\SoftGridUpdate\SoftGridupdt32.DLL",DllRegisterServer

dRun: [Apple Update] rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.DLL",DllRegisterServer

dRun: [Auslogics Update] rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\Google\GoogleUpdate\Googleupdt32.DLL",DllRegisterServer

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

LSP: mswsock.dll

DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxps://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1 74.128.19.102 74.128.17.114

TCP: Interfaces\{4192CE1E-DEBC-4F2F-A03A-DA929EDF6F5D} : DhcpNameServer = 192.168.2.1 74.128.19.102 74.128.17.114

TCP: Interfaces\{4192CE1E-DEBC-4F2F-A03A-DA929EDF6F5D}\94E63796768647F575966496F533136373 : DhcpNameServer = 192.168.2.1 74.128.19.102 74.128.17.114

TCP: Interfaces\{5416705D-B568-45F7-954D-800DC86D9239} : DhcpNameServer = 192.168.0.1 165.166.142.42

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

BHO-X64: StartNow Toolbar Helper - No File

BHO-X64: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [(Default)]

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\MaryHelen\AppData\Roaming\Mozilla\Firefox\Profiles\5vi4qcxu.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=723823&p=

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll

FF - component: C:\Users\MaryHelen\AppData\Roaming\Mozilla\Firefox\Profiles\5vi4qcxu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll

FF - component: C:\Users\MaryHelen\AppData\Roaming\Mozilla\Firefox\Profiles\5vi4qcxu.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\MaryHelen\AppData\Roaming\Mozilla\plugins\np-mswmp.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-9-12 5265248]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter.exe [2011-4-4 75040]

R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter64.exe [2011-4-4 210720]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-10-10 1153368]

R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2010-10-20 5671792]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-3 136176]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-8 366152]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-3 136176]

S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 rsvcdwdr;rsvcdwdr;C:\Windows\system32\DRIVERS\rsvcdwdr.sys --> C:\Windows\system32\DRIVERS\rsvcdwdr.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-9-27 745880]

S4 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]

S4 IS360service;IS360service;C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe [2011-10-9 312152]

S4 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]

.

=============== File Associations ===============

.

.txt=

.

=============== Created Last 30 ================

.

2011-10-11 22:05:53 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{7F1DC198-FC78-460F-B68D-4A02385C0986}

2011-10-11 22:05:39 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{457AFAC2-0D74-4CB5-8BD5-0752D39D673E}

2011-10-11 03:15:28 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{6735EF63-4E63-4344-98B9-63B406308454}

2011-10-11 03:15:11 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{C55F793D-899A-4228-9B71-505E77E52CAA}

2011-10-10 12:19:26 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{754C0D25-6613-466A-B580-5E58EB5C0239}

2011-10-10 12:19:01 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{939248C5-1F09-4F87-911B-17A804016DA9}

2011-10-09 22:36:09 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{DF6A4072-C3B4-4A50-A973-24077BE64D98}

2011-10-09 22:35:47 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{1E413696-D4BA-45AD-B260-6C301BB8C998}

2011-10-09 22:21:20 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE

2011-10-09 22:12:14 -------- d-----w- C:\!KillBox

2011-10-09 21:40:11 388096 ----a-r- C:\Users\MaryHelen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-10-09 21:40:11 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-10-09 19:02:28 -------- d-----w- C:\Program Files (x86)\IObit Toolbar

2011-10-09 19:02:28 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot

2011-10-09 19:02:28 -------- d-----w- C:\Program Files (x86)\Application Updater

2011-10-09 19:01:53 -------- d-----w- C:\Users\MaryHelen\AppData\Roaming\IObit

2011-10-09 19:01:50 -------- d-----w- C:\ProgramData\IObit

2011-10-09 19:01:48 -------- d-----w- C:\Program Files (x86)\IObit

2011-10-09 02:41:00 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{5452F352-8BD8-4003-A215-1C91AFA46D5D}

2011-10-09 02:40:49 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{C8B1B319-1B16-4CCA-BE50-CBD668EF8BAD}

2011-10-08 18:14:51 -------- d-----w- C:\Users\MaryHelen\AppData\Roaming\Malwarebytes

2011-10-08 18:14:28 -------- d-----w- C:\ProgramData\Malwarebytes

2011-10-08 18:14:25 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-10-08 18:14:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-10-08 17:48:03 -------- d-----w- C:\sh4ldr

2011-10-08 17:48:03 -------- d-----w- C:\Program Files\Enigma Software Group

2011-10-08 17:03:48 -------- d-----w- C:\Windows\14E9D3713DAD4A57B935577AB862F3B3.TMP

2011-10-08 17:03:43 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2011-10-08 13:03:27 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{09F015D8-4579-409E-8636-6CF3E8DEBEDA}

2011-10-08 13:03:15 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{73FBFC98-6A80-42FA-AC77-5E349066B67C}

2011-10-07 12:48:04 -------- d-----w- C:\Users\MaryHelen\AppData\Roaming\Auslogics

2011-10-07 12:47:00 -------- d-----w- C:\Program Files (x86)\Auslogics

2011-10-07 12:46:20 -------- d-----w- C:\Program Files (x86)\StartNow Toolbar

2011-10-07 02:22:46 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{C04FBE5B-72E8-4967-B8AA-0DEA28DE8AAE}

2011-10-07 02:22:32 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{D9C39B20-0882-4038-BE82-410A9E38EE9F}

2011-10-06 12:49:54 -------- d-----w- C:\Users\MaryHelen\AppData\Roaming\FILEHUNTER

2011-10-06 12:48:58 -------- d-----w- C:\Program Files (x86)\WBTOOLTB

2011-10-06 12:34:57 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{302CD3B6-D956-4223-BC1E-75DF6EADFC56}

2011-10-06 12:34:35 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{BA3D8434-C19A-49E4-A00F-5290CE2E4840}

2011-10-06 03:27:09 -------- d-----w- C:\Users\MaryHelen\AppData\Roaming\ParetoLogic

2011-10-06 03:27:09 -------- d-----w- C:\Users\MaryHelen\AppData\Roaming\DriverCure

2011-10-06 03:26:53 -------- d-----w- C:\ProgramData\ParetoLogic

2011-10-06 03:26:53 -------- d-----w- C:\Program Files (x86)\ParetoLogic

2011-10-06 01:02:44 -------- d-----w- C:\Program Files (x86)\Eusing Free Registry Cleaner

2011-10-06 00:46:00 -------- d-----w- C:\ProgramData\STOPzilla!

