Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trying to remove trojan

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trying to remove trojan

Unread postby swanvestas » June 17th, 2012, 9:50 am

Hi guys, when running Malwarebytes it shows a trojan is present, so after supposedly removing it and it going into quaranteen then rebooting it is still there. Would greatly appreciate any help on the removal of this.
DDS Logs

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_07
Run by Brian at 14:11:52 on 2012-06-17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4094.2548 [GMT 1:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\vVX3000.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.pcworld.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmn2/i ... ction2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553538400} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0DE46F63-55F3-4A2F-8058-2203380698B0} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EEE6300E-B981-4EA2-8323-9AA672FE96C5} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun-x64: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun-x64: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun-x64: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/06/12 08:57:19];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-6-12 146928]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-5-3 1226096]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-1-6 192512]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-22 1262400]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys --> C:\Windows\system32\drivers\HCW85BDA.sys [?]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
R3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-25 135664]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-25 135664]
S3 LVcKap64;Logitech AEC Driver;C:\Windows\system32\DRIVERS\LVcKap64.sys --> C:\Windows\system32\DRIVERS\LVcKap64.sys [?]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 TVICHW64;TVICHW64;C:\Windows\SysWOW64\drivers\TVICHW64.SYS [2009-8-18 21200]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-16 89920]
S4 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
S4 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\Windows\system32\drivers\hcw85cir.sys --> C:\Windows\system32\drivers\hcw85cir.sys [?]
S4 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S4 Rauspsa4s;Rauspsa4s; [x]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-06-16 19:17:12 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-06-16 19:17:11 78848 ----a-w- C:\Windows\System32\imagehlp.dll
2012-06-16 19:17:11 5632 ----a-w- C:\Windows\System32\wmi.dll
2012-06-16 19:17:11 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-06-16 19:17:11 219136 ----a-w- C:\Windows\System32\wintrust.dll
2012-06-16 19:17:11 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-06-16 19:17:11 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-06-16 19:15:26 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-16 18:50:25 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-06-16 18:50:24 2767360 ----a-w- C:\Windows\System32\win32k.sys
2012-06-16 18:47:49 72576 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-06-16 05:05:30 -------- d-----w- C:\Users\Brian\AppData\Roaming\AVG
2012-05-23 21:43:29 -------- d-----w- C:\Users\Brian\AppData\Roaming\quickclick
2012-05-23 19:28:12 -------- d-----w- C:\Users\Brian\AppData\Local\adaware
2012-05-23 19:28:11 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-05-23 19:27:26 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-05-23 19:27:23 256632 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-05-23 19:27:23 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-05-23 19:27:20 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys
2012-05-23 19:27:20 45936 ----a-w- C:\Windows\System32\sbbd.exe
2012-05-23 19:27:18 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-05-23 19:24:51 -------- d-----w- C:\Users\Brian\AppData\Roaming\Ad-Aware Antivirus
2012-05-23 18:41:56 -------- d-----w- C:\ProgramData\GFI Software
2012-05-23 00:26:34 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-05-22 23:12:03 -------- d-----w- C:\Users\Brian\AppData\Local\Conduit
2012-05-22 21:10:24 -------- d-----w- C:\Users\Brian\AppData\Roaming\NVIDIA
2012-05-22 20:33:09 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-05-22 20:31:39 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-05-20 20:30:01 -------- d-----w- C:\Users\Brian\AppData\Roaming\Friday's games
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-15 01:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-01 14:29:44 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-19 03:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-04 14:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 14:14:42.65 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 02/02/2009 17:53:04
System Uptime: 17/06/2012 14:07:35 (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Benicia
Processor: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz | CPU 1 | 2333/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 917 GiB total, 691.888 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.972 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
ActiveCheck component for HP Active Support Library
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adam's Venture Episode 1: The Search for the Lost Garden
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader 9.5.1
Ancient Secrets: Mystery of the Vanishing Bride
Annabel
Apple Application Support
Apple Software Update
AVG PC Tuneup
Behind The Reflection 2: Witch's Revenge
Big City Adventure: London Story
Bigfoot: Chasing Shadows
Bloodline of the Fallen: Anna's Sacrifice
Brink of Consciousness: Dorian Gray Syndrome Collector's Edtion
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
Dark Parables - Curse of Briar Rose
Dark Strokes: Sins of the Fathers
Department 42: The Mystery of the Nine
Dr. Who Episode 1: City of the Daleks
Dracula Series Part 1: The Strange Case of Martha
Dracula Series Part 2: The Myth of the Vampire
Dracula Series Part 3: The Destruction of the Evil
Dracula: Origin
Dream Chronicles
Dream Chronicles - The Book of Air Collector's Edition
Dream Chronicles - The Chosen Child
Dream Chronicles 2
Dream Chronicles: The Book of Water Collector's Edition
Dream Mysteries - Case of the Red Fox
Echoes Bundle
Empress of the Deep II : Song of the Blue Whale
Enhanced Multimedia Keyboard Solution
Escape the Lost Kingdom
Fallen Shadows
Fiction Fixers: The Curse of Oz
Google Earth
Google Update Helper
Google Updater
Haunted Past Realm of Ghosts Collector's Edition
Hauppauge MCE XP/Vista Software Encoder (2.0.26268)
Hide and Secret
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
House of 1000 Doors: Family Secret
House of 1000 Doors: The Palm of Zoroaster
House, MD
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Demo
HP Easy Backup
HP Games
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP Picasso Media Center Add-In
HP Product Detection
HP Recovery Manager RSS
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
Immortal Lovers
J2SE Runtime Environment 5.0 Update 17
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 6 Update 7
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
Jurassic Realm
LabelPrint
Legends of the Wild West - Golden Hill
LightScribe System Software
Little Shop - Memories
Lost Souls 2: Enchanted Paintings Collector's Edition
Love and Death - Bitten
Malwarebytes Anti-Malware version 1.61.0.1400
Marooned
Marooned 2: The Secrets of the Akoni
Mata Hari
Microsoft AutoRoute 2001
Microsoft Corporation
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Midnight Mysteries- Salem Witch Trials
Midnight Mysteries: Haunted Houdini
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
Mystery of Mortlake Mansion
Mystery P.I. - Stolen in San Francisco
Mystery Stories: Mountains of Madness
Nancy Drew - Curse of Blackmoor Manor
Nancy Drew - Legend of the Crystal Skull
Nancy Drew - The Phantom of Venice
Nancy Drew - The White Wolf of Icicle Creek
National Geographic - Herod's Lost Tomb
Nightfall Mysteries: Asylum Conspiracy
Nightfall Mysteries: Curse of the Opera
Nightmare on the Pacific
Nostradamus: The Last Prophecy - Episode 1: Deadly Providence
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Oddly Enough: Pied Piper
Odysseus: Long Way From Home
Paige Harper and the Tome of Mystery
Phantasmat
Phoenix Viewer 1.6.0.1600
Power2Go
PowerDirector
Princess Isabella: Return of the Curse -- Collector's Edition
Python 2.5.2
QuickTime
Realtek High Definition Audio Driver
Sacra Terra: Angelic Night
Samantha Swift and the Fountains of Fate
Samantha Swift and the Golden Touch
Secrets of the Dragon Wheel
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SoftMCE Encoder
sp41099
sp43113
SPORE Creature Creator Trial Edition
Temple of Life Collector's Edition
The Clockwork Man - The Hidden World
The Dracula Files
The Inquisitor
The Legend of Crystal Valley
The Mystery of the Dragon Prince
The Treasures of Mystery Island
The Treasures of Mystery Island: The Ghost Ship
TomTom HOME 2.8.3.2499
TomTom HOME Visual Studio Merge Modules
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2522999)
Update Installer for WildTangent Games App
Vampire Brides - Love Over Death
Vampire Saga - Pandora's Box
Vampire Saga 3: Break Out
Vampire Saga: Welcome to Hell Lock
VaultCracker - The Last Safe
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Voodoo Chronicles: The First Sign Collector's Edition
Voodoo Whisperer: Curse of a Legend
White Haven Mysteries Collector's Edition
WildTangent Games
WildTangent Games App
WildTangent Games App (HP Games)
WinRAR archiver
Youda Mystery: The Stanwick Legacy
.
==== Event Viewer Messages From Past Week ========
.
17/06/2012 14:09:37, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32 i8042prt Lbd SRTSP SRTSPX
17/06/2012 14:08:08, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/06/2012 13:35:33, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVG WatchDog service to connect.
12/06/2012 13:35:33, Error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
swanvestas
Regular Member
 
Posts: 20
Joined: June 16th, 2012, 12:28 pm
Advertisement
Register to Remove

Re: Trying to remove trojan

Unread postby deltalima » June 17th, 2012, 4:34 pm

checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Trying to remove trojan

Unread postby deltalima » June 17th, 2012, 4:48 pm

Hi swanvestas,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

multiple Anti Virus programs

  • It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:
    Lavasoft Ad-Aware
    AVG Anti-Virus Free Edition 2012
  • Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
  • Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

  • Please remove one of them then reboot the computer.

when running Malwarebytes it shows a trojan is present


Retrieve Malwarebytes Anti-Malware (MBAM) Log(s)
There is a need to see a scan log from a previous run of MBAM, please do the following:
  1. Start MBAM... click the Logs tab at the top.
    The log will be named by the date & time of scan in the following format: mbam-log-yyyy-mm-dd (time).txt
    If you have had multiple runs of MBAM, there may be several logs showing in the list.
  2. Click on the last (most recent) log name to highlight it... then click the Open button, at bottom left. The log should open in Notepad as a text file.
  3. Please copy and paste the entire mbam-log-yyyy-mm-dd (time).txt file in your next reply.
    Be sure to post the complete log... including the top portion showing MBAM's database version and your operating system.
  4. Exit MBAM when done.
Note: MBAM logs are saved to the following locations:
XP - ?:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
Vista - ?:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs
?:\ is the System Drive... normally C. - and - Username = logon Id.

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Right click on CKScanner.exe and select: Run as Administrator then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Right click on MGADiag.exe and select: Run as Administrator.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Please let me know if the computer is used for home or for business use.


Please let me know how you obtained the license for Microsoft Office Enterprise 2007.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Trying to remove trojan

Unread postby swanvestas » June 17th, 2012, 5:58 pm

First, thanks for replying and helping deltalima.
I have removed Lavasoft Ad-Aware.
The computer is used for home use only.
Regarding the Microsoft office this was installed for me by a friend who had the software.
I will now proceed to follow your other instructions.
swanvestas
Regular Member
 
Posts: 20
Joined: June 16th, 2012, 12:28 pm

Re: Trying to remove trojan

Unread postby deltalima » June 17th, 2012, 6:01 pm

Regarding the Microsoft office this was installed for me by a friend who had the software.


If you do not have a valid license for that software then you need to remove it if you wish to continue to be helped here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Trying to remove trojan

Unread postby swanvestas » June 17th, 2012, 6:16 pm

As am not sure of the validity of this I am in the process of removing now.
swanvestas
Regular Member
 
Posts: 20
Joined: June 16th, 2012, 12:28 pm

Re: Trying to remove trojan

Unread postby swanvestas » June 17th, 2012, 8:37 pm

Malwarebytes Anti-Malware 1.61.0.1400
http://www.malwarebytes.org

Database version: v2012.06.14.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Brian :: HOMEBASE [administrator]

17/06/2012 13:34:01
mbam-log-2012-06-17 (13-34-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246908
Time elapsed: 12 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Run (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\hp games\mah jong quest\images\tile_firecracker-1.pnge
c:\program files (x86)\hp games\mah jong quest\images\tile_firecracker-2.pnge
c:\program files (x86)\hp games\mah jong quest\images\tile_firecracker-3.pnge
c:\program files (x86)\hp games\mah jong quest\images\tile_firecracker1.pnge
c:\program files (x86)\hp games\mah jong quest\images\kwazi3\level5-1cracktop.jpge
c:\program files (x86)\hp games\mah jong quest\images\kwazi5\5_lvl_5a_postcrack1.jpge
c:\program files (x86)\hp games\mah jong quest\images\kwazi5\5_lvl_5a_postcrack2.jpge
c:\program files (x86)\wildgames\bigfoot chasing shadows\sounds\fire_cracking.ogg
c:\program files (x86)\wildgames\bigfoot chasing shadows\sounds\fire_crackling.ogg
c:\program files (x86)\wildgames\bigfoot chasing shadows\sounds\fire_rag_crackling.ogg
c:\program files (x86)\wildgames\bigfoot chasing shadows\sounds\wall_cracks.ogg
c:\program files (x86)\wildgames\empress of the deep ii song of the blue whale\empressofthedeep2_songofthebluewhale.exe
c:\program files (x86)\wildgames\nancy drew - legend of the crystal skull\video\gre_doorcrackanim.bik
c:\program files (x86)\wildgames\nancy drew - legend of the crystal skull\video\gre_doorcrackanim_last.bik
c:\program files (x86)\wildgames\nancy drew - the phantom of venice\sound\firecracker_poppoof01.his
c:\program files (x86)\wildgames\nancy drew - the phantom of venice\sound\firecracker_poppoof02.his
c:\program files (x86)\wildgames\nancy drew - the phantom of venice\sound\firecracker_poppoof03.his
c:\program files (x86)\wildgames\nancy drew - the white wolf of icicle creek\sound\crackle.his
c:\program files (x86)\wildgames\nancy drew - the white wolf of icicle creek\sound\firecrackle_fireplace.his
c:\program files (x86)\wildgames\nancy drew - the white wolf of icicle creek\sound\icecrack.his
c:\program files (x86)\wildgames\nightfall mysteries asylum conspiracy\swfs\windows\wallcrack.swf
c:\program files (x86)\wildgames\vaultcracker - the last safe\ba8f544f-ffeb-4a41-859a-e36de0c0cddc.ico
c:\program files (x86)\wildgames\vaultcracker - the last safe\dirapi.dll
c:\program files (x86)\wildgames\vaultcracker - the last safe\gdf.dll
c:\program files (x86)\wildgames\vaultcracker - the last safe\gdiplus.dll
c:\program files (x86)\wildgames\vaultcracker - the last safe\iml32.dll
c:\program files (x86)\wildgames\vaultcracker - the last safe\localize.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\msvcp71.dll
c:\program files (x86)\wildgames\vaultcracker - the last safe\msvcp80.dll
c:\program files (x86)\wildgames\vaultcracker - the last safe\msvcr71.dll
c:\program files (x86)\wildgames\vaultcracker - the last safe\msvcr80.dll
c:\program files (x86)\wildgames\vaultcracker - the last safe\msvcrt.dll
c:\program files (x86)\wildgames\vaultcracker - the last safe\proj.dll
c:\program files (x86)\wildgames\vaultcracker - the last safe\scripts.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\vaultcracker-wt.exe
c:\program files (x86)\wildgames\vaultcracker - the last safe\vaultcracker.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\vaultcracker.exe
c:\program files (x86)\wildgames\vaultcracker - the last safe\vaultcracker.ini
c:\program files (x86)\wildgames\vaultcracker - the last safe\vaultcracker.wtgc
c:\program files (x86)\wildgames\vaultcracker - the last safe\wtap.dll
c:\program files (x86)\wildgames\vaultcracker - the last safe\branding\gogiilink.txt
c:\program files (x86)\wildgames\vaultcracker - the last safe\branding\publisherlink.txt
c:\program files (x86)\wildgames\vaultcracker - the last safe\branding\publishername.txt
c:\program files (x86)\wildgames\vaultcracker - the last safe\common\local_assets\css\end.css
c:\program files (x86)\wildgames\vaultcracker - the last safe\common\local_assets\css\error.css
c:\program files (x86)\wildgames\vaultcracker - the last safe\common\local_assets\css\going_online.css
c:\program files (x86)\wildgames\vaultcracker - the last safe\common\local_assets\css\login.css
c:\program files (x86)\wildgames\vaultcracker - the last safe\common\local_assets\css\offline_help.css
c:\program files (x86)\wildgames\vaultcracker - the last safe\common\local_assets\css\pin_help.css
c:\program files (x86)\wildgames\vaultcracker - the last safe\common\local_assets\css\start.css
c:\program files (x86)\wildgames\vaultcracker - the last safe\common\local_assets\css\start_no_trials.css
c:\program files (x86)\wildgames\vaultcracker - the last safe\common\local_assets\css\start_right.css
c:\program files (x86)\wildgames\vaultcracker - the last safe\common\local_assets\css\timeout.css
c:\program files (x86)\wildgames\vaultcracker - the last safe\common\local_assets\css\unlock.css
c:\program files (x86)\wildgames\vaultcracker - the last safe\common\local_assets\css\wire.css
c:\program files (x86)\wildgames\vaultcracker - the last safe\common\local_assets\js\cookie.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\common\local_assets\js\debug.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\common\local_assets\js\div.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\common\local_assets\js\main.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\common\local_assets\js\querystring.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\common\local_assets\js\string.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\de\caption.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\de\end.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\de\error.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\de\extracting.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\de\going_online.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\de\login.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\de\offline_help.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\de\pin_help.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\de\processing.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\de\start.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\de\start_no_trials.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\de\start_right.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\de\timeout.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\de\unlock.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\de\local_assets\js\game.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\de\local_assets\js\start.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\en-us\caption.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\en-us\end.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\en-us\error.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\en-us\extracting.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\en-us\going_online.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\en-us\login.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\en-us\offline_help.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\en-us\pin_help.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\en-us\processing.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\en-us\start.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\en-us\start_no_trials.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\en-us\start_right.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\en-us\timeout.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\en-us\unlock.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\en-us\local_assets\js\game.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\en-us\local_assets\js\start.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\es\caption.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es\end.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es\error.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es\extracting.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es\going_online.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es\login.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es\offline_help.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es\pin_help.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es\processing.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es\start.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es\start_no_trials.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es\start_right.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es\timeout.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es\unlock.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es\local_assets\js\game.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\es\local_assets\js\start.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\es-es\caption.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es-es\end.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es-es\error.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es-es\extracting.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es-es\going_online.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es-es\login.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es-es\offline_help.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es-es\pin_help.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es-es\processing.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es-es\start.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es-es\start_no_trials.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es-es\start_right.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es-es\timeout.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es-es\unlock.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\es-es\local_assets\js\game.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\es-es\local_assets\js\start.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\fr\caption.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\fr\end.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\fr\error.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\fr\extracting.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\fr\going_online.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\fr\login.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\fr\offline_help.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\fr\pin_help.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\fr\processing.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\fr\start.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\fr\start_no_trials.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\fr\start_right.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\fr\timeout.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\fr\unlock.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\fr\local_assets\js\game.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\fr\local_assets\js\start.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\intro\csinfo.xml
c:\program files (x86)\wildgames\vaultcracker - the last safe\intro\cutscene text.xml
c:\program files (x86)\wildgames\vaultcracker - the last safe\intro\intro text.xml
c:\program files (x86)\wildgames\vaultcracker - the last safe\intro\safe1.swf
c:\program files (x86)\wildgames\vaultcracker - the last safe\intro\safe2.swf
c:\program files (x86)\wildgames\vaultcracker - the last safe\intro\safe3.swf
c:\program files (x86)\wildgames\vaultcracker - the last safe\intro\safe4.swf
c:\program files (x86)\wildgames\vaultcracker - the last safe\intro\safe5.swf
c:\program files (x86)\wildgames\vaultcracker - the last safe\intro\safe5_diamond.swf
c:\program files (x86)\wildgames\vaultcracker - the last safe\intro\vault cracker cs1.swf
c:\program files (x86)\wildgames\vaultcracker - the last safe\intro\vault cracker cutscene_1 - boat .swf
c:\program files (x86)\wildgames\vaultcracker - the last safe\intro\vault cracker cutscene_2 - house.swf
c:\program files (x86)\wildgames\vaultcracker - the last safe\intro\vault cracker cutscene_3 - casino.swf
c:\program files (x86)\wildgames\vaultcracker - the last safe\intro\vault cracker cutscene_4 - bank.swf
c:\program files (x86)\wildgames\vaultcracker - the last safe\intro\vault cracker intro.swf
c:\program files (x86)\wildgames\vaultcracker - the last safe\intro\vault cracker outro.swf
c:\program files (x86)\wildgames\vaultcracker - the last safe\intro\vault cracker prologue.swf
c:\program files (x86)\wildgames\vaultcracker - the last safe\it\caption.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\it\end.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\it\error.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\it\extracting.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\it\going_online.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\it\login.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\it\offline_help.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\it\pin_help.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\it\processing.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\it\start.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\it\start_no_trials.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\it\start_right.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\it\timeout.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\it\unlock.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\it\local_assets\js\game.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\it\local_assets\js\start.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\ko\caption.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\ko\end.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\ko\error.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\ko\extracting.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\ko\going_online.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\ko\login.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\ko\offline_help.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\ko\pin_help.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\ko\processing.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\ko\start.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\ko\start_no_trials.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\ko\start_right.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\ko\timeout.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\ko\unlock.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\ko\local_assets\js\game.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\ko\local_assets\js\start.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\pt\caption.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\pt\end.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\pt\error.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\pt\extracting.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\pt\going_online.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\pt\login.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\pt\offline_help.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\pt\pin_help.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\pt\processing.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\pt\start.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\pt\start_no_trials.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\pt\start_right.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\pt\timeout.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\pt\unlock.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\pt\local_assets\js\game.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\pt\local_assets\js\start.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\closet.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\closet2.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\closet3.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\closet4.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\closet5.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\girlanim-bank1.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\girlanim-bank2.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\girlanim-boat1.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\girlanim-boat2.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\girlanim-casino1.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\girlanim-casino2.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\girlanim-club1.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\girlanim-house1.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\girlanim-house2.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene1.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene10.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene11.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene12.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene13.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene14.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene15.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene16.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene17.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene18.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene19.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene2.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene20.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene21.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene22.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene23.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene24.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene25.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene26.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene27.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene28.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene29.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene3.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene30.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene31.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene32.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene33.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene34.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene4.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene5.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene6.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene7.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene8.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\scenes\scene9.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\uninstall\game.dat
c:\program files (x86)\wildgames\vaultcracker - the last safe\uninstall\launch.dat
c:\program files (x86)\wildgames\vaultcracker - the last safe\uninstall\touchpoints.dat
c:\program files (x86)\wildgames\vaultcracker - the last safe\uninstall\uninstall.dat
c:\program files (x86)\wildgames\vaultcracker - the last safe\uninstall\uninstaller.exe
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\buddy api xtra.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\mevdllbinder.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\shell.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\core\directsound.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\core\macromix.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\core\textxtra.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\core\mix\avi agent.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\core\mix\flash agent.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\core\mix\jpeg agent.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\core\mix\mix services.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\core\mix\png import export.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\core\mix\script agent.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\core\net support\ineturl.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\core\net support\netfile.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\filter\bitmapfilters.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\media element\flvasset.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\media element\font asset.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\media element\font xtra.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\media element\sound control.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\media element\swadcmpr.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\media element\text asset.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\media element\vector editor xtra.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\media element\flash asset\flash asset options.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\media element\flash asset\flash asset.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\scripting\fileio.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\scripting\netlingo.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\scripting\uihelper.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\xtras\scripting\xmlparser.x32
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh\caption.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh\end.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh\error.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh\extracting.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh\going_online.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh\login.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh\offline_help.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh\pin_help.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh\processing.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh\start.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh\start_no_trials.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh\start_right.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh\timeout.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh\unlock.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh\local_assets\js\game.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh\local_assets\js\start.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh-cn\caption.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh-cn\end.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh-cn\error.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh-cn\extracting.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh-cn\going_online.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh-cn\login.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh-cn\offline_help.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh-cn\pin_help.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh-cn\processing.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh-cn\start.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh-cn\start_no_trials.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh-cn\start_right.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh-cn\timeout.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh-cn\unlock.html
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh-cn\local_assets\js\game.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\zh-cn\local_assets\js\start.js
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\closet1_01.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\closet1_02.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\closet1_03.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\closet1_04.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\particles.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\safecrack1.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\safecrack2.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\safecrack3.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\safecrack4.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\safecrack5.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene12_01.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene12_02.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene12_03.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene13_01.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene13_03.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene13_lockpick.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene14_01.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene14_02.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene16_01.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene19_01.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene20_01.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene20_02.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene21_01.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene23_01.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene23_02.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene24_01.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene24_02.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene25_lockpick.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene26_01.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene27_01.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene28_01.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene28_02.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene28_03.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene29_01.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene29_02.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene2_01.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene2_02.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene30_01.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene30_02.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene31_01.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene31_02.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene34_lockpick.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene3_lockpick.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene6_lockpick.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene7_01.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene7_02.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene7_03.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\scene8_01.dcr
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\sounds.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\zoomeffects.cct
c:\program files (x86)\wildgames\vaultcracker - the last safe\zooms\zoomscripts.cct
c:\program files (x86)\wildtangent games\games\echoesbundle\my games\2\sounds\sfx\s_0067_glasscrackle.ogg
c:\program files (x86)\wildtangent games\games\secretsofthedragonwheel\game\data\audio\sfx\firecracker1.ogg
c:\program files (x86)\wildtangent games\games\secretsofthedragonwheel\game\data\audio\sfx\firecracker2.ogg
c:\program files (x86)\wildtangent games\games\secretsofthedragonwheel\game\data\audio\sfx\firecracker3.ogg
c:\program files (x86)\wildtangent games\games\secretsofthedragonwheel\game\data\audio\sfx\firecrackers.ogg
c:\program files (x86)\wildtangent games\games\secretsofthedragonwheel\game\data\audio\voice\station_vendfirecrackers.ogg
c:\program files (x86)\wildtangent games\games\secretsofthedragonwheel\game\data\audio\voice\station_vendfirecrackers_hint.ogg
c:\program files (x86)\wildtangent games\games\secretsofthedragonwheel\game\data\audio\voice\station_vend_firecracker.ogg
c:\program files (x86)\wildtangent games\games\secretsofthedragonwheel\game\data\audio\voice\station_vend_getfirecrackers.ogg
c:\program files (x86)\wildtangent games\games\secretsofthedragonwheel\game\data\audio\voice\station_vend_gotfirecrackers.ogg
c:\program files (x86)\wildtangent games\games\secretsofthedragonwheel\game\data\audio\voice\station_vend_need_firecrackers.ogg
c:\program files (x86)\wildtangent games\games\secretsofthedragonwheel\game\data\levels\station_vendfirecrackers.t2d.dso
c:\program files (x86)\wildtangent games\games\secretsofthedragonwheel\game\gamescripts\nodescripts\station_vendfirecrackers.cs.dso
scanner sequence 3.ZZ.11.HQLBNQ
----- EOF -----