2011-10-06 00:27:25 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{8C52BFB8-26AB-464C-82FF-39FFA3B4DF94}

2011-10-06 00:27:07 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{974456A3-33A9-4A87-A7FA-4227AC7E35EC}

2011-10-06 00:23:31 -------- d-----w- C:\Windows\SysWow64\drivers\AVG

2011-10-05 23:42:48 101376 ----a-w- C:\Windows\SysWow64\srrstr.dll

2011-10-05 23:42:47 101376 ----a-w- C:\ProgramData\DirectxProfileManager.dll

2011-10-05 12:23:10 -------- d-----we C:\Windows\system64

2011-10-05 03:02:53 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{C96E71C3-D904-4B1B-88D8-4A40990B0585}

2011-10-05 03:02:43 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{19BAAB61-66D6-4FBB-B4E6-F247C1FE7F27}

2011-10-04 12:12:27 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{BEC927D1-6AC6-4008-B812-CFB05ED95FC0}

2011-10-04 12:12:17 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{37F26868-DF5F-4823-8F62-089151139069}

2011-10-03 12:11:26 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{80AA4EAA-BFE5-4065-A9C9-62926DDB638D}

2011-10-03 12:11:16 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{207E445F-C6A1-4B5F-A8E8-A17F71AC9AFC}

2011-10-02 19:34:12 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{4E175810-7936-410F-B304-4ED49CD8D8D3}

2011-10-02 19:34:01 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{2B1BAE2D-DA49-419A-8795-53F4D46C9E06}

2011-09-30 12:08:35 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{156F2982-2820-4306-A772-7C6891C61761}

2011-09-30 12:08:24 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{93B02D8A-D0C5-4B93-9D69-78AC20FAF5ED}

2011-09-29 12:37:49 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{B8E0BC5F-98EE-4414-A304-3B6344F966C3}

2011-09-29 12:37:38 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{A27487BA-6401-4737-999B-55080CF7A59F}

2011-09-28 12:10:26 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{25F88354-2123-491D-A0A1-A4110F6DE502}

2011-09-28 12:10:07 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{985F777C-0C10-4BDA-B257-438F92B7170C}

2011-09-27 12:14:30 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{78EF0FE6-F4C4-49EF-84B8-61FBB34A733D}

2011-09-27 12:14:20 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{21371115-7445-4172-B7E5-31D97EF3907F}

2011-09-26 12:27:15 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{C490E245-8674-4E25-9DC0-9D282EDBD954}

2011-09-26 12:26:53 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{0757E623-78DB-43CD-BF91-74D9F9EE51F3}

2011-09-25 13:01:50 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{797D1C49-8E38-4309-B7FF-477941398115}

2011-09-25 13:01:39 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{98E2FBD1-0AFF-4D35-AED7-488AB479DDC9}

2011-09-24 16:27:20 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{35572B0B-1E24-4F69-9886-5E6088934956}

2011-09-24 16:27:09 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{8A8372C6-832C-409D-8AE6-5E3E70A2237E}

2011-09-24 12:51:44 -------- d-----w- C:\Users\MaryHelen\AppData\Roaming\AVG2012

2011-09-24 12:51:33 -------- d-----w- C:\ProgramData\AVG2012

2011-09-23 12:22:50 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{5AC3FD34-7CEA-40A9-9F37-C99EEA0D4728}

2011-09-23 12:22:39 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{02708AD6-81E5-4C93-B150-5CA2A2651297}

2011-09-22 23:03:52 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{454E9FC7-0CB2-497F-BC5E-5FFA339B101D}

2011-09-22 23:03:40 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{6CC39B83-6545-4784-8611-D0B72E77F915}

2011-09-22 02:26:16 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{11972EC4-CEC3-4D4C-A097-6EAEC080A5B7}

2011-09-22 02:26:05 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{3E69C57B-29D0-4942-8E49-82E132CEFAB4}

2011-09-21 01:17:49 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{5A0EE17C-DE17-45EF-B6CC-8FD2841880BE}

2011-09-21 01:17:39 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{66195CB1-1C3B-499F-A576-2290C8AE88EC}

2011-09-20 12:38:23 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{1AF9693E-9676-4826-94FF-E08258E20071}

2011-09-20 12:38:02 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{19A6AB7C-A605-44F0-83FD-A28375C89D57}

2011-09-20 00:37:49 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{D352AAF6-7087-48E1-8D7E-9639DB9CB3D8}

2011-09-20 00:37:29 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{C13402B7-EB09-4CDC-AD3A-69A000D1B7BC}

2011-09-19 12:37:03 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{060796E8-F97C-49E6-8A40-1ED9A4B11346}

2011-09-19 12:36:53 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{146C8B25-2ECC-43D1-A06F-DA114975ABB6}

2011-09-18 22:16:43 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{5FB7CAC9-EBE3-436D-8FA8-A44B459345D9}

2011-09-18 22:16:33 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{22F8D63B-1C2B-4C9A-BA78-38799CDB8C48}

2011-09-17 12:46:54 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{D95CA2B5-E2C6-43AA-8C0B-1B6921DEA2EF}

2011-09-17 12:46:44 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{02F66C7E-E4A5-420F-9A1E-A7348574F7D2}

2011-09-16 12:15:23 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{565AAE0F-DDED-4373-ADF9-16E66A69BDC9}

2011-09-16 12:15:13 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{D9BEFECE-9B8A-44C3-A04E-B2CF4DE8C6EE}

2011-09-15 12:17:21 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{64A8E45E-8431-4EF1-A2B3-9ACDA5546762}

2011-09-15 12:17:11 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{047C9667-4D67-42D4-ACAE-A0903B5A7EB5}

2011-09-14 00:14:18 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{9072601C-882A-4BB8-A3C5-2CF20EFD1DB1}

2011-09-14 00:13:56 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{D259EA59-DF16-43AD-A6C8-2015D836BCE5}

2011-09-13 12:13:31 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{4C35BBCC-C219-48DA-9E93-EC714B864F37}

2011-09-13 12:13:20 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{C0DBDA31-AF89-4658-A72F-C144DB8ED8D2}

2011-09-13 10:30:08 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2011-09-12 23:29:53 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{C4214F37-9AEE-4467-8B81-8165AA756561}

2011-09-12 23:29:43 -------- d-----w- C:\Users\MaryHelen\AppData\Local\{7CC2AD4C-04ED-43DE-BBD8-890B562DEC10}

.