When I run the MGADiag.exe as Administrator or not, on the desktop I get a window up within seconds of clicking continue. After clicking copy nothing happens, have tried a few times to no avail.
swanvestas
Regular Member
 
Posts: 20
Joined: June 16th, 2012, 12:28 pm

Re: Trying to remove trojan

Unread postby deltalima » June 18th, 2012, 4:23 am

Hi swanvestas,

TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Trying to remove trojan

Unread postby swanvestas » June 18th, 2012, 10:48 am

Hi deltalima,
I ran the TDSS.exe and it detected nothing, log below.

15:37:07.0467 4264 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
15:37:07.0642 4264 ============================================================
15:37:07.0642 4264 Current date / time: 2012/06/18 15:37:07.0642
15:37:07.0642 4264 SystemInfo:
15:37:07.0642 4264
15:37:07.0642 4264 OS Version: 6.0.6002 ServicePack: 2.0
15:37:07.0642 4264 Product type: Workstation
15:37:07.0642 4264 ComputerName: HOMEBASE
15:37:07.0642 4264 UserName: Brian
15:37:07.0642 4264 Windows directory: C:\Windows
15:37:07.0642 4264 System windows directory: C:\Windows
15:37:07.0642 4264 Running under WOW64
15:37:07.0642 4264 Processor architecture: Intel x64
15:37:07.0642 4264 Number of processors: 4
15:37:07.0642 4264 Page size: 0x1000
15:37:07.0642 4264 Boot type: Normal boot
15:37:07.0642 4264 ============================================================
15:37:07.0991 4264 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:37:08.0013 4264 ============================================================
15:37:08.0013 4264 \Device\Harddisk0\DR0:
15:37:08.0013 4264 MBR partitions:
15:37:08.0013 4264 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x72A1C8E3
15:37:08.0013 4264 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x72A1C922, BlocksNum 0x1CE909F
15:37:08.0013 4264 ============================================================
15:37:08.0036 4264 C: <-> \Device\Harddisk0\DR0\Partition0
15:37:08.0149 4264 D: <-> \Device\Harddisk0\DR0\Partition1
15:37:08.0149 4264 ============================================================
15:37:08.0149 4264 Initialize success
15:37:08.0149 4264 ============================================================
15:37:24.0631 2924 ============================================================
15:37:24.0631 2924 Scan started
15:37:24.0631 2924 Mode: Manual;
15:37:24.0631 2924 ============================================================
15:37:25.0008 2924 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
15:37:25.0012 2924 ACPI - ok
15:37:25.0113 2924 Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
15:37:25.0115 2924 Adobe LM Service - ok
15:37:25.0222 2924 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
15:37:25.0263 2924 adp94xx - ok
15:37:25.0336 2924 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
15:37:25.0348 2924 adpahci - ok
15:37:25.0378 2924 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
15:37:25.0380 2924 adpu160m - ok
15:37:25.0421 2924 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
15:37:25.0426 2924 adpu320 - ok
15:37:25.0467 2924 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
15:37:25.0468 2924 AeLookupSvc - ok
15:37:25.0518 2924 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
15:37:25.0529 2924 AFD - ok
15:37:25.0565 2924 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
15:37:25.0567 2924 agp440 - ok
15:37:25.0603 2924 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
15:37:25.0605 2924 aic78xx - ok
15:37:25.0621 2924 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
15:37:25.0622 2924 ALG - ok
15:37:25.0658 2924 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
15:37:25.0659 2924 aliide - ok
15:37:25.0684 2924 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
15:37:25.0685 2924 amdide - ok
15:37:25.0697 2924 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
15:37:25.0698 2924 AmdK8 - ok
15:37:25.0735 2924 Amfilter (71aff825b960731e2ae366467bc0d1f3) C:\Windows\system32\DRIVERS\Amfltx64.sys
15:37:25.0736 2924 Amfilter - ok
15:37:25.0756 2924 Amusbprt (8f1db3d133197affa3a721953eb0988c) C:\Windows\system32\DRIVERS\Amusbx64.sys
15:37:25.0757 2924 Amusbprt - ok
15:37:25.0796 2924 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
15:37:25.0797 2924 Appinfo - ok
15:37:25.0894 2924 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:37:25.0895 2924 Apple Mobile Device - ok
15:37:25.0922 2924 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
15:37:25.0924 2924 arc - ok
15:37:25.0995 2924 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
15:37:25.0996 2924 arcsas - ok
15:37:26.0032 2924 ASPI32 - ok
15:37:26.0056 2924 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
15:37:26.0057 2924 AsyncMac - ok
15:37:26.0103 2924 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
15:37:26.0104 2924 atapi - ok
15:37:26.0165 2924 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
15:37:26.0168 2924 AudioEndpointBuilder - ok
15:37:26.0173 2924 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
15:37:26.0176 2924 AudioSrv - ok
15:37:26.0492 2924 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
15:37:26.0523 2924 AVGIDSAgent - ok
15:37:26.0667 2924 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
15:37:26.0668 2924 AVGIDSDriver - ok
15:37:26.0698 2924 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
15:37:26.0699 2924 AVGIDSFilter - ok
15:37:26.0736 2924 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
15:37:26.0737 2924 AVGIDSHA - ok
15:37:26.0780 2924 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
15:37:26.0782 2924 Avgldx64 - ok
15:37:26.0815 2924 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
15:37:26.0816 2924 Avgmfx64 - ok
15:37:26.0831 2924 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
15:37:26.0832 2924 Avgrkx64 - ok
15:37:26.0872 2924 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
15:37:26.0874 2924 Avgtdia - ok
15:37:26.0958 2924 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
15:37:26.0959 2924 avgwd - ok
15:37:27.0041 2924 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
15:37:27.0049 2924 BFE - ok
15:37:27.0212 2924 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
15:37:27.0219 2924 BITS - ok
15:37:27.0342 2924 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
15:37:27.0343 2924 blbdrive - ok
15:37:27.0445 2924 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
15:37:27.0447 2924 Bonjour Service - ok
15:37:27.0484 2924 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
15:37:27.0485 2924 bowser - ok
15:37:27.0540 2924 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
15:37:27.0542 2924 BrFiltLo - ok
15:37:27.0557 2924 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
15:37:27.0558 2924 BrFiltUp - ok
15:37:27.0612 2924 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
15:37:27.0613 2924 Browser - ok
15:37:27.0636 2924 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
15:37:27.0638 2924 Brserid - ok
15:37:27.0661 2924 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
15:37:27.0663 2924 BrSerWdm - ok
15:37:27.0684 2924 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
15:37:27.0686 2924 BrUsbMdm - ok
15:37:27.0711 2924 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
15:37:27.0712 2924 BrUsbSer - ok
15:37:27.0742 2924 BthEnum (09f926a0d9c0bafd8417a4307d2ed13c) C:\Windows\system32\DRIVERS\BthEnum.sys
15:37:27.0743 2924 BthEnum - ok
15:37:27.0764 2924 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
15:37:27.0765 2924 BTHMODEM - ok
15:37:27.0809 2924 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
15:37:27.0811 2924 BthPan - ok
15:37:27.0890 2924 BTHPORT (e1466882252ff51edde48c3f7eda2591) C:\Windows\system32\Drivers\BTHport.sys
15:37:28.0045 2924 BTHPORT - ok
15:37:28.0107 2924 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll
15:37:28.0107 2924 BthServ - ok
15:37:28.0128 2924 BTHUSB (970192cded77a128e7e30722e5ee6b9c) C:\Windows\system32\Drivers\BTHUSB.sys
15:37:28.0129 2924 BTHUSB - ok
15:37:28.0163 2924 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
15:37:28.0164 2924 cdfs - ok
15:37:28.0200 2924 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
15:37:28.0202 2924 cdrom - ok
15:37:28.0246 2924 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
15:37:28.0246 2924 CertPropSvc - ok
15:37:28.0259 2924 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
15:37:28.0260 2924 circlass - ok
15:37:28.0308 2924 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
15:37:28.0311 2924 CLFS - ok
15:37:28.0378 2924 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:37:28.0380 2924 clr_optimization_v2.0.50727_32 - ok
15:37:28.0438 2924 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:37:28.0440 2924 clr_optimization_v2.0.50727_64 - ok
15:37:28.0513 2924 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:37:28.0514 2924 clr_optimization_v4.0.30319_32 - ok
15:37:28.0548 2924 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:37:28.0549 2924 clr_optimization_v4.0.30319_64 - ok
15:37:28.0590 2924 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
15:37:28.0592 2924 cmdide - ok
15:37:28.0623 2924 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
15:37:28.0624 2924 Compbatt - ok
15:37:28.0626 2924 COMSysApp - ok
15:37:28.0644 2924 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
15:37:28.0645 2924 crcdisk - ok
15:37:28.0692 2924 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
15:37:28.0694 2924 CryptSvc - ok
15:37:28.0762 2924 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
15:37:28.0767 2924 DcomLaunch - ok
15:37:28.0807 2924 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
15:37:28.0808 2924 DfsC - ok
15:37:28.0999 2924 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
15:37:29.0075 2924 DFSR - ok
15:37:29.0210 2924 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
15:37:29.0212 2924 Dhcp - ok
15:37:29.0265 2924 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
15:37:29.0266 2924 disk - ok
15:37:29.0309 2924 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
15:37:29.0310 2924 Dnscache - ok
15:37:29.0346 2924 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
15:37:29.0347 2924 dot3svc - ok
15:37:29.0395 2924 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
15:37:29.0396 2924 DPS - ok
15:37:29.0434 2924 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
15:37:29.0435 2924 drmkaud - ok
15:37:29.0506 2924 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
15:37:29.0517 2924 DXGKrnl - ok
15:37:29.0551 2924 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
15:37:29.0558 2924 E1G60 - ok
15:37:29.0601 2924 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
15:37:29.0602 2924 EapHost - ok
15:37:29.0649 2924 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
15:37:29.0650 2924 Ecache - ok
15:37:29.0707 2924 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
15:37:29.0710 2924 ehRecvr - ok
15:37:29.0731 2924 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
15:37:29.0732 2924 ehSched - ok
15:37:29.0749 2924 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
15:37:29.0749 2924 ehstart - ok
15:37:29.0805 2924 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
15:37:29.0815 2924 elxstor - ok
15:37:29.0875 2924 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
15:37:29.0878 2924 EMDMgmt - ok
15:37:29.0911 2924 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
15:37:29.0912 2924 ErrDev - ok
15:37:29.0962 2924 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
15:37:29.0965 2924 EventSystem - ok
15:37:30.0017 2924 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
15:37:30.0022 2924 exfat - ok
15:37:30.0036 2924 ezSharedSvc - ok
15:37:30.0086 2924 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
15:37:30.0101 2924 fastfat - ok
15:37:30.0136 2924 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
15:37:30.0137 2924 fdc - ok
15:37:30.0161 2924 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
15:37:30.0162 2924 fdPHost - ok
15:37:30.0177 2924 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
15:37:30.0179 2924 FDResPub - ok
15:37:30.0197 2924 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
15:37:30.0198 2924 FileInfo - ok
15:37:30.0215 2924 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
15:37:30.0216 2924 Filetrace - ok
15:37:30.0232 2924 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:37:30.0233 2924 flpydisk - ok
15:37:30.0277 2924 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
15:37:30.0279 2924 FltMgr - ok
15:37:30.0393 2924 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
15:37:30.0400 2924 FontCache - ok
15:37:30.0490 2924 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:37:30.0491 2924 FontCache3.0.0.0 - ok
15:37:30.0528 2924 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
15:37:30.0539 2924 Fs_Rec - ok
15:37:30.0597 2924 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
15:37:30.0599 2924 gagp30kx - ok
15:37:30.0713 2924 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
15:37:30.0718 2924 GamesAppService - ok
15:37:30.0750 2924 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:37:30.0751 2924 GEARAspiWDM - ok
15:37:30.0812 2924 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
15:37:30.0817 2924 gpsvc - ok
15:37:30.0916 2924 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:37:30.0918 2924 gupdate - ok
15:37:30.0925 2924 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:37:30.0926 2924 gupdatem - ok
15:37:30.0960 2924 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:37:30.0962 2924 gusvc - ok
15:37:31.0082 2924 HCW85BDA (98405343d7dcd330fe1b08c8f4c3900c) C:\Windows\system32\drivers\HCW85BDA.sys
15:37:31.0136 2924 HCW85BDA - ok
15:37:31.0266 2924 hcw85cir (e55ca0624a437eccb450c21e57be46c4) C:\Windows\system32\drivers\hcw85cir.sys
15:37:31.0267 2924 hcw85cir - ok
15:37:31.0340 2924 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:37:31.0351 2924 HDAudBus - ok
15:37:31.0403 2924 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
15:37:31.0405 2924 HidBth - ok
15:37:31.0433 2924 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
15:37:31.0434 2924 HidIr - ok
15:37:31.0450 2924 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
15:37:31.0451 2924 hidserv - ok
15:37:31.0474 2924 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
15:37:31.0475 2924 HidUsb - ok
15:37:31.0506 2924 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
15:37:31.0508 2924 hkmsvc - ok
15:37:31.0603 2924 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
15:37:31.0604 2924 HP Health Check Service - ok
15:37:31.0649 2924 HPBtnSrv (deab3bf5aefbdc3f9ac0e020926ec81d) C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
15:37:31.0650 2924 HPBtnSrv - ok
15:37:31.0676 2924 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
15:37:31.0678 2924 HpCISSs - ok
15:37:31.0728 2924 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
15:37:31.0731 2924 HTTP - ok
15:37:31.0769 2924 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
15:37:31.0770 2924 i2omp - ok
15:37:31.0793 2924 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
15:37:31.0794 2924 i8042prt - ok
15:37:31.0862 2924 IAANTMON (1117af8c53aa278a4c5b7ef1b00e08f4) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:37:31.0864 2924 IAANTMON - ok
15:37:31.0928 2924 iaStor (8eacf469269fb1509561961a3188f670) C:\Windows\system32\drivers\iastor.sys
15:37:31.0931 2924 iaStor - ok
15:37:31.0994 2924 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
15:37:32.0018 2924 iaStorV - ok
15:37:32.0153 2924 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:37:32.0165 2924 idsvc - ok
15:37:32.0211 2924 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
15:37:32.0212 2924 iirsp - ok
15:37:32.0250 2924 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
15:37:32.0253 2924 IKEEXT - ok
15:37:32.0440 2924 IntcAzAudAddService (3edd3ce185da3e6aaec22adcfd7b1d54) C:\Windows\system32\drivers\RTKVHD64.sys
15:37:32.0527 2924 IntcAzAudAddService - ok
15:37:32.0650 2924 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
15:37:32.0651 2924 intelide - ok
15:37:32.0674 2924 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
15:37:32.0675 2924 intelppm - ok
15:37:32.0701 2924 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
15:37:32.0702 2924 IPBusEnum - ok
15:37:32.0741 2924 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:37:32.0743 2924 IpFilterDriver - ok
15:37:32.0795 2924 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
15:37:32.0798 2924 iphlpsvc - ok
15:37:32.0801 2924 IpInIp - ok
15:37:32.0854 2924 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
15:37:32.0856 2924 IPMIDRV - ok
15:37:32.0891 2924 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
15:37:32.0893 2924 IPNAT - ok
15:37:33.0024 2924 iPod Service (a9e53e1a9c4274eebc00d36ae5ed40de) C:\Program Files\iPod\bin\iPodService.exe
15:37:33.0030 2924 iPod Service - ok
15:37:33.0049 2924 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
15:37:33.0050 2924 IRENUM - ok
15:37:33.0071 2924 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
15:37:33.0072 2924 isapnp - ok
15:37:33.0110 2924 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
15:37:33.0112 2924 iScsiPrt - ok
15:37:33.0157 2924 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
15:37:33.0159 2924 iteatapi - ok
15:37:33.0202 2924 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
15:37:33.0203 2924 iteraid - ok
15:37:33.0216 2924 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
15:37:33.0217 2924 kbdclass - ok
15:37:33.0238 2924 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
15:37:33.0239 2924 kbdhid - ok
15:37:33.0267 2924 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:37:33.0269 2924 KeyIso - ok
15:37:33.0316 2924 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
15:37:33.0319 2924 KSecDD - ok
15:37:33.0370 2924 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
15:37:33.0371 2924 ksthunk - ok
15:37:33.0408 2924 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
15:37:33.0475 2924 KtmRm - ok
15:37:33.0551 2924 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
15:37:33.0554 2924 LanmanServer - ok
15:37:33.0635 2924 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
15:37:33.0638 2924 LanmanWorkstation - ok
15:37:33.0640 2924 Lbd - ok
15:37:33.0758 2924 LightScribeService (dfeff67508d3a9aeb1a85d7b0f513b24) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:37:33.0759 2924 LightScribeService - ok
15:37:33.0773 2924 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
15:37:33.0774 2924 lltdio - ok
15:37:33.0813 2924 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
15:37:33.0849 2924 lltdsvc - ok
15:37:33.0895 2924 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
15:37:33.0897 2924 lmhosts - ok
15:37:33.0923 2924 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
15:37:33.0925 2924 LSI_FC - ok
15:37:33.0955 2924 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
15:37:33.0957 2924 LSI_SAS - ok
15:37:33.0986 2924 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
15:37:33.0988 2924 LSI_SCSI - ok
15:37:34.0012 2924 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
15:37:34.0013 2924 luafv - ok
15:37:34.0120 2924 LVcKap64 (c7039d97dcd940aba7cdf2074de828ca) C:\Windows\system32\DRIVERS\LVcKap64.sys
15:37:34.0181 2924 LVcKap64 - ok
15:37:34.0400 2924 LVMVDrv (5ac4cd0e92449213e338cd1cbcb0fb7a) C:\Windows\system32\DRIVERS\LVMVDrv.sys
15:37:34.0444 2924 LVMVDrv - ok
15:37:34.0531 2924 LVPr2M64 (8d53fe6ddd9855189a823c2a6a99a65f) C:\Windows\system32\DRIVERS\LVPr2M64.sys
15:37:34.0533 2924 LVPr2M64 - ok
15:37:34.0632 2924 LVSrvLauncher (b409d1c5fe799a8706e38653671a9688) C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
15:37:34.0638 2924 LVSrvLauncher - ok
15:37:34.0670 2924 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
15:37:34.0673 2924 Mcx2Svc - ok
15:37:34.0712 2924 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
15:37:34.0713 2924 megasas - ok
15:37:34.0747 2924 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
15:37:34.0757 2924 MegaSR - ok
15:37:34.0787 2924 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
15:37:34.0788 2924 MMCSS - ok
15:37:34.0803 2924 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
15:37:34.0805 2924 Modem - ok
15:37:34.0843 2924 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
15:37:34.0844 2924 monitor - ok
15:37:34.0860 2924 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
15:37:34.0861 2924 mouclass - ok
15:37:34.0875 2924 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
15:37:34.0876 2924 mouhid - ok
15:37:34.0894 2924 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
15:37:34.0895 2924 MountMgr - ok
15:37:34.0927 2924 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
15:37:34.0934 2924 mpio - ok
15:37:34.0951 2924 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
15:37:34.0952 2924 mpsdrv - ok
15:37:35.0010 2924 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
15:37:35.0015 2924 MpsSvc - ok
15:37:35.0028 2924 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
15:37:35.0029 2924 Mraid35x - ok
15:37:35.0052 2924 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
15:37:35.0054 2924 MRxDAV - ok
15:37:35.0085 2924 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:37:35.0086 2924 mrxsmb - ok
15:37:35.0130 2924 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:37:35.0131 2924 mrxsmb10 - ok
15:37:35.0142 2924 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:37:35.0143 2924 mrxsmb20 - ok
15:37:35.0159 2924 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
15:37:35.0160 2924 msahci - ok
15:37:35.0243 2924 MSCamSvc (a592a054d78750b4d73abaa4c94decdf) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
15:37:35.0244 2924 MSCamSvc - ok
15:37:35.0258 2924 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
15:37:35.0260 2924 msdsm - ok
15:37:35.0301 2924 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
15:37:35.0304 2924 MSDTC - ok
15:37:35.0338 2924 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
15:37:35.0340 2924 Msfs - ok
15:37:35.0344 2924 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
15:37:35.0344 2924 msisadrv - ok
15:37:35.0379 2924 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
15:37:35.0386 2924 MSiSCSI - ok
15:37:35.0388 2924 msiserver - ok
15:37:35.0423 2924 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
15:37:35.0424 2924 MSKSSRV - ok
15:37:35.0439 2924 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
15:37:35.0441 2924 MSPCLOCK - ok
15:37:35.0462 2924 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
15:37:35.0463 2924 MSPQM - ok
15:37:35.0513 2924 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
15:37:35.0515 2924 MsRPC - ok
15:37:35.0537 2924 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
15:37:35.0538 2924 mssmbios - ok
15:37:35.0548 2924 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
15:37:35.0549 2924 MSTEE - ok
15:37:35.0555 2924 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
15:37:35.0556 2924 Mup - ok
15:37:35.0595 2924 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
15:37:35.0606 2924 napagent - ok
15:37:35.0648 2924 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
15:37:35.0650 2924 NativeWifiP - ok
15:37:35.0667 2924 NAVENG - ok
15:37:35.0671 2924 NAVEX15 - ok
15:37:35.0746 2924 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
15:37:35.0751 2924 NDIS - ok
15:37:35.0760 2924 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
15:37:35.0761 2924 NdisTapi - ok
15:37:35.0767 2924 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
15:37:35.0768 2924 Ndisuio - ok
15:37:35.0786 2924 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
15:37:35.0792 2924 NdisWan - ok
15:37:35.0809 2924 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
15:37:35.0810 2924 NDProxy - ok
15:37:35.0821 2924 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
15:37:35.0822 2924 NetBIOS - ok
15:37:35.0840 2924 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
15:37:35.0855 2924 netbt - ok
15:37:35.0878 2924 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:37:35.0879 2924 Netlogon - ok
15:37:35.0918 2924 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
15:37:35.0921 2924 Netman - ok
15:37:35.0945 2924 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
15:37:35.0948 2924 netprofm - ok
15:37:36.0017 2924 netr28x (653a267797a4de4a69014ed61945067a) C:\Windows\system32\DRIVERS\netr28x.sys
15:37:36.0032 2924 netr28x - ok
15:37:36.0107 2924 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:37:36.0109 2924 NetTcpPortSharing - ok
15:37:36.0132 2924 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
15:37:36.0134 2924 nfrd960 - ok
15:37:36.0173 2924 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
15:37:36.0175 2924 NlaSvc - ok
15:37:36.0206 2924 Norton Internet Security - ok
15:37:36.0239 2924 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
15:37:36.0241 2924 Npfs - ok
15:37:36.0254 2924 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
15:37:36.0256 2924 nsi - ok
15:37:36.0259 2924 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
15:37:36.0260 2924 nsiproxy - ok
15:37:36.0359 2924 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
15:37:36.0367 2924 Ntfs - ok
15:37:36.0441 2924 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
15:37:36.0442 2924 Null - ok
15:37:37.0130 2924 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:37:37.0214 2924 nvlddmkm - ok
15:37:37.0337 2924 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
15:37:37.0344 2924 nvraid - ok
15:37:37.0357 2924 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
15:37:37.0358 2924 nvstor - ok
15:37:37.0431 2924 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
15:37:37.0436 2924 nvsvc - ok
15:37:37.0537 2924 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:37:37.0544 2924 nvUpdatusService - ok
15:37:37.0635 2924 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
15:37:37.0638 2924 nv_agp - ok
15:37:37.0641 2924 NwlnkFlt - ok
15:37:37.0646 2924 NwlnkFwd - ok
15:37:37.0706 2924 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
15:37:37.0708 2924 ohci1394 - ok
15:37:37.0776 2924 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:37:37.0782 2924 p2pimsvc - ok
15:37:37.0789 2924 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:37:37.0795 2924 p2psvc - ok
15:37:37.0822 2924 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
15:37:37.0824 2924 Parport - ok
15:37:37.0868 2924 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
15:37:37.0869 2924 partmgr - ok
15:37:37.0902 2924 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
15:37:37.0904 2924 PcaSvc - ok
15:37:37.0917 2924 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
15:37:37.0918 2924 pci - ok
15:37:37.0938 2924 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
15:37:37.0940 2924 pciide - ok
15:37:37.0962 2924 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
15:37:37.0967 2924 pcmcia - ok
15:37:38.0025 2924 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
15:37:38.0030 2924 PEAUTH - ok
15:37:38.0110 2924 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
15:37:38.0112 2924 PerfHost - ok
15:37:38.0202 2924 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
15:37:38.0211 2924 pla - ok
15:37:38.0248 2924 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
15:37:38.0251 2924 PlugPlay - ok
15:37:38.0301 2924 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:37:38.0307 2924 PNRPAutoReg - ok
15:37:38.0314 2924 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:37:38.0321 2924 PNRPsvc - ok
15:37:38.0368 2924 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
15:37:38.0386 2924 PolicyAgent - ok
15:37:38.0450 2924 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
15:37:38.0460 2924 PptpMiniport - ok
15:37:38.0478 2924 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
15:37:38.0480 2924 Processor - ok
15:37:38.0508 2924 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
15:37:38.0510 2924 ProfSvc - ok
15:37:38.0545 2924 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:37:38.0546 2924 ProtectedStorage - ok
15:37:38.0571 2924 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
15:37:38.0572 2924 PSched - ok
15:37:38.0647 2924 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
15:37:38.0667 2924 ql2300 - ok
15:37:38.0701 2924 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
15:37:38.0708 2924 ql40xx - ok
15:37:38.0740 2924 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
15:37:38.0743 2924 QWAVE - ok
15:37:38.0760 2924 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
15:37:38.0761 2924 QWAVEdrv - ok
15:37:38.0772 2924 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
15:37:38.0773 2924 RasAcd - ok
15:37:38.0797 2924 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
15:37:38.0799 2924 RasAuto - ok
15:37:38.0815 2924 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:37:38.0817 2924 Rasl2tp - ok
15:37:38.0844 2924 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
15:37:38.0847 2924 RasMan - ok
15:37:38.0873 2924 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
15:37:38.0875 2924 RasPppoe - ok
15:37:38.0904 2924 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
15:37:38.0906 2924 RasSstp - ok
15:37:38.0957 2924 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