==================== Find3M ====================

.

2011-08-18 22:29:52 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-08 10:08:58 46672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll

2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-07-19 09:05:24 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 21:23:42.44 ===============

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

First, thank you for your help. I cannot tell you how much I appreciate it.

Now the logs:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7964

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

10/17/2011 8:33:50 AM

mbam-log-2011-10-17 (08-33-50).txt

Scan type: Quick scan

Objects scanned: 183266

Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ComboFix 11-10-16.03 - MaryHelen 10/17/2011 8:48.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1891 [GMT -4:00]

Running from: c:\users\MaryHelen\Downloads\COMBOFIX.EXE

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\StartNow Toolbar

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png

c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png

c:\program files (x86)\StartNow Toolbar\Resources\installer.xml

c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html

c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css

c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css

c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png

c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css

c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js

c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png

c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml

c:\program files (x86)\StartNow Toolbar\Resources\update.xml

c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe

c:\program files (x86)\StartNow Toolbar\Toolbar32.dll

c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe

c:\program files (x86)\StartNow Toolbar\uninstall.dat

c:\windows\assembly\tmp\U

c:\windows\assembly\tmp\U\00000001.@

c:\windows\assembly\tmp\U\00000002.@

c:\windows\assembly\tmp\U\000000c0.@

c:\windows\assembly\tmp\U\000000cb.@

c:\windows\assembly\tmp\U\000000cf.@

c:\windows\assembly\tmp\U\80000000.@

c:\windows\assembly\tmp\U\80000032.@

c:\windows\assembly\tmp\U\80000064.@

c:\windows\assembly\tmp\U\800000c0.@

c:\windows\assembly\tmp\U\800000cb.@

c:\windows\assembly\tmp\U\800000cf.@

c:\windows\system32\consrv.dll

c:\windows\System64

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Updater Service for StartNow Toolbar

-------\Service_Updater Service for StartNow Toolbar

.

.

((((((((((((((((((((((((( Files Created from 2011-09-17 to 2011-10-17 )))))))))))))))))))))))))))))))

.

.

2011-10-17 12:55 . 2011-10-17 12:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-12 22:29 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys

2011-10-12 22:29 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-12 22:29 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-12 22:29 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

2011-10-12 22:29 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax

2011-10-12 22:29 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-12 22:29 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-10-12 22:29 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-10-12 22:29 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2011-10-09 22:21 . 2011-10-12 02:11 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE

2011-10-09 22:12 . 2011-10-09 22:12 -------- d-----w- C:\!KillBox

2011-10-09 21:40 . 2011-10-09 21:40 388096 ----a-r- c:\users\MaryHelen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-10-09 21:40 . 2011-10-09 21:40 -------- d-----w- c:\program files (x86)\Trend Micro

2011-10-09 19:02 . 2011-10-09 19:02 -------- d-----w- c:\program files (x86)\IObit Toolbar

2011-10-09 19:02 . 2011-10-09 19:02 -------- d-----w- c:\program files (x86)\Application Updater

2011-10-09 19:02 . 2011-10-09 19:02 -------- d-----w- c:\program files (x86)\Common Files\Spigot

2011-10-09 19:01 . 2011-10-09 19:01 -------- d-----w- c:\users\MaryHelen\AppData\Roaming\IObit

2011-10-09 19:01 . 2011-10-09 19:01 -------- d-----w- c:\programdata\IObit

2011-10-09 19:01 . 2011-10-09 19:01 -------- d-----w- c:\program files (x86)\IObit

2011-10-08 18:14 . 2011-10-08 18:14 -------- d-----w- c:\users\MaryHelen\AppData\Roaming\Malwarebytes

2011-10-08 18:14 . 2011-10-08 18:14 -------- d-----w- c:\programdata\Malwarebytes

2011-10-08 18:14 . 2011-10-08 18:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-10-08 18:14 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-08 17:48 . 2011-10-08 18:15 -------- d-----w- C:\sh4ldr

2011-10-08 17:48 . 2011-10-08 17:48 -------- d-----w- c:\program files\Enigma Software Group

2011-10-08 17:03 . 2011-10-08 18:15 -------- d-----w- c:\windows\14E9D3713DAD4A57B935577AB862F3B3.TMP

2011-10-08 17:03 . 2011-10-08 17:03 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2011-10-07 12:48 . 2011-10-07 12:48 -------- d-----w- c:\users\MaryHelen\AppData\Roaming\Auslogics

2011-10-07 12:47 . 2011-10-07 12:47 -------- d-----w- c:\program files (x86)\Auslogics

2011-10-07 12:40 . 2011-10-07 12:40 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-10-06 12:49 . 2011-10-06 12:49 -------- d-----w- c:\users\MaryHelen\AppData\Roaming\FILEHUNTER

2011-10-06 12:48 . 2011-10-06 12:48 -------- d-----w- c:\program files (x86)\WBTOOLTB

2011-10-06 03:27 . 2011-10-06 03:27 -------- d-----w- c:\users\MaryHelen\AppData\Roaming\ParetoLogic

2011-10-06 03:27 . 2011-10-06 03:27 -------- d-----w- c:\users\MaryHelen\AppData\Roaming\DriverCure

2011-10-06 03:26 . 2011-10-06 12:48 -------- d-----w- c:\programdata\ParetoLogic

2011-10-06 03:26 . 2011-10-06 03:26 -------- d-----w- c:\program files (x86)\ParetoLogic

2011-10-06 01:02 . 2011-10-06 12:49 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner

2011-10-06 00:46 . 2011-10-06 01:01 -------- d-----w- c:\programdata\STOPzilla!