15:37:38.0970 2924 rdbss - ok
15:37:38.0976 2924 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:37:38.0977 2924 RDPCDD - ok
15:37:39.0020 2924 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
15:37:39.0033 2924 rdpdr - ok
15:37:39.0037 2924 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
15:37:39.0038 2924 RDPENCDD - ok
15:37:39.0085 2924 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
15:37:39.0090 2924 RDPWD - ok
15:37:39.0117 2924 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
15:37:39.0119 2924 RemoteAccess - ok
15:37:39.0160 2924 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
15:37:39.0163 2924 RemoteRegistry - ok
15:37:39.0197 2924 RFCOMM (cd71e053d7260e4102d99a28f9196070) C:\Windows\system32\DRIVERS\rfcomm.sys
15:37:39.0203 2924 RFCOMM - ok
15:37:39.0225 2924 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
15:37:39.0226 2924 RpcLocator - ok
15:37:39.0283 2924 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
15:37:39.0289 2924 RpcSs - ok
15:37:39.0296 2924 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
15:37:39.0297 2924 rspndr - ok
15:37:39.0347 2924 RTL8169 (d53c84ec99ab4d78a90001e5ce5386ec) C:\Windows\system32\DRIVERS\Rtlh64.sys
15:37:39.0352 2924 RTL8169 - ok
15:37:39.0378 2924 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:37:39.0379 2924 SamSs - ok
15:37:39.0410 2924 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
15:37:39.0412 2924 sbp2port - ok
15:37:39.0445 2924 SBRE - ok
15:37:39.0465 2924 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
15:37:39.0467 2924 SCardSvr - ok
15:37:39.0528 2924 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
15:37:39.0536 2924 Schedule - ok
15:37:39.0567 2924 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
15:37:39.0568 2924 SCPolicySvc - ok
15:37:39.0598 2924 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
15:37:39.0600 2924 SDRSVC - ok
15:37:39.0630 2924 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:37:39.0631 2924 secdrv - ok
15:37:39.0644 2924 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
15:37:39.0646 2924 seclogon - ok
15:37:39.0660 2924 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
15:37:39.0662 2924 SENS - ok
15:37:39.0694 2924 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
15:37:39.0695 2924 Serenum - ok
15:37:39.0720 2924 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
15:37:39.0721 2924 Serial - ok
15:37:39.0751 2924 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
15:37:39.0752 2924 sermouse - ok
15:37:39.0772 2924 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
15:37:39.0774 2924 SessionEnv - ok
15:37:39.0794 2924 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
15:37:39.0795 2924 sffdisk - ok
15:37:39.0803 2924 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
15:37:39.0804 2924 sffp_mmc - ok
15:37:39.0812 2924 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
15:37:39.0813 2924 sffp_sd - ok
15:37:39.0830 2924 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
15:37:39.0831 2924 sfloppy - ok
15:37:39.0864 2924 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
15:37:39.0867 2924 SharedAccess - ok
15:37:39.0912 2924 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
15:37:39.0915 2924 ShellHWDetection - ok
15:37:39.0935 2924 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
15:37:39.0937 2924 SiSRaid2 - ok
15:37:39.0948 2924 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
15:37:39.0950 2924 SiSRaid4 - ok
15:37:40.0081 2924 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
15:37:40.0095 2924 slsvc - ok
15:37:40.0190 2924 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
15:37:40.0192 2924 SLUINotify - ok
15:37:40.0245 2924 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
15:37:40.0247 2924 Smb - ok
15:37:40.0269 2924 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
15:37:40.0271 2924 SNMPTRAP - ok
15:37:40.0292 2924 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
15:37:40.0292 2924 spldr - ok
15:37:40.0336 2924 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
15:37:40.0340 2924 Spooler - ok
15:37:40.0343 2924 SRTSP - ok
15:37:40.0347 2924 SRTSPX - ok
15:37:40.0390 2924 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
15:37:40.0393 2924 srv - ok
15:37:40.0430 2924 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
15:37:40.0432 2924 srv2 - ok
15:37:40.0463 2924 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
15:37:40.0464 2924 srvnet - ok
15:37:40.0486 2924 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
15:37:40.0488 2924 SSDPSRV - ok
15:37:40.0529 2924 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
15:37:40.0532 2924 SstpSvc - ok
15:37:40.0604 2924 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:37:40.0607 2924 Stereo Service - ok
15:37:40.0639 2924 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
15:37:40.0644 2924 stisvc - ok
15:37:40.0679 2924 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
15:37:40.0681 2924 swenum - ok
15:37:40.0731 2924 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
15:37:40.0735 2924 swprv - ok
15:37:40.0758 2924 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
15:37:40.0760 2924 Symc8xx - ok
15:37:40.0775 2924 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
15:37:40.0777 2924 Sym_hi - ok
15:37:40.0790 2924 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
15:37:40.0792 2924 Sym_u3 - ok
15:37:40.0850 2924 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
15:37:40.0857 2924 SysMain - ok
15:37:40.0887 2924 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
15:37:40.0889 2924 TabletInputService - ok
15:37:40.0932 2924 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
15:37:40.0936 2924 TapiSrv - ok
15:37:40.0948 2924 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
15:37:40.0950 2924 TBS - ok
15:37:41.0046 2924 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
15:37:41.0055 2924 Tcpip - ok
15:37:41.0175 2924 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
15:37:41.0184 2924 Tcpip6 - ok
15:37:41.0244 2924 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
15:37:41.0245 2924 tcpipreg - ok
15:37:41.0262 2924 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
15:37:41.0263 2924 TDPIPE - ok
15:37:41.0279 2924 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
15:37:41.0281 2924 TDTCP - ok
15:37:41.0309 2924 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
15:37:41.0311 2924 tdx - ok
15:37:41.0341 2924 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
15:37:41.0342 2924 TermDD - ok
15:37:41.0392 2924 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
15:37:41.0397 2924 TermService - ok
15:37:41.0434 2924 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
15:37:41.0437 2924 Themes - ok
15:37:41.0475 2924 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
15:37:41.0477 2924 THREADORDER - ok
15:37:41.0517 2924 TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
15:37:41.0518 2924 TomTomHOMEService - ok
15:37:41.0545 2924 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
15:37:41.0547 2924 TrkWks - ok
15:37:41.0603 2924 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
15:37:41.0604 2924 TrustedInstaller - ok
15:37:41.0624 2924 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:37:41.0626 2924 tssecsrv - ok
15:37:41.0645 2924 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
15:37:41.0646 2924 tunmp - ok
15:37:41.0666 2924 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
15:37:41.0667 2924 tunnel - ok
15:37:41.0758 2924 TVICHW64 (1a006963644c7fde5be60036f3a43e68) C:\Windows\SysWOW64\Drivers\TVICHW64.SYS
15:37:41.0759 2924 TVICHW64 - ok
15:37:41.0777 2924 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
15:37:41.0779 2924 uagp35 - ok
15:37:41.0837 2924 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
15:37:41.0850 2924 udfs - ok
15:37:41.0873 2924 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
15:37:41.0875 2924 UI0Detect - ok
15:37:41.0906 2924 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
15:37:41.0909 2924 uliagpkx - ok
15:37:41.0943 2924 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
15:37:41.0957 2924 uliahci - ok
15:37:41.0980 2924 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
15:37:41.0987 2924 UlSata - ok
15:37:42.0022 2924 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
15:37:42.0027 2924 ulsata2 - ok
15:37:42.0048 2924 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
15:37:42.0049 2924 umbus - ok
15:37:42.0069 2924 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
15:37:42.0073 2924 upnphost - ok
15:37:42.0136 2924 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
15:37:42.0138 2924 usbaudio - ok
15:37:42.0186 2924 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
15:37:42.0189 2924 usbccgp - ok
15:37:42.0201 2924 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys
15:37:42.0202 2924 usbcir - ok
15:37:42.0221 2924 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
15:37:42.0222 2924 usbehci - ok
15:37:42.0247 2924 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
15:37:42.0261 2924 usbhub - ok
15:37:42.0288 2924 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
15:37:42.0289 2924 usbohci - ok
15:37:42.0312 2924 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
15:37:42.0314 2924 usbprint - ok
15:37:42.0342 2924 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:37:42.0343 2924 USBSTOR - ok
15:37:42.0352 2924 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
15:37:42.0354 2924 usbuhci - ok
15:37:42.0381 2924 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
15:37:42.0383 2924 UxSms - ok
15:37:42.0431 2924 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
15:37:42.0436 2924 vds - ok
15:37:42.0472 2924 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
15:37:42.0473 2924 vga - ok
15:37:42.0495 2924 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
15:37:42.0496 2924 VgaSave - ok
15:37:42.0510 2924 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
15:37:42.0511 2924 viaide - ok
15:37:42.0525 2924 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
15:37:42.0527 2924 volmgr - ok
15:37:42.0566 2924 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
15:37:42.0569 2924 volmgrx - ok
15:37:42.0595 2924 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
15:37:42.0597 2924 volsnap - ok
15:37:42.0617 2924 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
15:37:42.0623 2924 vsmraid - ok
15:37:42.0712 2924 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
15:37:42.0722 2924 VSS - ok
15:37:42.0935 2924 VX3000 (c366ae91d2cc2c1c25380061d235c36b) C:\Windows\system32\DRIVERS\VX3000.sys
15:37:42.0984 2924 VX3000 - ok
15:37:43.0077 2924 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
15:37:43.0081 2924 W32Time - ok
15:37:43.0132 2924 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
15:37:43.0134 2924 WacomPen - ok
15:37:43.0195 2924 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:37:43.0196 2924 Wanarp - ok
15:37:43.0199 2924 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:37:43.0200 2924 Wanarpv6 - ok
15:37:43.0236 2924 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
15:37:43.0242 2924 wcncsvc - ok
15:37:43.0271 2924 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
15:37:43.0273 2924 WcsPlugInService - ok
15:37:43.0304 2924 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
15:37:43.0305 2924 Wd - ok
15:37:43.0372 2924 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
15:37:43.0378 2924 Wdf01000 - ok
15:37:43.0395 2924 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
15:37:43.0397 2924 WdiServiceHost - ok
15:37:43.0400 2924 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
15:37:43.0402 2924 WdiSystemHost - ok
15:37:43.0418 2924 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
15:37:43.0421 2924 WebClient - ok
15:37:43.0458 2924 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
15:37:43.0461 2924 Wecsvc - ok
15:37:43.0491 2924 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
15:37:43.0493 2924 wercplsupport - ok
15:37:43.0509 2924 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
15:37:43.0512 2924 WerSvc - ok
15:37:43.0544 2924 WinDefend - ok
15:37:43.0550 2924 WinHttpAutoProxySvc - ok
15:37:43.0594 2924 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
15:37:43.0596 2924 Winmgmt - ok
15:37:43.0712 2924 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
15:37:43.0726 2924 WinRM - ok
15:37:43.0844 2924 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
15:37:43.0850 2924 Wlansvc - ok
15:37:43.0903 2924 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
15:37:43.0904 2924 WmiAcpi - ok
15:37:43.0941 2924 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
15:37:43.0942 2924 wmiApSrv - ok
15:37:43.0950 2924 WMPNetworkSvc - ok
15:37:43.0966 2924 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
15:37:43.0969 2924 WPCSvc - ok
15:37:44.0006 2924 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
15:37:44.0009 2924 WPDBusEnum - ok
15:37:44.0144 2924 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:37:44.0150 2924 WPFFontCache_v0400 - ok
15:37:44.0178 2924 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
15:37:44.0180 2924 ws2ifsl - ok
15:37:44.0223 2924 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
15:37:44.0225 2924 wscsvc - ok
15:37:44.0228 2924 WSearch - ok
15:37:44.0369 2924 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
15:37:44.0385 2924 wuauserv - ok
15:37:44.0469 2924 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:37:44.0470 2924 WUDFRd - ok
15:37:44.0494 2924 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
15:37:44.0497 2924 wudfsvc - ok
15:37:44.0589 2924 {55662437-DA8C-40c0-AADA-2C816A897A49} (74983addca2d9618512c088d856d6615) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
15:37:44.0590 2924 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
15:37:44.0622 2924 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0
15:37:44.0995 2924 \Device\Harddisk0\DR0 - ok
15:37:44.0997 2924 Boot (0x1200) (8dc60cd954ae31214ca7f44f47dabb20) \Device\Harddisk0\DR0\Partition0
15:37:44.0998 2924 \Device\Harddisk0\DR0\Partition0 - ok
15:37:45.0001 2924 Boot (0x1200) (5745d9da87dd39fc7100d311bf7664c0) \Device\Harddisk0\DR0\Partition1
15:37:45.0002 2924 \Device\Harddisk0\DR0\Partition1 - ok
15:37:45.0003 2924 ============================================================
15:37:45.0003 2924 Scan finished
15:37:45.0003 2924 ============================================================
15:37:45.0012 1376 Detected object count: 0
15:37:45.0012 1376 Actual detected object count: 0
15:38:59.0304 4372 Deinitialize success
swanvestas
Regular Member
 
Posts: 20
Joined: June 16th, 2012, 12:28 pm

Re: Trying to remove trojan

Unread postby deltalima » June 18th, 2012, 11:45 am

Hi swanvestas,

Please download aswMBR and save it to your Desktop.
  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select: Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Trying to remove trojan

Unread postby swanvestas » June 18th, 2012, 6:00 pm

Hi deltalima thanks for your patience,
Have all the logs as you requested, am not tech savvy but the log at the very end for the ESET scanner don't appear to show much detail I tried a few times to get the actual result in the log without success, so have also copied the actual result from the scan before trying to get into the log.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-18 17:23:54
-----------------------------
17:23:54.685 OS Version: Windows x64 6.0.6002 Service Pack 2
17:23:54.685 Number of processors: 4 586 0x1707
17:23:54.686 ComputerName: HOMEBASE UserName: Brian
17:23:57.325 Initialize success
17:27:58.406 AVAST engine defs: 12061801
17:29:07.690 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:29:07.693 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 8
17:29:07.704 Disk 0 MBR read successfully
17:29:07.706 Disk 0 MBR scan
17:29:07.717 Disk 0 unknown MBR code
17:29:07.719 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 939065 MB offset 63
17:29:07.761 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14802 MB offset 1923205410
17:29:07.827 Disk 0 scanning C:\Windows\system32\drivers
17:29:17.788 Service scanning
17:29:39.697 Modules scanning
17:29:39.702 Disk 0 trace - called modules:
17:29:39.712 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
17:29:39.715 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006dce790]
17:29:40.046 3 CLASSPNP.SYS[fffffa6000fc7c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004944050]
17:29:42.644 AVAST engine scan C:\Windows
17:29:47.389 AVAST engine scan C:\Windows\system32
17:33:55.249 AVAST engine scan C:\Windows\system32\drivers
17:34:10.203 AVAST engine scan C:\Users\Brian
18:04:39.564 Disk 0 MBR has been saved successfully to "C:\Users\Brian\Desktop\MBR.dat"
18:04:39.571 The log file has been saved successfully to "C:\Users\Brian\Desktop\aswMBR.txt"



.....................................................................................................................................................


OTL logfile created on: 18/06/2012 18:18:34 - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Brian\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 57.62% Memory free
8.18 Gb Paging File | 6.20 Gb Available in Paging File | 75.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.06 Gb Total Space | 692.31 Gb Free Space | 75.49% Space Free | Partition Type: NTFS
Drive D: | 14.46 Gb Total Space | 1.97 Gb Free Space | 13.65% Space Free | Partition Type: NTFS

Computer Name: HOMEBASE | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Brian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Windows\vVX3000.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe ()
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (HPBtnSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe ()
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\DRIVERS\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (VX3000) -- C:\Windows\SysNative\DRIVERS\VX3000.sys (Microsoft Corporation)
DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\DRIVERS\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (Amusbprt) -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys (A4Tech Co.,Ltd.)
DRV:64bit: - (LVcKap64) -- C:\Windows\SysNative\DRIVERS\LVcKap64.sys (Logitech Inc.)
DRV:64bit: - (Amfilter) -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys ((Standard mouse types))
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (LVMVDrv) -- C:\Windows\SysNative\DRIVERS\LVMVDrv.sys (Logitech Inc.)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
DRV - (TVICHW64) -- C:\Windows\SysWOW64\drivers\TVICHW64.SYS (EnTech Taiwan)
DRV - (ASPI32) -- C:\Windows\SysWow64\drivers\aspi32.sys (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {48DB858E-5838-4772-9316-50FB064A1F8C}
IE:64bit: - HKLM\..\SearchScopes\{48C547B3-7E95-44F3-9B9E-E874474E05A3}: "URL" = http://uk.kelkoopartners.net/ctl/do/sea ... archQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
IE:64bit: - HKLM\..\SearchScopes\{48DB858E-5838-4772-9316-50FB064A1F8C}: "URL" = http://slirsredirect.search.aol.com/sli ... 184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb
IE:64bit: - HKLM\..\SearchScopes\{DFCF0707-6187-443F-978D-B790E258E81E}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {48DB858E-5838-4772-9316-50FB064A1F8C}
IE - HKLM\..\SearchScopes\{48C547B3-7E95-44F3-9B9E-E874474E05A3}: "URL" = http://uk.kelkoopartners.net/ctl/do/sea ... archQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
IE - HKLM\..\SearchScopes\{48DB858E-5838-4772-9316-50FB064A1F8C}: "URL" = http://slirsredirect.search.aol.com/sli ... 184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb
IE - HKLM\..\SearchScopes\{DFCF0707-6187-443F-978D-B790E258E81E}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3743975870-1591617531-270475079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pcworld.co.uk/
IE - HKU\S-1-5-21-3743975870-1591617531-270475079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3743975870-1591617531-270475079-1000\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKU\S-1-5-21-3743975870-1591617531-270475079-1000\..\SearchScopes,DefaultScope = {06C2293D-C81F-4C39-B337-12C9380ADC8E}
IE - HKU\S-1-5-21-3743975870-1591617531-270475079-1000\..\SearchScopes\{06C2293D-C81F-4C39-B337-12C9380ADC8E}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=
IE - HKU\S-1-5-21-3743975870-1591617531-270475079-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=QK&apn_dtid=&apn_uid=67D34F2F-C0E7-4DEA-9CC1-B9DDB8847EE6&apn_sauid=FAF4AF47-EEFD-426A-A06D-92CC29608E98
IE - HKU\S-1-5-21-3743975870-1591617531-270475079-1000\..\SearchScopes\{48C547B3-7E95-44F3-9B9E-E874474E05A3}: "URL" = http://uk.kelkoopartners.net/ctl/do/sea ... archQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
IE - HKU\S-1-5-21-3743975870-1591617531-270475079-1000\..\SearchScopes\{48DB858E-5838-4772-9316-50FB064A1F8C}: "URL" = http://slirsredirect.search.aol.com/sli ... 184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb
IE - HKU\S-1-5-21-3743975870-1591617531-270475079-1000\..\SearchScopes\{DFCF0707-6187-443F-978D-B790E258E81E}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-3743975870-1591617531-270475079-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3743975870-1591617531-270475079-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-3743975870-1591617531-270475079-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
IE - HKU\S-1-5-21-3743975870-1591617531-270475079-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/16 05:51:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files (x86)\fbphotozoom\fbphotozoom15.xpi [2012/03/30 00:59:52 | 000,102,423 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/16 15:50:07 | 000,000,000 | ---D | M]