2011-10-06 00:23 . 2011-10-06 00:23 -------- d-----w- c:\windows\SysWow64\drivers\AVG

2011-09-24 12:51 . 2011-09-24 12:51 -------- d-----w- c:\users\MaryHelen\AppData\Roaming\AVG2012

2011-09-24 12:51 . 2011-10-06 02:50 -------- d-----w- c:\programdata\AVG2012

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-17 12:16 . 2011-05-18 11:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-13 10:30 . 2011-09-13 10:30 37456 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2011-08-23 22:52 . 2011-08-23 22:52 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-08-08 10:08 . 2011-08-08 10:08 46672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-03 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-03 136176]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 rsvcdwdr;rsvcdwdr;c:\windows\system32\DRIVERS\rsvcdwdr.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-09-28 745880]

R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R4 IS360service;IS360service;c:\program files (x86)\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter64.exe [2009-07-15 210720]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-09-20 5671792]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-03 19:06]

.

2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-03 19:06]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]

"combofix"="c:\combofix\CF30849.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.2.1 74.128.19.102 74.128.17.114

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - ProfilePath - c:\users\MaryHelen\AppData\Roaming\Mozilla\Firefox\Profiles\5vi4qcxu.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=723823&p=

.

.

------- File Associations -------

.

.txt=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKU-Default-Run-Update - c:\windows\system32\config\systemprofile\AppData\Local\SoftGrid Client\SoftGridUpdate\SoftGridupdt32.DLL

Wow6432Node-HKU-Default-Run-Apple Update - c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.DLL

Wow6432Node-HKU-Default-Run-Auslogics Update - c:\windows\system32\config\systemprofile\AppData\Local\Google\GoogleUpdate\Googleupdt32.DLL

AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,f6,e8,f0,32,65,d4,4b,90,60,6c,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,f6,e8,f0,32,65,d4,4b,90,60,6c,\

.

[HKEY_USERS\S-1-5-21-1205460435-2408577011-2874436273-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1205460435-2408577011-2874436273-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

.

**************************************************************************

.

Completion time: 2011-10-17 18:46:16 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-17 22:46

.

Pre-Run: 417,468,411,904 bytes free

Post-Run: 417,091,739,648 bytes free

.

- - End Of File - - 5E34AC7B7F7F6889DF3CF268F2C95949

Also, just before I ran these scans, Free AVG 2012 picked up two infections with the name Trojan horse Fake.AV.TBM

Link to post
Share on other sites

  • Staff

Hi,

I see you have IOBit software installed.

Please read this:

http://forums.malwarebytes.org/index.php?showtopic=33217

I highly recommend uninstalling their software.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

I followed your advice to remove IOBit. Three logs are below:

18:23:01.0086 4220 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48

18:23:01.0555 4220 ============================================================

18:23:01.0556 4220 Current date / time: 2011/10/24 18:23:01.0555

18:23:01.0556 4220 SystemInfo:

18:23:01.0556 4220

18:23:01.0556 4220 OS Version: 6.1.7601 ServicePack: 1.0

18:23:01.0556 4220 Product type: Workstation

18:23:01.0556 4220 ComputerName: CENTAUR

18:23:01.0556 4220 UserName: MaryHelen

18:23:01.0556 4220 Windows directory: C:\Windows

18:23:01.0556 4220 System windows directory: C:\Windows

18:23:01.0556 4220 Running under WOW64

18:23:01.0556 4220 Processor architecture: Intel x64

18:23:01.0556 4220 Number of processors: 2

18:23:01.0556 4220 Page size: 0x1000

18:23:01.0556 4220 Boot type: Normal boot

18:23:01.0556 4220 ============================================================

18:23:06.0099 4220 Initialize success

18:23:12.0861 4108 ============================================================

18:23:12.0861 4108 Scan started

18:23:12.0861 4108 Mode: Manual;

18:23:12.0861 4108 ============================================================

18:23:15.0813 4108 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

18:23:15.0815 4108 1394ohci - ok

18:23:15.0923 4108 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

18:23:15.0930 4108 ACPI - ok

18:23:15.0989 4108 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

18:23:15.0990 4108 AcpiPmi - ok

18:23:16.0038 4108 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys

18:23:16.0039 4108 adfs - ok

18:23:16.0162 4108 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

18:23:16.0165 4108 adp94xx - ok

18:23:16.0233 4108 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

18:23:16.0236 4108 adpahci - ok

18:23:16.0264 4108 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

18:23:16.0265 4108 adpu320 - ok

18:23:16.0462 4108 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

18:23:16.0466 4108 AFD - ok

18:23:16.0610 4108 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

18:23:16.0611 4108 agp440 - ok

18:23:16.0729 4108 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

18:23:16.0730 4108 aliide - ok

18:23:17.0009 4108 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

18:23:17.0009 4108 amdide - ok

18:23:17.0096 4108 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

18:23:17.0097 4108 AmdK8 - ok

18:23:18.0306 4108 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys

18:23:18.0465 4108 amdkmdag - ok

18:23:18.0938 4108 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys

18:23:18.0946 4108 amdkmdap - ok

18:23:19.0132 4108 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

18:23:19.0134 4108 AmdPPM - ok

18:23:19.0302 4108 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

18:23:19.0305 4108 amdsata - ok

18:23:19.0510 4108 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

18:23:19.0514 4108 amdsbs - ok

18:23:19.0793 4108 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

18:23:19.0796 4108 amdxata - ok

18:23:20.0056 4108 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

18:23:20.0058 4108 AppID - ok

18:23:20.0366 4108 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

18:23:20.0369 4108 arc - ok

18:23:20.0624 4108 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

18:23:20.0627 4108 arcsas - ok

18:23:21.0006 4108 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

18:23:21.0010 4108 AsyncMac - ok

18:23:21.0170 4108 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

18:23:21.0171 4108 atapi - ok

18:23:21.0386 4108 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys

18:23:21.0391 4108 AtiHdmiService - ok

18:23:22.0209 4108 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys

18:23:22.0254 4108 atikmdag - ok

18:23:22.0376 4108 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys

18:23:22.0378 4108 AtiPcie - ok

18:23:22.0560 4108 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

18:23:22.0566 4108 AVGIDSDriver - ok

18:23:22.0682 4108 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

18:23:22.0683 4108 AVGIDSEH - ok

18:23:22.0912 4108 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

18:23:22.0919 4108 AVGIDSFilter - ok

18:23:23.0065 4108 Avgldx64 (dadfccfb036da99fa83e7e1d29290a6c) C:\Windows\system32\DRIVERS\avgldx64.sys

18:23:23.0091 4108 Avgldx64 - ok

18:23:23.0237 4108 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys

18:23:23.0244 4108 Avgmfx64 - ok

18:23:23.0438 4108 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys

18:23:23.0440 4108 Avgrkx64 - ok

18:23:23.0516 4108 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys

18:23:23.0541 4108 Avgtdia - ok

18:23:23.0806 4108 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

18:23:23.0830 4108 b06bdrv - ok

18:23:24.0147 4108 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

18:23:24.0151 4108 b57nd60a - ok

18:23:24.0406 4108 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

18:23:24.0409 4108 Beep - ok

18:23:24.0589 4108 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

18:23:24.0623 4108 blbdrive - ok

18:23:24.0666 4108 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

18:23:24.0680 4108 bowser - ok

18:23:24.0726 4108 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

18:23:24.0727 4108 BrFiltLo - ok

18:23:24.0743 4108 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

18:23:24.0744 4108 BrFiltUp - ok

18:23:24.0774 4108 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

18:23:24.0776 4108 Brserid - ok

18:23:24.0813 4108 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

18:23:24.0815 4108 BrSerWdm - ok

18:23:24.0907 4108 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

18:23:24.0908 4108 BrUsbMdm - ok

18:23:24.0922 4108 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

18:23:24.0923 4108 BrUsbSer - ok

18:23:24.0948 4108 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

18:23:24.0949 4108 BTHMODEM - ok

18:23:24.0989 4108 catchme - ok

18:23:25.0050 4108 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

18:23:25.0054 4108 cdfs - ok

18:23:25.0097 4108 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

18:23:25.0100 4108 cdrom - ok

18:23:25.0124 4108 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

18:23:25.0125 4108 circlass - ok

18:23:25.0152 4108 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

18:23:25.0155 4108 CLFS - ok

18:23:25.0288 4108 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

18:23:25.0290 4108 CmBatt - ok

18:23:25.0331 4108 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

18:23:25.0331 4108 cmdide - ok

18:23:25.0421 4108 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

18:23:25.0424 4108 CNG - ok

18:23:25.0465 4108 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

18:23:25.0467 4108 Compbatt - ok

18:23:25.0534 4108 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

18:23:25.0536 4108 CompositeBus - ok

18:23:25.0568 4108 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

18:23:25.0569 4108 crcdisk - ok

18:23:25.0633 4108 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

18:23:25.0635 4108 DfsC - ok

18:23:25.0648 4108 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

18:23:25.0650 4108 discache - ok

18:23:25.0673 4108 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

18:23:25.0674 4108 Disk - ok

18:23:25.0965 4108 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

18:23:25.0967 4108 drmkaud - ok

18:23:26.0041 4108 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

18:23:26.0048 4108 DXGKrnl - ok

18:23:26.0260 4108 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

18:23:26.0284 4108 ebdrv - ok

18:23:26.0518 4108 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

18:23:26.0528 4108 elxstor - ok

18:23:26.0656 4108 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

18:23:26.0658 4108 ErrDev - ok

18:23:26.0895 4108 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

18:23:26.0898 4108 exfat - ok

18:23:26.0928 4108 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

18:23:26.0933 4108 fastfat - ok

18:23:26.0995 4108 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

18:23:26.0996 4108 fdc - ok

18:23:27.0047 4108 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

18:23:27.0049 4108 FileInfo - ok

18:23:27.0074 4108 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

18:23:27.0079 4108 Filetrace - ok

18:23:27.0246 4108 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

18:23:27.0248 4108 flpydisk - ok

18:23:27.0371 4108 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

18:23:27.0377 4108 FltMgr - ok

18:23:27.0426 4108 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

18:23:27.0435 4108 FsDepends - ok

18:23:27.0454 4108 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

18:23:27.0457 4108 Fs_Rec - ok

18:23:27.0510 4108 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

18:23:27.0515 4108 fvevol - ok

18:23:27.0563 4108 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

18:23:27.0573 4108 gagp30kx - ok

18:23:27.0679 4108 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

18:23:27.0680 4108 GEARAspiWDM - ok

18:23:27.0902 4108 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

18:23:27.0918 4108 hcw85cir - ok

18:23:28.0027 4108 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

18:23:28.0031 4108 HDAudBus - ok

18:23:28.0111 4108 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

18:23:28.0116 4108 HidBatt - ok

18:23:28.0203 4108 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

18:23:28.0204 4108 HidBth - ok

18:23:28.0244 4108 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

18:23:28.0247 4108 HidIr - ok

18:23:28.0346 4108 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

18:23:28.0348 4108 HidUsb - ok

18:23:28.0397 4108 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

18:23:28.0398 4108 HpSAMD - ok

18:23:28.0451 4108 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

18:23:28.0459 4108 HTTP - ok

18:23:28.0525 4108 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

18:23:28.0526 4108 hwpolicy - ok

18:23:28.0574 4108 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

18:23:28.0575 4108 i8042prt - ok

18:23:28.0599 4108 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

18:23:28.0602 4108 iaStorV - ok

18:23:28.0624 4108 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

18:23:28.0625 4108 iirsp - ok

18:23:28.0888 4108 IntcAzAudAddService (9526f32b8a76f8dc25a1587400e30084) C:\Windows\system32\drivers\RTKVHD64.sys

18:23:28.0956 4108 IntcAzAudAddService - ok

18:23:29.0092 4108 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

18:23:29.0093 4108 intelide - ok

18:23:29.0141 4108 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

18:23:29.0142 4108 intelppm - ok

18:23:29.0187 4108 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:23:29.0189 4108 IpFilterDriver - ok

18:23:29.0231 4108 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

18:23:29.0232 4108 IPMIDRV - ok

18:23:29.0246 4108 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

18:23:29.0250 4108 IPNAT - ok

18:23:29.0281 4108 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

18:23:29.0282 4108 IRENUM - ok

18:23:29.0311 4108 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

18:23:29.0312 4108 isapnp - ok

18:23:29.0334 4108 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

18:23:29.0336 4108 iScsiPrt - ok

18:23:29.0374 4108 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys

18:23:29.0377 4108 k57nd60a - ok

18:23:29.0400 4108 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

18:23:29.0402 4108 kbdclass - ok

18:23:29.0420 4108 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

18:23:29.0421 4108 kbdhid - ok

18:23:29.0460 4108 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

18:23:29.0460 4108 KSecDD - ok

18:23:29.0495 4108 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

18:23:29.0496 4108 KSecPkg - ok

18:23:29.0603 4108 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

18:23:29.0604 4108 ksthunk - ok

18:23:29.0649 4108 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

18:23:29.0652 4108 lltdio - ok

18:23:29.0702 4108 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

18:23:29.0703 4108 LSI_FC - ok

18:23:29.0748 4108 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

18:23:29.0752 4108 LSI_SAS - ok

18:23:29.0777 4108 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

18:23:29.0778 4108 LSI_SAS2 - ok

18:23:29.0809 4108 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

18:23:29.0810 4108 LSI_SCSI - ok

18:23:29.0842 4108 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

18:23:29.0843 4108 luafv - ok

18:23:29.0884 4108 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys

18:23:29.0885 4108 MBAMProtector - ok

18:23:29.0922 4108 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

18:23:29.0923 4108 megasas - ok

18:23:29.0948 4108 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

18:23:29.0951 4108 MegaSR - ok

18:23:29.0983 4108 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

18:23:29.0985 4108 Modem - ok

18:23:30.0025 4108 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

18:23:30.0026 4108 monitor - ok

18:23:30.0064 4108 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

18:23:30.0065 4108 mouclass - ok

18:23:30.0085 4108 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

18:23:30.0086 4108 mouhid - ok

18:23:30.0116 4108 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

18:23:30.0117 4108 mountmgr - ok

18:23:30.0195 4108 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

18:23:30.0196 4108 mpio - ok

18:23:30.0226 4108 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

18:23:30.0227 4108 mpsdrv - ok

18:23:30.0277 4108 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

18:23:30.0279 4108 MRxDAV - ok

18:23:30.0313 4108 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

18:23:30.0315 4108 mrxsmb - ok

18:23:30.0349 4108 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:23:30.0353 4108 mrxsmb10 - ok

18:23:30.0385 4108 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:23:30.0387 4108 mrxsmb20 - ok

18:23:30.0428 4108 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

18:23:30.0429 4108 msahci - ok

18:23:30.0459 4108 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

18:23:30.0461 4108 msdsm - ok

18:23:30.0484 4108 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

18:23:30.0486 4108 Msfs - ok

18:23:30.0502 4108 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

18:23:30.0503 4108 mshidkmdf - ok

18:23:30.0512 4108 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

18:23:30.0513 4108 msisadrv - ok

18:23:30.0557 4108 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

18:23:30.0559 4108 MSKSSRV - ok

18:23:30.0581 4108 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

18:23:30.0584 4108 MSPCLOCK - ok

18:23:30.0603 4108 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

18:23:30.0607 4108 MSPQM - ok

18:23:30.0737 4108 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

18:23:30.0755 4108 MsRPC - ok

18:23:30.0818 4108 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

18:23:30.0819 4108 mssmbios - ok

18:23:30.0847 4108 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

18:23:30.0849 4108 MSTEE - ok

18:23:30.0870 4108 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

18:23:30.0871 4108 MTConfig - ok

18:23:30.0881 4108 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

18:23:30.0882 4108 Mup - ok

18:23:30.0931 4108 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

18:23:30.0935 4108 NativeWifiP - ok

18:23:30.0988 4108 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

18:23:30.0994 4108 NDIS - ok

18:23:31.0014 4108 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

18:23:31.0016 4108 NdisCap - ok

18:23:31.0039 4108 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

18:23:31.0043 4108 NdisTapi - ok

18:23:31.0080 4108 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

18:23:31.0082 4108 Ndisuio - ok

18:23:31.0125 4108 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

18:23:31.0128 4108 NdisWan - ok

18:23:31.0178 4108 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

18:23:31.0184 4108 NDProxy - ok

18:23:31.0254 4108 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

18:23:31.0262 4108 NetBIOS - ok

18:23:31.0299 4108 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

18:23:31.0304 4108 NetBT - ok

18:23:31.0539 4108 netr28x (6560e0240bda43dfe3bdd5fdf7c6670d) C:\Windows\system32\DRIVERS\netr28x.sys

18:23:31.0547 4108 netr28x - ok

18:23:31.0614 4108 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

18:23:31.0615 4108 nfrd960 - ok

18:23:31.0648 4108 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

18:23:31.0655 4108 Npfs - ok

18:23:31.0680 4108 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

18:23:31.0681 4108 nsiproxy - ok

18:23:31.0731 4108 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

18:23:31.0774 4108 Ntfs - ok

18:23:31.0874 4108 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

18:23:31.0878 4108 Null - ok

18:23:31.0940 4108 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

18:23:31.0942 4108 nvraid - ok

18:23:31.0993 4108 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

18:23:31.0994 4108 nvstor - ok

18:23:32.0097 4108 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

18:23:32.0099 4108 nv_agp - ok

18:23:32.0269 4108 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

18:23:32.0270 4108 ohci1394 - ok

18:23:32.0497 4108 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

18:23:32.0500 4108 Parport - ok

18:23:32.0561 4108 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

18:23:32.0562 4108 partmgr - ok

18:23:32.0604 4108 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

18:23:32.0606 4108 pci - ok

18:23:32.0637 4108 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

18:23:32.0638 4108 pciide - ok

18:23:32.0689 4108 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

18:23:32.0700 4108 pcmcia - ok

18:23:32.0747 4108 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

18:23:32.0748 4108 pcw - ok

18:23:32.0959 4108 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

18:23:32.0977 4108 PEAUTH - ok

18:23:33.0095 4108 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

18:23:33.0097 4108 PptpMiniport - ok

18:23:33.0139 4108 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

18:23:33.0141 4108 Processor - ok

18:23:33.0189 4108 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

18:23:33.0191 4108 Psched - ok

18:23:33.0224 4108 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

18:23:33.0226 4108 PxHlpa64 - ok

18:23:33.0263 4108 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

18:23:33.0290 4108 ql2300 - ok

18:23:33.0306 4108 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

18:23:33.0308 4108 ql40xx - ok

18:23:33.0322 4108 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

18:23:33.0324 4108 QWAVEdrv - ok

18:23:33.0351 4108 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

18:23:33.0353 4108 RasAcd - ok

18:23:33.0381 4108 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

18:23:33.0382 4108 RasAgileVpn - ok

18:23:33.0425 4108 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

18:23:33.0430 4108 Rasl2tp - ok

18:23:33.0450 4108 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

18:23:33.0453 4108 RasPppoe - ok

18:23:33.0483 4108 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

18:23:33.0489 4108 RasSstp - ok

18:23:33.0578 4108 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

18:23:33.0591 4108 rdbss - ok

18:23:33.0657 4108 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

18:23:33.0659 4108 rdpbus - ok

18:23:33.0705 4108 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

18:23:33.0706 4108 RDPCDD - ok

18:23:33.0821 4108 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

18:23:33.0829 4108 RDPENCDD - ok

18:23:33.0933 4108 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

18:23:33.0935 4108 RDPREFMP - ok

18:23:34.0033 4108 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

18:23:34.0037 4108 RDPWD - ok

18:23:34.0125 4108 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

18:23:34.0130 4108 rdyboost - ok

18:23:34.0193 4108 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

18:23:34.0198 4108 rspndr - ok

18:23:34.0294 4108 rsvcdwdr (c8d0ca461d647165dd5c8de1ff5ea822) C:\Windows\system32\DRIVERS\rsvcdwdr.sys

18:23:34.0296 4108 rsvcdwdr - ok

18:23:34.0335 4108 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

18:23:34.0337 4108 sbp2port - ok

18:23:34.0379 4108 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

18:23:34.0385 4108 scfilter - ok

18:23:34.0475 4108 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

18:23:34.0478 4108 secdrv - ok

18:23:34.0516 4108 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

18:23:34.0520 4108 Serenum - ok

18:23:34.0570 4108 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

18:23:34.0573 4108 Serial - ok

18:23:34.0604 4108 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

18:23:34.0607 4108 sermouse - ok

18:23:34.0652 4108 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

18:23:34.0663 4108 sffdisk - ok

18:23:35.0008 4108 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

18:23:35.0010 4108 sffp_mmc - ok

18:23:35.0043 4108 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

18:23:35.0044 4108 sffp_sd - ok

18:23:35.0073 4108 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

18:23:35.0077 4108 sfloppy - ok

18:23:35.0148 4108 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

18:23:35.0150 4108 SiSRaid2 - ok

18:23:35.0189 4108 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

18:23:35.0211 4108 SiSRaid4 - ok

18:23:35.0279 4108 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

18:23:35.0287 4108 Smb - ok

18:23:35.0368 4108 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

18:23:35.0371 4108 spldr - ok

18:23:35.0624 4108 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys

18:23:35.0648 4108 sptd - ok

18:23:35.0864 4108 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

18:23:35.0873 4108 srv - ok

18:23:35.0932 4108 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

18:23:35.0941 4108 srv2 - ok

18:23:35.0976 4108 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

18:23:36.0002 4108 srvnet - ok

18:23:36.0110 4108 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

18:23:36.0114 4108 stexstor - ok

18:23:36.0155 4108 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

18:23:36.0158 4108 swenum - ok

18:23:36.0294 4108 tbhsd (93f0f5ef8a4ca261372df98b31b2bd05) C:\Windows\system32\drivers\tbhsd.sys

18:23:36.0297 4108 tbhsd - ok

18:23:36.0419 4108 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys

18:23:36.0463 4108 Tcpip - ok

18:23:36.0610 4108 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys

18:23:36.0620 4108 TCPIP6 - ok

18:23:36.0822 4108 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

18:23:36.0824 4108 tcpipreg - ok

18:23:36.0905 4108 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

18:23:36.0907 4108 TDPIPE - ok

18:23:36.0921 4108 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

18:23:36.0927 4108 TDTCP - ok

18:23:36.0981 4108 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

18:23:36.0995 4108 tdx - ok

18:23:37.0062 4108 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

18:23:37.0065 4108 TermDD - ok

18:23:37.0176 4108 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

18:23:37.0179 4108 tssecsrv - ok

18:23:37.0222 4108 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

18:23:37.0223 4108 TsUsbFlt - ok

18:23:37.0277 4108 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

18:23:37.0279 4108 tunnel - ok

18:23:37.0297 4108 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

18:23:37.0299 4108 uagp35 - ok

18:23:37.0335 4108 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

18:23:37.0340 4108 udfs - ok

18:23:37.0376 4108 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

18:23:37.0384 4108 uliagpkx - ok

18:23:37.0471 4108 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

18:23:37.0473 4108 umbus - ok

18:23:37.0515 4108 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

18:23:37.0517 4108 UmPass - ok

18:23:37.0539 4108 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

18:23:37.0552 4108 usbccgp - ok

18:23:37.0586 4108 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

18:23:37.0588 4108 usbcir - ok

18:23:37.0614 4108 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

18:23:37.0616 4108 usbehci - ok

18:23:37.0646 4108 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

18:23:37.0652 4108 usbhub - ok

18:23:37.0662 4108 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

18:23:37.0664 4108 usbohci - ok

18:23:37.0693 4108 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

18:23:37.0699 4108 usbprint - ok

18:23:37.0731 4108 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

18:23:37.0764 4108 usbscan - ok

18:23:37.0967 4108 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:23:37.0968 4108 USBSTOR - ok

18:23:38.0049 4108 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

18:23:38.0069 4108 usbuhci - ok

18:23:38.0413 4108 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

18:23:38.0416 4108 vdrvroot - ok

18:23:38.0742 4108 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

18:23:38.0821 4108 vga - ok

18:23:39.0217 4108 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

18:23:39.0229 4108 VgaSave - ok

18:23:39.0337 4108 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

18:23:39.0350 4108 vhdmp - ok

18:23:39.0379 4108 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

18:23:39.0381 4108 viaide - ok

18:23:39.0411 4108 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

18:23:39.0418 4108 volmgr - ok

18:23:39.0479 4108 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

18:23:39.0495 4108 volmgrx - ok

18:23:39.0543 4108 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

18:23:39.0546 4108 volsnap - ok

18:23:39.0599 4108 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

18:23:39.0606 4108 vsmraid - ok

18:23:39.0638 4108 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

18:23:39.0642 4108 vwifibus - ok

18:23:39.0674 4108 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

18:23:39.0681 4108 vwififlt - ok

18:23:39.0723 4108 wacmoumonitor (43ce14e1e17da81ea71dfe686805ed07) C:\Windows\system32\DRIVERS\wacmoumonitor.sys

18:23:39.0730 4108 wacmoumonitor - ok

18:23:39.0748 4108 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys

18:23:39.0756 4108 wacommousefilter - ok

18:23:39.0776 4108 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

18:23:39.0778 4108 WacomPen - ok

18:23:39.0819 4108 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys

18:23:39.0821 4108 wacomvhid - ok

18:23:39.0887 4108 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

18:23:39.0889 4108 WANARP - ok

18:23:39.0893 4108 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

18:23:39.0894 4108 Wanarpv6 - ok

18:23:39.0944 4108 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

18:23:39.0948 4108 Wd - ok

18:23:39.0973 4108 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

18:23:39.0980 4108 Wdf01000 - ok

18:23:40.0012 4108 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

18:23:40.0017 4108 WfpLwf - ok

18:23:40.0060 4108 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

18:23:40.0065 4108 WimFltr - ok

18:23:40.0084 4108 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

18:23:40.0088 4108 WIMMount - ok

18:23:40.0161 4108 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

18:23:40.0164 4108 WmiAcpi - ok

18:23:40.0207 4108 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

18:23:40.0219 4108 ws2ifsl - ok

18:23:40.0275 4108 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

18:23:40.0277 4108 WudfPf - ok

18:23:40.0299 4108 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

18:23:40.0301 4108 WUDFRd - ok

18:23:40.0340 4108 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

18:23:40.0350 4108 \Device\Harddisk0\DR0 - ok

18:23:40.0358 4108 Boot (0x1200) (1592f3138a2002d7b4c6964eead2019e) \Device\Harddisk0\DR0\Partition0

18:23:40.0359 4108 \Device\Harddisk0\DR0\Partition0 - ok

18:23:40.0368 4108 Boot (0x1200) (5a9f9b689c63ba57cf969bc40566a07e) \Device\Harddisk0\DR0\Partition1

18:23:40.0372 4108 \Device\Harddisk0\DR0\Partition1 - ok

18:23:40.0373 4108 ============================================================

18:23:40.0373 4108 Scan finished

18:23:40.0373 4108 ============================================================

18:23:40.0387 3776 Detected object count: 0

18:23:40.0387 3776 Actual detected object count: 0

18:24:38.0196 5044 Deinitialize success

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=0353ec63e784b54dab1e79a2786a8b63

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-10-23 02:58:03

# local_time=2011-10-22 10:58:03 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 1055693 1055693 0 0

# compatibility_mode=1024 16777215 100 0 1548254 1548254 0 0

# compatibility_mode=5893 16776574 100 94 8585995 70881954 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=2936

# found=0

# cleaned=0

# scan_time=179

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=0353ec63e784b54dab1e79a2786a8b63

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-10-23 04:13:18

# local_time=2011-10-23 12:13:18 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 1055954 1055954 0 0

# compatibility_mode=1024 16777215 100 0 1548515 1548515 0 0

# compatibility_mode=5893 16776574 100 94 8586256 70882215 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=341841

# found=0

# cleaned=0

# scan_time=4432

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=0353ec63e784b54dab1e79a2786a8b63

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-10-24 11:54:12

# local_time=2011-10-24 07:54:12 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 1212517 1212517 0 0

# compatibility_mode=1024 16777215 100 0 1705078 1705078 0 0

# compatibility_mode=5893 16776574 100 94 8742819 71038778 0 0

# compatibility_mode=8192 67108863 100 0 92157 92157 0 0

# scanned=341615

# found=0

# cleaned=0

# scan_time=5124

Note on that -- the first scan was disrupted, though was showing 5 suspect items. I didn't realize that it would write over the same log file with a new scan. The items were apparently removed, since they weren't found the second run. Most of the items removed by the original scan were related to a "Whitesmoke" toolbar.

Results of screen317's Security Check version 0.99.24

Windows 7 x64 (UAC is disabled!)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Auslogics Registry Cleaner

Java 6 Update 27

Adobe Flash Player 11.0.1.152

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

AVG avgwdsvc.exe

AVG avgtray.exe

``````````End of Log````````````

Malwarebytes stopped reporting suspicious outgoing processes after running ComboFix the last time, so that part appears to be fixed. AVG reported Trojan horse Generic25.AIDD during the first ESETS scan, however. I'll wait a few days to make sure the issues are truly resolved.

Again, thanks for your help.

Link to post
Share on other sites

  • Staff

Hi,

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

ESET Online Scanner v3

Java™ 6 Update 27

Restart your computer.

Get the latest version of Java.

Let me know what issues remain.

Link to post
Share on other sites

Hi, sorry for the hold up.

I ran TFC and removed the programs listed. The only one I'm trouble with is Combofix, as Windows can't find the uninstall file. It still shows up in the C drive, though. Is there another way to remove it?

I haven't had any problems with malware, so other than that, I think I'm good. :)

Thanks!

Link to post
Share on other sites

  • Staff

Great!!

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.