[2009/03/26 19:21:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions
[2009/03/26 19:21:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012/02/26 02:52:50 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

O1 HOSTS File: ([2006/09/18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" File not found
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (OsdMaestro)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3743975870-1591617531-270475079-1001..\Run: [HPADVISOR] File not found
O4 - HKU\S-1-5-21-3743975870-1591617531-270475079-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3743975870-1591617531-270475079-1001\..Trusted Ranges: Range1 ([http] in )
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.5.0/ ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmn2/i ... ction2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553538400} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DE46F63-55F3-4A2F-8058-2203380698B0}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEE6300E-B981-4EA2-8323-9AA672FE96C5}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/13 16:41:18 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/18 18:13:37 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2012/06/18 17:19:12 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Brian\Desktop\aswMBR.exe
[2012/06/18 15:28:16 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Brian\Desktop\tdsskiller.exe
[2012/06/18 00:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2012/06/18 00:32:41 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Brian\Desktop\MGADiag.exe
[2012/06/16 20:17:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/06/16 20:17:11 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/06/16 20:17:11 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/06/16 20:15:26 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/16 19:55:22 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jnwmon.dll
[2012/06/16 19:55:13 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/06/16 19:55:12 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/06/16 19:55:12 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/06/16 19:55:12 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/06/16 19:55:12 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/06/16 19:55:02 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/16 19:55:01 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/16 19:55:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/16 19:55:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/16 19:55:00 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/16 19:55:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/16 19:55:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/16 19:55:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/16 19:54:59 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/16 19:54:59 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/16 19:54:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/16 19:54:57 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/16 19:54:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/16 17:41:57 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Brian\Desktop\dds.scr
[2012/06/16 06:05:30 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\AVG
[2012/06/16 06:04:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/06/16 05:06:45 | 000,000,000 | ---D | C] -- C:\Users\Brian\Desktop\backups
[2012/05/29 20:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/05/23 22:43:29 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\quickclick
[2012/05/23 19:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/05/23 01:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/05/23 00:12:03 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\Conduit
[2012/05/22 22:10:24 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\NVIDIA
[2012/05/22 21:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/05/22 21:33:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/05/22 21:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/05/22 21:28:30 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/05/22 21:28:30 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/05/22 21:28:30 | 010,194,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/05/22 21:28:29 | 001,738,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/05/22 21:28:29 | 001,468,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/05/22 21:28:28 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/05/22 21:28:28 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/05/22 21:28:28 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/05/22 21:28:28 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/05/22 21:28:28 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/05/22 21:28:28 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/05/22 21:28:27 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/05/22 21:28:27 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/05/22 21:28:27 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/05/20 21:30:01 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Friday's games
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/18 18:20:38 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/18 18:20:38 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/18 18:14:08 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2012/06/18 18:09:53 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/18 18:09:53 | 000,609,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/18 18:09:53 | 000,108,690 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/18 18:04:39 | 000,000,512 | ---- | M] () -- C:\Users\Brian\Desktop\MBR.dat
[2012/06/18 17:58:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/18 17:19:16 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Brian\Desktop\aswMBR.exe
[2012/06/18 16:20:51 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/18 16:20:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/18 16:19:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/18 15:28:17 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Brian\Desktop\tdsskiller.exe
[2012/06/18 15:14:54 | 100,576,864 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/18 00:32:41 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Brian\Desktop\MGADiag.exe
[2012/06/17 23:48:25 | 000,436,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/17 23:37:52 | 000,458,240 | ---- | M] () -- C:\Users\Brian\Desktop\CKScanner.exe
[2012/06/17 22:33:26 | 000,008,592 | ---- | M] () -- C:\Users\Brian\AppData\Local\d3d9caps.dat
[2012/06/17 17:44:43 | 000,579,447 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/06/16 17:41:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Brian\Desktop\dds.scr
[2012/06/16 06:04:21 | 000,000,939 | ---- | M] () -- C:\Users\Brian\Desktop\AVG PC Tuneup 2011.lnk
[2012/06/16 05:51:08 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/11 22:30:01 | 000,002,264 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2012/06/08 11:52:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/05/30 01:47:04 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBrian.job
[2012/05/23 21:57:56 | 000,002,318 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/18 18:04:39 | 000,000,512 | ---- | C] () -- C:\Users\Brian\Desktop\MBR.dat
[2012/06/17 23:37:52 | 000,458,240 | ---- | C] () -- C:\Users\Brian\Desktop\CKScanner.exe
[2012/06/16 06:04:21 | 000,000,939 | ---- | C] () -- C:\Users\Brian\Desktop\AVG PC Tuneup 2011.lnk
[2012/05/22 21:28:29 | 000,014,324 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/04/27 20:06:46 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/27 20:06:46 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/02/13 16:14:56 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:426796C0
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:69B9AAE7
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:54997B77
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:13B137AF
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:0D4B1B5B
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:F01E7F17
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:B1F57ABE

< End of report >

..................................................................................................................................................

OTL Extras logfile created on: 18/06/2012 18:18:34 - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Brian\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 57.62% Memory free
8.18 Gb Paging File | 6.20 Gb Available in Paging File | 75.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.06 Gb Total Space | 692.31 Gb Free Space | 75.49% Space Free | Partition Type: NTFS
Drive D: | 14.46 Gb Total Space | 1.97 Gb Free Space | 13.65% Space Free | Partition Type: NTFS

Computer Name: HOMEBASE | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 1F 0C E0 D7 20 37 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0390FDA1-0478-4987-8258-387DCB00483E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{0A96957A-44F4-413B-945F-D1464C0779A8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{3C7473B8-F447-4883-834F-F7A8873BC9F6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{48CB1A2A-6FEC-4B2E-8084-9B05E7BAC539}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{49740F25-4AA8-401D-B0CB-F1FC8424AB6E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{521A781B-A9FF-41E3-AE0A-DD8651D37FD9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{58B92A8E-8ADF-42A5-9EEB-0DD7C2A062BA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{69090B75-3123-49ED-BAB8-34CD80BB10D1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{90274149-CB49-4820-B7ED-549E99F480AB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{94AAE9AD-B6FD-4CF1-A0E4-D10F794D7142}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{A4C71928-7FD1-4B59-9259-DF0E1D1FAE28}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{AC4314F6-BCA6-42FC-8F64-500E35EF006F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{ACC2F848-40CE-454A-8B9F-E4AC8B8D5215}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{BAD4181D-DC21-4D3A-86CA-92A0C612CC63}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{BE9A76FC-4A43-41C5-9405-A44F29DD741F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{C2F1516C-1616-4FDA-996D-7B222A94F7F0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{C974E6E4-C176-4F53-A9F8-EA126CE40A72}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{CD68FF95-3E32-4CC9-BF1E-583722575BC9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{CEA92B8C-5EF1-4E19-97FB-97B1636732F3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{D2324312-B11B-42FC-820B-C72B83E736AA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DB7CE513-B4D5-43F0-8117-9B96CC5F6D11}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{DC9EBF95-D35B-43B7-AEA2-645253AD8D1D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{DF99EC32-083E-41A5-ABA8-765C56B71994}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{E625BE12-0CEC-41B8-9BF9-BD8CC1B70277}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{E6654A62-C735-4DD5-9E86-0EC81841C210}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{EA24EEB8-1B91-4064-B9E7-CF71D6F59173}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F2F12ECC-500E-4EC9-973A-0FAB99A09767}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"TCP Query User{495F100D-DB47-46B9-B7B2-E380DBBC0352}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{B6F917BA-0A67-4220-A405-8A434247E253}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{F8DF72E8-1F94-415E-BE9E-848FEF5FC260}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{4BD0E6B8-DE36-4A38-9173-CF06A4E41646}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{BA63BA3C-9040-4156-B0AA-A2F8F4DB9485}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{C0E1AEBE-7D51-4049-B633-71BB1E253479}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{18155797-EF2E-4699-9A16-FE787C4C10DB}" = iTunes
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{41B29F37-71AA-41A4-BD15-8C8B7102A092}" = Microsoft IntelliType Pro 6.3
"{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{6448F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) SE Runtime Environment 6 Update 7
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AVG" = AVG 2012
"Blender" = Blender
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1" = Phoenix Viewer 1.6.0.1600
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3248F0A8-6813-11D6-A77B-00B0D0150170}" = J2SE Runtime Environment 5.0 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D719053-5593-11D3-8F25-0060085C1758}" = Microsoft AutoRoute 2001
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DBCC860-02F1-182F-7528-42B8ED9E4C5C}" = muvee Reveal
"{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1" = HP Easy Backup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{97099A77-2CD0-4C2C-8931-7F0B73CFE0FA}" = SoftMCE Encoder
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F827B95C-1BF5-43B4-9E26-CDC596ECE3AE}" = HP Demo
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Google Updater" = Google Updater
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.26268)
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"sp41099" = sp41099
"sp43113" = sp43113
"TomTom HOME" = TomTom HOME 2.8.3.2499
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WTA-09b11d05-7f43-4f79-9574-52d74735a98d" = Little Shop - Memories
"WTA-104cceba-d46d-41bc-a966-a108f6bdd2e5" = Temple of Life Collector's Edition
"WTA-146b4cd9-2f66-41dc-94c8-7ff25825adec" = White Haven Mysteries Collector's Edition
"WTA-16bafac0-2c5e-40c4-a25b-0e19a31ff2d0" = Dracula Series Part 1: The Strange Case of Martha
"WTA-1ad0cf10-43f7-4dbd-b358-58a4ac7b92e0" = Department 42: The Mystery of the Nine
"WTA-1c96ecae-93a8-4601-9c81-6d8cf88aa0ad" = Big City Adventure: London Story
"WTA-1e46b082-54d6-4c0f-9300-27bee44f83fe" = Fallen Shadows
"WTA-1e6bc868-cb0b-410c-a0a6-21a86a13c2fb" = Dr. Who Episode 1: City of the Daleks
"WTA-1fa205da-77ce-46d4-9481-d9857c2e8e57" = Escape the Lost Kingdom
"WTA-23547ac4-e176-4cdf-adc0-bc2287b4a289" = Dream Chronicles
"WTA-2358fa80-2e41-4fee-978f-df0ca0a80f33" = Mata Hari
"WTA-2b05abea-3116-4c24-b51c-a2be6de9d31f" = Fiction Fixers: The Curse of Oz
"WTA-3cdced43-ca9f-4f29-b0f5-3b99da5b2e22" = Princess Isabella: Return of the Curse -- Collector's Edition
"WTA-4122175a-03ee-411e-8a2d-1d1eecd6b5b1" = Vampire Saga: Welcome to Hell Lock
"WTA-422f0a88-c323-49eb-ab4b-5f61c9ad26fb" = Lost Souls 2: Enchanted Paintings Collector's Edition
"WTA-42a42394-5195-4a6e-9162-8bbc3556e295" = The Treasures of Mystery Island
"WTA-430cae35-175c-4292-abce-6342ea8bff30" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-45b7285f-4ea9-4711-a31a-63e67353ba3a" = Dracula: Origin
"WTA-536b6b1a-fcba-4871-b518-30f86740ce44" = Dracula Series Part 2: The Myth of the Vampire
"WTA-5c6bbf7f-fb28-4b55-9bf5-6dd2b94a1a16" = National Geographic - Herod's Lost Tomb
"WTA-5e01d492-3fa9-4679-9a4d-d9d64bdedc1f" = Midnight Mysteries- Salem Witch Trials
"WTA-5e2eb8e1-7f39-4286-b6c8-6b3e31758728" = Echoes Bundle
"WTA-62df600c-b3de-465b-8a16-3779123b1e7a" = Annabel
"WTA-63b59dbd-b9d9-460e-9409-62faabf3146f" = The Inquisitor
"WTA-68a64ff9-1c35-4bb0-b748-73790b0a99d1" = Brink of Consciousness: Dorian Gray Syndrome Collector's Edtion
"WTA-6ae88280-e0b9-45af-ad03-8c1c34b61d9d" = The Treasures of Mystery Island: The Ghost Ship
"WTA-6b099e38-41b9-405e-90bd-b51523bd878c" = Nancy Drew - The Phantom of Venice
"WTA-6ed94895-8aaa-4cc7-bfed-d6d3d932315a" = Nightfall Mysteries: Asylum Conspiracy
"WTA-703e6a38-642f-4b62-9684-1355b5f57df1" = Dream Chronicles - The Book of Air Collector's Edition
"WTA-78f1a829-d30f-4297-a100-b7e7dcb3d298" = Dark Strokes: Sins of the Fathers
"WTA-7aab2065-2645-408c-974f-892fcb8bc4a7" = Bigfoot: Chasing Shadows
"WTA-7bf6a179-c17d-4f2e-8184-2ebad8603ffb" = Hide and Secret
"WTA-80efc1e0-fbe6-4f6c-bfbf-b4ec14d8a01f" = Legends of the Wild West - Golden Hill
"WTA-86afb2ef-b1e9-436b-9f61-6f3e3167bed7" = Vampire Saga - Pandora's Box
"WTA-892d23a2-17fd-4cb8-ad6a-d8276deccf58" = Nightmare on the Pacific
"WTA-8b399806-665c-4e31-a538-c977d296b184" = Secrets of the Dragon Wheel
"WTA-8bc026d4-b579-4ce9-9b98-d9cc443f8bcf" = Sacra Terra: Angelic Night
"WTA-8d94e34c-beab-432a-a73e-42819138295c" = Samantha Swift and the Fountains of Fate
"WTA-8ebf7d4f-cfa8-4747-a659-f7f8c9fc9aa6" = The Legend of Crystal Valley
"WTA-952302ff-7022-41c6-b7e6-3600583d98fa" = Vampire Saga 3: Break Out
"WTA-96c6ae37-776b-43cd-93f8-ec96fbaa4f37" = Nightfall Mysteries: Curse of the Opera
"WTA-97267aba-5826-4879-9694-00acde067a93" = Bloodline of the Fallen: Anna's Sacrifice
"WTA-999d69dd-1214-44c1-8b12-cdd30e082e3f" = Haunted Past Realm of Ghosts Collector's Edition
"WTA-9bb2abe2-af03-4a78-b4ee-d78943f497cd" = The Clockwork Man - The Hidden World
"WTA-9be4c07f-b13a-400e-8067-b9e2a85e1e1b" = House of 1000 Doors: Family Secret
"WTA-9c2ffcda-4814-4a2d-8b80-6e36248b89fe" = Immortal Lovers
"WTA-a1c9098b-2eaf-4891-ba4d-8ec115cbba50" = Dream Chronicles - The Chosen Child
"WTA-a2fff2a9-a7df-4531-8463-8bca1edfa7b0" = Jurassic Realm
"WTA-a605add5-24eb-400c-896c-e26a8d2d5967" = Nostradamus: The Last Prophecy - Episode 1: Deadly Providence
"WTA-a6c25b9b-610a-4753-89c9-7d81ee4c6633" = Ancient Secrets: Mystery of the Vanishing Bride
"WTA-a81a0fb5-be32-43b6-babc-56142992c879" = Nancy Drew - Legend of the Crystal Skull
"WTA-abedb68a-c991-4c06-a7c8-c18e476e6eee" = Youda Mystery: The Stanwick Legacy
"WTA-ad109715-0a29-4d5c-ba30-a0536068ae27" = Dream Chronicles 2
"WTA-af5cdc57-0434-48c1-bbb7-10c4a538c35c" = Dream Chronicles: The Book of Water Collector's Edition
"WTA-b0db6c82-7265-4d65-9a5b-5a17278c0c38" = Vampire Brides - Love Over Death
"WTA-b1abcb1b-51b4-4a21-b2a9-e8cff657e5f9" = Midnight Mysteries: Haunted Houdini
"WTA-b22a2a85-8f61-4722-bbb5-67567f3f4cbb" = House of 1000 Doors: The Palm of Zoroaster
"WTA-b5ace752-4123-4923-8eed-49ba633bbb76" = Odysseus: Long Way From Home
"WTA-b6ba3314-1366-411e-bb8a-d9f412ba63ac" = Voodoo Chronicles: The First Sign Collector's Edition
"WTA-b882b754-77bc-46df-873f-0abaf907440e" = Dracula Series Part 3: The Destruction of the Evil
"WTA-ba4ba369-df30-47ce-b089-944fa7ca776a" = Phantasmat
"WTA-c24dd384-3054-47a4-9eb4-8ef9aea4ff1c" = Paige Harper and the Tome of Mystery
"WTA-c26bc65b-a965-48e9-9f07-8460e6d42c50" = The Dracula Files
"WTA-c7a7da8e-cfd9-46fc-8523-6cb1ec5301e4" = Behind The Reflection 2: Witch's Revenge
"WTA-ca6f8fd3-cc08-4c18-a139-dda7971f8389" = Samantha Swift and the Golden Touch
"WTA-cb693ce1-2c28-4ff4-b379-48baf59b7406" = Nancy Drew - The White Wolf of Icicle Creek
"WTA-cf4e81de-71d8-4a57-a0ed-674d5ff39836" = Marooned
"WTA-cfd2d18c-e0b9-4d17-9f40-a6ef8b7f3896" = Oddly Enough: Pied Piper
"WTA-d274f8e7-e4ca-4370-8767-e4987fed2d25" = Mystery of Mortlake Mansion
"WTA-d8bed144-a60d-4b1b-8f60-9a380a5b90b0" = Voodoo Whisperer: Curse of a Legend
"WTA-da22d665-c109-49c0-be6d-85475bfd70ec" = Love and Death - Bitten
"WTA-dd999ec8-8473-4e0f-bbab-e6dcb0d5e2c5" = Nancy Drew - Curse of Blackmoor Manor
"WTA-e1658dd8-b631-4b9b-ae45-c22e06105459" = VaultCracker - The Last Safe
"WTA-e4e470de-2353-478d-97b5-987e1aadb9ba" = Adam's Venture Episode 1: The Search for the Lost Garden
"WTA-e5f58135-deac-4eea-8868-f0dbf5f13c2d" = Dream Mysteries - Case of the Red Fox
"WTA-ed439332-d915-41f8-8ebe-e841da8cb1c4" = Marooned 2: The Secrets of the Akoni
"WTA-ee54b012-019c-43be-bbf4-364f25070d09" = Mystery P.I. - Stolen in San Francisco
"WTA-ef1d0aa5-61e5-41ee-89bc-8ab55608fb67" = House, MD
"WTA-f2accdf4-2789-47dd-a057-3a8c0f2a8d19" = Empress of the Deep II : Song of the Blue Whale
"WTA-f6c57958-ba00-411e-b978-f5c5ee72e0a8" = Dark Parables - Curse of Briar Rose
"WTA-fbdd042f-1390-4143-a10c-1cef19e776eb" = Mystery Stories: Mountains of Madness
"WTA-fc8ec0ca-fd27-4d4f-ab6a-35bea21ed03b" = The Mystery of the Dragon Prince

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 17/06/2012 22:05:52 | Computer Name = Homebase | Source = Perflib | ID = 1008
Description =

Error - 17/06/2012 22:05:52 | Computer Name = Homebase | Source = Perflib | ID = 1023
Description =

Error - 17/06/2012 22:05:53 | Computer Name = Homebase | Source = Perflib | ID = 1008
Description =

Error - 17/06/2012 22:05:53 | Computer Name = Homebase | Source = Perflib | ID = 1008
Description =

Error - 17/06/2012 22:05:54 | Computer Name = Homebase | Source = Perflib | ID = 1008
Description =

Error - 17/06/2012 22:05:55 | Computer Name = Homebase | Source = Perflib | ID = 1008
Description =

Error - 17/06/2012 22:05:55 | Computer Name = Homebase | Source = Perflib | ID = 1023
Description =

Error - 17/06/2012 22:05:55 | Computer Name = Homebase | Source = Perflib | ID = 1008
Description =

Error - 18/06/2012 10:10:23 | Computer Name = Homebase | Source = WinMgmt | ID = 10
Description =

Error - 18/06/2012 11:21:57 | Computer Name = Homebase | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 17/06/2012 18:16:26 | Computer Name = Homebase | Source = Service Control Manager | ID = 7009
Description =

Error - 17/06/2012 18:16:26 | Computer Name = Homebase | Source = Service Control Manager | ID = 7000
Description =

Error - 17/06/2012 18:47:58 | Computer Name = Homebase | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 17/06/2012 18:49:31 | Computer Name = Homebase | Source = Service Control Manager | ID = 7026
Description =

Error - 17/06/2012 19:54:15 | Computer Name = Homebase | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 17/06/2012 19:55:48 | Computer Name = Homebase | Source = Service Control Manager | ID = 7026
Description =

Error - 18/06/2012 10:08:50 | Computer Name = Homebase | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 18/06/2012 10:10:23 | Computer Name = Homebase | Source = Service Control Manager | ID = 7026
Description =

Error - 18/06/2012 11:20:29 | Computer Name = Homebase | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 18/06/2012 11:21:59 | Computer Name = Homebase | Source = Service Control Manager | ID = 7026
Description =


< End of report >

.......................................................................................................................................


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

............................................................................................................................................

C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3KVXYKA2\welcome[1].htm HTML/Iframe.B.Gen virus
swanvestas
Regular Member
 
Posts: 20
Joined: June 16th, 2012, 12:28 pm

Re: Trying to remove trojan

Unread postby deltalima » June 19th, 2012, 3:28 am

Hi swanvestas,

Run OTL Script

  • Right click OTL.exe and select: Run as Administrator.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    :otl
    O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-3743975870-1591617531-270475079-1001..\Run: [HPADVISOR] File not found
    :commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [RESETHOSTS]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Now run a full scan with Malwarebytes and post the log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Trying to remove trojan

Unread postby swanvestas » June 19th, 2012, 11:36 am

Hi deltalima,
after pasteing in the code and clicking the Run Fix button I get the message not responding.
Have tried rebooting, along with deactivating the AVG anti virus but still can't get OTL to respond.
swanvestas
Regular Member
 
Posts: 20
Joined: June 16th, 2012, 12:28 pm

Re: Trying to remove trojan

Unread postby swanvestas » June 19th, 2012, 12:01 pm

Hi deltalima I have noticed two desktop ini files have appeared on the desktop, not sure if thats important or not.
swanvestas
Regular Member
 
Posts: 20
Joined: June 16th, 2012, 12:28 pm

Re: Trying to remove trojan

Unread postby deltalima » June 19th, 2012, 12:19 pm

Hi swanvestas,

two desktop ini files have appeared on the desktop


Not a problem, we will hide those later, once we are clean.

after pasteing in the code and clicking the Run Fix button I get the message not responding.


Copy the text of the OTL fix into a notepad file and save on the desktop.

Boot to Safe Mode
Make sure you have downloaded anything you need... print these instructions as well, you will not have Internet access!
  1. Restart your computer.
  2. Continually tap the F8 key (usually)... as your computer is booting (when menu appears).
    The key used for your computer may be different... F8 is commonly the key used.
  3. Use up-arrow key to select "Safe Mode" and press Enter.
      If you have a multiple boot system (more than 1 OS installed) or you have Recovery Console installed...
      you will be shown the multi boot screen.
    • Highlight the OS you want to start.
    • Press Enter
  4. Once the system starts ...it will show various files/drivers being loaded. Windows will load your desktop.
  5. Reply "Yes" to the Safe Mode startup, if prompted.

In safe mode try to run the OTL fix using the text from the notepad file saved on the desktop.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 291 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware