Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help with malware removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help with malware removal

Unread postby mylittlepony » June 5th, 2013, 12:04 pm

Hello

I am a complete novice on this forum and help would be appreciated.

Since my daughter (maybe coincidence) last used my computer I have been getting a small pop up window on my desktop asking me to update Adobe Reader. The first time this happened I started updating until I realised that the messages did not look like Adobe so I cancelled the update. Before doing so I selected the details button in the window and found the following files in my temp folder [[ICReinstall_Adobe ReaderUpdateSetup.exe]] and [[Adobe ReaderUpdateSetup.exe]]. Although I delete these files and run Malwarebytes the update window keeps coming back. I have pasted the DDS logs below. Many thanks in advance.

ATTACH.TXT LOG
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 08/05/2009 22:23:28
System Uptime: 05/06/2013 09:26:19 (6 hours ago)
.
Motherboard: Dell Inc. | | 0P301D
Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz | Socket 775 | 2495/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 100.345 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 9.531 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1447: 27/05/2013 07:27:24 - Windows Update
RP1448: 30/05/2013 09:08:24 - Windows Update
RP1449: 31/05/2013 07:29:05 - Windows Update
RP1450: 31/05/2013 08:15:28 - Windows Update
RP1451: 31/05/2013 08:18:27 - Windows Update
RP1452: 01/06/2013 06:57:45 - Windows Update
RP1453: 03/06/2013 12:23:49 - Windows Update
RP1454: 04/06/2013 07:39:52 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Connect 9 Add-in
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
AVG 2013
Bing Bar
Bing Desktop
CCleaner
Choice Guard
Compatibility Pack for the 2007 Office system
CutePDF Writer 2.7
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center
DivX Setup
Express Rip
Express Scribe Uninstall
FairBot
File Type Assistant
Gadwin PrintScreen
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.4.0.1082
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Internet Explorer (Enable DEP)
iSCC
Java 7 Update 17
Junk Mail filter update
liteCam
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Fix it Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Personal Folders Backup
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox (3.6b4)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nuance Cloud Connector
Nuance PaperPort 14
Nuance PDF Viewer Plus
O2InstV3Win7UpdateV1
ODIR
OGA Notifier 2.0.0048.0
PaperPort Anywhere 1.1.4310.24706 powered by OfficeDrop
PaperPort Image Printer
QuickTime
Rapport
Realtek Ethernet Network Card Diagnostic tool for Windows Vista
Realtek High Definition Audio Driver
RecordPad Sound Recorder
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scansoft PDF Professional
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype Toolbars
Skype™ 5.10
Sonic CinePlayer Decoder Pack
SoundTap Streaming Audio Recorder
Swiss Railway Clock
Switch Sound File Converter
SyncToy 2.1 (x86)
TuneUp Utilities 2008
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
VideoPad Video Editor
VLC media player 1.0.3
WavePad Sound Editor
Windows Driver Package - Ralink (netr28u) Net (10/29/2008 2.02.04.0000)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
YouSendIt Express
.
==== End Of File ===========================


DDS.TXT LOG


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16483
Run by User_1 at 15:16:14 on 2013-06-05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2012.904 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\PdfPro7Hook.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Nuance\Nuance Cloud Connector\GladinetClient.exe
C:\Program Files\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdSync.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ISUSPM] c:\programdata\flexnet\connect\11\\isuspm.exe -scheduler
mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PPort14reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\14\config\ereg\Ereg.ini"
mRun: [PDFProHook] c:\program files\nuance\pdf viewer plus\pdfpro7hook.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BingDesktop] c:\program files\microsoft\bingdesktop\BingDesktop.exe /fromkey
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nuance~1.lnk - c:\program files\nuance\nuance cloud connector\GladLauncher.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {644F656A-013E-4198-BE03-1D7A4F6AB550} - hxxps://www.promapserver.co.uk/controls ... promap.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1EF690AD-A359-45A8-ABA9-77DF6C45A09C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{77E1F9C7-604C-459B-9494-D2B23530F364} : DHCPNameServer = 194.168.4.100 194.168.8.100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.94\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user_1\appdata\roaming\mozilla\firefox\profiles\l98v6n8k.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ff ... =1&sr=0&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\nuance\pdf viewer plus\bin\nppdf.dll
FF - plugin: c:\program files\nuance\pdf viewer plus\bin\nppdf.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\user_1\appdata\local\citrix\plugins\94\npappdetector.dll
FF - plugin: c:\users\user_1\appdata\roaming\mozilla\firefox\profiles\l98v6n8k.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox 3.6 beta 4\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.6 beta 4\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 39224]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-2-13 102008]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-3-29 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
R1 RapportCerberus_50414;RapportCerberus_50414;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_50414.sys [2013-3-3 316984]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-2-13 102680]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-2-13 173880]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2009-5-9 81920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 100328]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2011-10-28 219496]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-2-13 1124184]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-5-8 27648]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-5-9 112128]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [2011-1-2 49240]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\microsoft\bingdesktop\BingDesktopUpdater.exe [2013-4-10 168592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 GladFileMonSvc;GladFileMonSvc;c:\program files\nuance\nuance cloud connector\GladFileMonSvc.exe [2011-9-29 29552]
S2 gupdate1caafef9d3113e3;Google Update Service (gupdate1caafef9d3113e3);c:\program files\google\update\GoogleUpdate.exe [2010-2-17 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-6-5 31560]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2011-8-1 655872]
.
=============== Created Last 30 ================
.
2013-06-05 07:22:57 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-06-05 07:11:38 -------- d-----w- C:\TDSSKiller_Quarantine
2013-06-05 06:31:10 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a34efb39-3116-42db-8757-4bd4aba781cd}\mpengine.dll
2013-06-03 11:06:29 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-05-31 07:05:22 -------- d-----w- c:\users\user_1\appdata\local\FixItCenter
2013-05-31 07:01:31 -------- d-----w- c:\windows\MATS
2013-05-31 07:01:23 -------- d-----w- c:\program files\Microsoft Fix it Center
2013-05-27 13:42:59 -------- d-----w- c:\users\user_1\appdata\roaming\Malwarebytes
2013-05-27 13:42:37 -------- d-----w- c:\programdata\Malwarebytes
2013-05-27 13:42:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-27 13:42:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-21 06:27:45 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{bc51d28e-3a10-46fd-aa71-16b030b04f75}\gapaengine.dll
2013-05-15 22:48:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-15 06:20:02 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 06:20:01 37376 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 06:19:48 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-05-10 07:57:26 187456 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2013-05-14 22:19:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-14 22:19:20 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-04 22:11:34 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-04 21:57:45 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-03-29 01:53:48 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-03-23 01:09:28 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2013-03-21 02:08:24 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-03-11 13:25:50 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25:50 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-10 18:53:40 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-10 18:53:40 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-09 03:45:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-09 01:28:08 64000 ----a-w- c:\windows\system32\smss.exe
2013-03-08 03:53:50 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-03-08 03:52:22 2067968 ----a-w- c:\windows\system32\mstscax.dll
.
============= FINISH: 15:22:08.00 ===============
mylittlepony
Active Member
 
Posts: 12
Joined: June 5th, 2013, 9:52 am
Advertisement
Register to Remove

Re: Help with malware removal

Unread postby deltalima » June 5th, 2013, 4:41 pm

checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help with malware removal

Unread postby deltalima » June 5th, 2013, 5:07 pm

Hi mylittlepony,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Windows 7 and Vista users
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

multiple Anti Virus programs

  • You are operating your computer with multiple Anti Virus programs running in memory at once:
    AVG AntiVirus Free Edition 2013
    Microsoft Security Essentials
  • Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
  • Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

  • Please remove one of them then reboot your computer.


CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files (Right click and choose "Run as administrator" in Vista/Win7).
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it (Right click and choose "Run as administrator" in Vista/Win7).
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.


Please let me know if the computer is used for business in any way.

Please let me know how you obtained the license for Microsoft Office Professional Plus 2007.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help with malware removal

Unread postby mylittlepony » June 5th, 2013, 7:04 pm

Hi deltalima

Thanks for your reply. I will start working my way through the list.

Regarding your last two questions, this is my home computer but I do occasionally bring work home and Microsoft Office Professional Plus was already installed on the machine when I purchased it.
mylittlepony
Active Member
 
Posts: 12
Joined: June 5th, 2013, 9:52 am

Re: Help with malware removal

Unread postby deltalima » June 5th, 2013, 7:13 pm

mylittlepony wrote: Microsoft Office Professional Plus was already installed on the machine when I purchased it.


The license for Microsoft Office Professional Plus cannot be legally transferred to a private individual. Please confirm that you have removed it from the computer before continuing with the instructions that I provided.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help with malware removal

Unread postby mylittlepony » June 5th, 2013, 7:43 pm

Hi deltalima

The shop that supplied the computer shut down some time ago and I will need to replace the software with Open Office until I can obtain a new version of MS Office. Can I install Open Office before applying your instructions?
mylittlepony
Active Member
 
Posts: 12
Joined: June 5th, 2013, 9:52 am

Re: Help with malware removal

Unread postby deltalima » June 6th, 2013, 3:02 am

Can I install Open Office before applying your instructions?


I would prefer to make as few changes to the computer as possible until it is clean. Please do not install Open Office yet.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help with malware removal

Unread postby mylittlepony » June 6th, 2013, 6:19 pm

Have removed 2nd Anti Virus program and re booted and received error message that Defender was not active. After checking for updates and rebooting again Defender seems to be working OK.

Am now away until Monday when I will start with the rest of the instructions so please keep this thread open if poss.

Thanks
mylittlepony
Active Member
 
Posts: 12
Joined: June 5th, 2013, 9:52 am

Re: Help with malware removal

Unread postby deltalima » June 6th, 2013, 6:31 pm

OK, thanks for letting me know. Please post the logs when you get chance on Monday.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help with malware removal

Unread postby mylittlepony » June 10th, 2013, 4:37 pm

Here the contents of the files

ckfiles.txt

CKScanner 2.3 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.SULBWT
----- EOF -----



MGADiag

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
Windows Product ID: 89578-OEM-7332157-00204
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {CE5D9C9E-B06A-44E4-A6E6-550762535F41}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.130308-1436
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 109 N/A
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{CE5D9C9E-B06A-44E4-A6E6-550762535F41}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89578-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-3528189516-2229878515-3528017422</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Vostro 220 Series </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>1.0.4</Version><SMBIOSVersion major="2" minor="5"/><Date>20090210000000.000000+000</Date></BIOS><HWID>70333507018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>FX09 </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500204-02-2057-6001.0000-1342009
Installation ID: 016034931575973892682944438004296593633712636121311572
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: B9HD2
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: MAAAAAEAAQABAAIAAQABAAAAAgABAAEAJJSI7rDb8CKKpDylYB7y9BjrqjysVkbK

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 021009 APIC1505
FACP 021009 FACP1505
HPET 021009 OEMHPET
MCFG 021009 OEMMCFG
SLIC DELL FX09
OEMB 021009 OEMB1505
GSCI 021009 GMCHSCI
SSDT DpgPmm CpuPm
mylittlepony
Active Member
 
Posts: 12
Joined: June 5th, 2013, 9:52 am

Re: Help with malware removal

Unread postby deltalima » June 10th, 2013, 4:53 pm

Hi mylittlepony,

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it (Right click and choose "Run as administrator" in Vista/Win7).
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file (Right click and choose "Run as administrator" in Vista/Win7). If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help with malware removal

Unread postby mylittlepony » June 11th, 2013, 2:43 am

Hi deltalima

The scans took a lot longer than I expected so I left it running overnight. Only one warning message came up from AVG during the scans and I selected the "allow option" to continue. Here are the results.


OTL.txt

OTL logfile created on: 10/06/2013 22:01:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User_1\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.97 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 41.17% Memory free
4.17 Gb Paging File | 2.69 Gb Available in Paging File | 64.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 217.75 Gb Total Space | 96.10 Gb Free Space | 44.13% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.53 Gb Free Space | 63.54% Space Free | Partition Type: NTFS

Computer Name: DELL-PC | User Name: User_1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\User_1\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Nuance\Nuance Cloud Connector\GladinetClient.exe (Gladinet, INC)
PRC - C:\Program Files\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe (Gladinet, INC)
PRC - C:\Program Files\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe ()
PRC - C:\Program Files\Nuance\PDF Viewer Plus\PdfPro7Hook.exe (Nuance Communications, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll ()
MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll ()
MOD - C:\Program Files\Nuance\Nuance Cloud Connector\WOSBr_nuance.dll ()
MOD - C:\Program Files\Nuance\Nuance Cloud Connector\WOSMui_En.dll ()
MOD - C:\Program Files\Nuance\Nuance Cloud Connector\WOSMui.dll ()
MOD - C:\Program Files\Nuance\Nuance Cloud Connector\zlib125.dll ()
MOD - C:\Program Files\Nuance\Nuance Cloud Connector\sqlite3.dll ()


========== Services (SafeList) ==========

SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (BingDesktopUpdate) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PDFProFiltSrvPP) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (GladFileMonSvc) -- C:\Program Files\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe (Gladinet, INC)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (mbamchameleon) -- C:\Windows\System32\drivers\mbamchameleon.sys ()
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (RapportCerberus_50414) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_50414.sys ()
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Windows\System32\drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (stdriver) -- C:\Windows\System32\drivers\stdriver32.sys (NCH Software)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (RtNdPt60) -- C:\Windows\System32\drivers\RtNdPt60.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKLM\..\SearchScopes\{472E69CE-A0D3-45A8-AA73-E9E25AF24E9D}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLSDF7&pc=MDDS&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ie ... =1&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{BCF61B68-08FF-4B36-936E-B8AD31622187}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=23 ... 808abc5&q={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..\SearchScopes\{472E69CE-A0D3-45A8-AA73-E9E25AF24E9D}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLSDF7&pc=MDDS&src=IE-SearchBox
IE - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..\SearchScopes\{8125748D-F881-4B94-BBE0-00A95AB73944}: "URL" = http://search.avg.com/route/?d=4b3d2cf0 ... =chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
IE - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ie ... =1&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..\SearchScopes\{BCF61B68-08FF-4B36-936E-B8AD31622187}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=23 ... 808abc5&q={searchTerms}
IE - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=1083&systemid=1&sr=0&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files\Nuance\PDF Viewer Plus\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\User_1\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/05/18 12:41:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6b4\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 4\components [2010/05/14 06:41:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6b4\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins [2013/05/21 20:40:07 | 000,000,000 | ---D | M]

[2012/01/18 10:32:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User_1\AppData\Roaming\Mozilla\Extensions
[2013/05/08 11:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\extensions
[2010/06/14 06:47:16 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/06/14 06:45:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/18 10:39:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
[2011/11/22 22:01:41 | 000,000,000 | ---D | M] (VshareComplete - Speed up your search with your personal search suggestions tool) -- C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403}
[2012/07/29 09:33:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\extensions\plugin@yontoo.com
[2011/11/22 22:08:59 | 000,002,517 | ---- | M] () -- C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\searchplugins\Search_Results.xml
[2011/07/11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\searchplugins\startsear.xml
File not found (No name found) -- C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION
[2010/04/20 13:21:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 3.6 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=cr ... =1&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\User_1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\User_1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\User_1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\User_1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\User_1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Gmail = C:\Users\User_1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - !{8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFProHook] C:\Program Files\Nuance\PDF Viewer Plus\PdfPro7Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort14reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)
O15 - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
O15 - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..Trusted Domains: promap.co.uk ([www] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {644F656A-013E-4198-BE03-1D7A4F6AB550} https://www.promapserver.co.uk/controls ... promap.cab (Promap Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EF690AD-A359-45A8-ABA9-77DF6C45A09C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77E1F9C7-604C-459B-9494-D2B23530F364}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/10 21:57:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User_1\Desktop\OTL.exe
[2013/06/10 21:23:34 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/06/10 21:05:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/06/10 20:56:33 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\User_1\Desktop\MGADiag.exe
[2013/06/05 15:10:51 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\User_1\Desktop\dds.scr
[2013/06/05 08:11:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/06/05 07:59:26 | 000,000,000 | ---D | C] -- C:\Users\User_1\Desktop\tdsskiller
[2013/05/31 08:05:22 | 000,000,000 | ---D | C] -- C:\Users\User_1\AppData\Local\FixItCenter
[2013/05/31 08:01:31 | 000,000,000 | ---D | C] -- C:\Windows\MATS
[2013/05/31 08:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2013/05/27 14:42:59 | 000,000,000 | ---D | C] -- C:\Users\User_1\AppData\Roaming\Malwarebytes
[2013/05/27 14:42:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/27 14:42:34 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/05/27 14:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/21 09:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/05/15 23:48:03 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/15 23:37:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/15 23:37:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/15 23:37:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/05/15 23:37:06 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/15 23:37:04 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/15 23:37:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/05/15 23:37:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/05/15 07:20:01 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/05/15 07:19:48 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Users\User_1\*.tmp files -> C:\Users\User_1\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/10 22:00:00 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job
[2013/06/10 21:57:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User_1\Desktop\OTL.exe
[2013/06/10 21:57:37 | 000,000,871 | ---- | M] () -- C:\Users\User_1\Desktop\MalWare Removal Forum • View topic - HOW TO GET HELP IN THIS FORUM - everyone must read this..website
[2013/06/10 21:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/10 21:25:41 | 000,017,408 | ---- | M] () -- C:\Users\User_1\AppData\Roaming\wklnhst.dat
[2013/06/10 21:22:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/10 21:22:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/10 21:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/10 21:11:52 | 000,385,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/06/10 21:11:51 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/10 21:11:50 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2013/06/10 21:11:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/10 21:11:33 | 2110,771,200 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/10 20:56:33 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\User_1\Desktop\MGADiag.exe
[2013/06/10 20:53:15 | 000,459,264 | ---- | M] () -- C:\Users\User_1\Desktop\CKScanner.exe
[2013/06/10 11:57:22 | 000,027,136 | ---- | M] () -- C:\Users\User_1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/06 19:57:50 | 000,000,807 | ---- | M] () -- C:\Users\User_1\Application Data\Microsoft\Internet Explorer\Quick Launch\Long term forecast for London, England (United Kingdom) – yr.no.website
[2013/06/06 00:19:52 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/06/05 22:49:34 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/05 15:10:51 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\User_1\Desktop\dds.scr
[2013/06/05 14:28:29 | 000,001,006 | ---- | M] () -- C:\Users\User_1\Desktop\Continue Adobe Reader Free Download Installation.lnk
[2013/06/05 08:22:57 | 000,031,560 | ---- | M] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/05/31 08:01:40 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Fix it Center.lnk
[2013/05/27 16:08:46 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/05/27 14:42:46 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/26 23:51:29 | 000,645,088 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/26 23:51:29 | 000,123,148 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/25 18:22:13 | 000,002,347 | ---- | M] () -- C:\Users\User_1\Desktop\SyncToy 2.1.lnk
[2013/05/21 09:38:16 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/05/18 12:41:44 | 000,001,434 | ---- | M] () -- C:\Users\User_1\Desktop\DivX Movies.lnk
[2013/05/18 12:40:59 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013/05/18 12:40:19 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013/05/18 12:37:50 | 000,000,000 | ---- | M] () -- C:\END
[2013/05/14 23:19:20 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/14 23:19:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Users\User_1\*.tmp files -> C:\Users\User_1\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/10 20:53:15 | 000,459,264 | ---- | C] () -- C:\Users\User_1\Desktop\CKScanner.exe
[2013/06/05 15:14:31 | 000,000,871 | ---- | C] () -- C:\Users\User_1\Desktop\MalWare Removal Forum • View topic - HOW TO GET HELP IN THIS FORUM - everyone must read this..website
[2013/06/05 14:28:29 | 000,001,006 | ---- | C] () -- C:\Users\User_1\Desktop\Continue Adobe Reader Free Download Installation.lnk
[2013/06/05 08:22:57 | 000,031,560 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/05/31 08:01:40 | 000,000,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Fix it Center.lnk
[2013/05/31 08:01:40 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Fix it Center.lnk
[2013/05/30 12:03:43 | 000,000,807 | ---- | C] () -- C:\Users\User_1\Application Data\Microsoft\Internet Explorer\Quick Launch\Long term forecast for London, England (United Kingdom) – yr.no.website
[2013/05/27 14:42:46 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/18 12:40:59 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013/05/18 12:37:50 | 000,000,000 | ---- | C] () -- C:\END
[2012/04/11 16:45:08 | 000,000,016 | -H-- | C] () -- C:\Users\User_1\SyncToy_d9fabba5-1c88-4f85-b208-ed3c83240c29.dat
[2012/02/27 16:04:00 | 000,060,304 | ---- | C] () -- C:\Users\User_1\g2mdlhlpx.exe
[2011/10/28 19:10:36 | 000,034,326 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2011/08/01 12:24:28 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2011/07/09 17:44:30 | 000,038,433 | ---- | C] () -- C:\Users\User_1\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/02/19 10:09:27 | 000,005,178 | ---- | C] () -- C:\Users\User_1\webex.ini
[2010/02/19 10:09:25 | 000,028,672 | ---- | C] () -- C:\Users\User_1\atwbxdet.dll
[2009/07/27 12:38:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/11 17:34:05 | 004,149,248 | ---- | C] () -- C:\Users\User_1\AppData\Local\filesync.metadata
[2009/05/14 20:53:13 | 000,027,136 | ---- | C] () -- C:\Users\User_1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/14 12:54:45 | 000,017,408 | ---- | C] () -- C:\Users\User_1\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 242 bytes -> C:\ProgramData\TEMP:FD9CE1F3
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >



EXTRAS.txt

OTL Extras logfile created on: 10/06/2013 22:01:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User_1\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.97 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 41.17% Memory free
4.17 Gb Paging File | 2.69 Gb Available in Paging File | 64.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 217.75 Gb Total Space | 96.10 Gb Free Space | 44.13% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.53 Gb Free Space | 63.54% Space Free | Partition Type: NTFS

Computer Name: DELL-PC | User Name: User_1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3528189516-2229878515-3528017422-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DDAE08-89C6-4801-B350-32965F0F5B1F}" = rport=138 | protocol=17 | dir=out | app=system |
"{0ECD06D0-0B74-403B-A348-154DECBEA263}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1FB9F892-0C1F-465C-B635-394C9BC71B30}" = lport=139 | protocol=6 | dir=in | app=system |
"{24A81CBF-4A06-42A1-9F87-146EC59F7AC3}" = lport=445 | protocol=6 | dir=in | app=system |
"{24F17BF7-E456-470A-83F1-AA14C2B2E2F9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{31461CBA-C86B-4179-9554-4810CF8F9998}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{36C00D32-3D7B-4CB5-BA1D-AAE0F236475C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C729743-98C3-4BC1-8618-4F429FD3926B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5EE47F80-CE2F-46D8-8DDE-B7ED0D1BE529}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6FF014E6-D4EF-4610-926C-AF1DE45C32DD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71709AE9-2098-4F20-AF8E-DE49F22F5300}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{74566C95-46BC-4943-AFB1-20A4976EAEC3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74A77C8D-88E5-4DAB-946C-20DFB96763CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{8089193E-9F88-4FDD-9524-4BA8C8E68E04}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{859F4624-8C63-4491-932F-3446F4AE7F0D}" = lport=138 | protocol=17 | dir=in | app=system |
"{9A795778-44C3-4CEC-9C9A-FBC82A919EE0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B33B5722-90BB-46B3-ABFE-10FF6CEC5E05}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B606CD80-A947-4DAF-841E-4051CFA044A5}" = rport=445 | protocol=6 | dir=out | app=system |
"{B8BABF15-848B-4BD3-B540-0200DA3DDC4F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BF3B211A-3A7B-4008-95C1-7EB682789FE3}" = lport=137 | protocol=17 | dir=in | app=system |
"{C0E978D4-6E01-4E0F-9D90-154DCF8D856D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CE05F2BB-4905-474F-A4E4-C9CE8F82B37B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9101D44-1E98-4B0D-BA05-F29119AF5B0D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F363AFFF-4A75-4285-9D16-DB578362B390}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F87445CD-203F-490C-9839-C7C5ADD9354B}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{064D13E0-D15D-46C6-A808-6D1FE9772DC9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{07B2298A-651C-42C5-9570-40B25F962EF2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0C145000-7355-4209-91EC-83710C148788}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0E05FDB2-E195-46B1-864D-7FE4160D96CA}" = protocol=17 | dir=in | app=c:\program files\nuance\nuance cloud connector\wosvsssvr.exe |
"{330A5168-355E-4BAD-8C5F-CE36EBCE64DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3DAABFF5-597F-4A8D-8C6D-257355A2A39C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{40ED0A16-00AE-4E10-847B-3B202C0A7C78}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{45EEE8A2-B192-43CF-B9EC-ED0DDE8487BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{460E66FF-17E6-42AD-961C-5A907A97E013}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{49824100-6AE4-4703-9572-5917EF257B93}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E048B72-23AA-489A-82A0-DA90AF02F46A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{51F4ABED-2E08-4068-A798-560BF77B3CF7}" = protocol=6 | dir=in | app=c:\program files\nuance\nuance cloud connector\gladinetclient.exe |
"{57E6EE38-E1CF-4E07-823D-F7085D1E89EA}" = protocol=6 | dir=in | app=c:\program files\nuance\nuance cloud connector\wosvsssvrxp32.exe |
"{62D586A2-0544-4FBD-BCA2-94DB5190DBCD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6EB1814B-02F0-47C3-883D-23E8F0D574D4}" = protocol=6 | dir=in | app=c:\program files\nuance\nuance cloud connector\wosvsssvr.exe |
"{74932B23-A239-4C70-926A-D170F03FBE59}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{7C77E2F9-0477-4163-876E-8A742CEAA6E0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{7FCAA51A-6BB6-4E8E-AEDD-233C0FE6F899}" = dir=in | app=c:\program files\file type assistant\tsassist.exe |
"{910BD607-F586-487D-9B82-7C89C7307A42}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{930F087F-83C8-480C-977B-F619E2F2E93A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{9D239202-E642-4EF9-9C91-168C25402FD3}" = protocol=6 | dir=in | app=c:\program files\nuance\nuance cloud connector\wosvsssvr2003.exe |
"{9DC88407-EB30-41E0-A2F8-7B4AD5E78872}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A29A3A81-EDED-468B-BC5E-3D735616F5A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ACF6F313-A384-465A-B280-03682889D4E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B3A7B831-BAAC-429D-9CAD-3B08030469F0}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{C63F7BB6-95B8-4D10-ABF1-27AD2AA60F76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CC6AFCB7-BAAD-4535-9241-7B04C74BC7A2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{D3903859-BA91-474B-B276-B128DD583229}" = protocol=17 | dir=in | app=c:\program files\nuance\nuance cloud connector\wosvsssvr2003.exe |
"{D48FA0E0-70E6-44F3-8162-21E40B463741}" = protocol=17 | dir=in | app=c:\program files\nuance\nuance cloud connector\gladinetclient.exe |
"{DEEE0655-C30E-42D4-978E-6C3309C9F1DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DF83CED6-059A-4F92-A69A-752D02B7630B}" = protocol=17 | dir=in | app=c:\program files\nuance\nuance cloud connector\wosvsssvrxp32.exe |
"{E142FF18-8530-4405-BA25-ECF939F1F9BC}" = protocol=6 | dir=out | app=system |
"{E73A9606-68B1-4E3A-953B-A072614329B0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F17CF53A-805F-4AEF-AB44-95BCCA90D492}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{73F6AB62-DA44-4A72-BDD0-BC42A5EBF494}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{FFDAD7CB-3D85-4D8B-9DD3-77088663113E}C:\program files\microsoft office\office12\powerpnt.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\powerpnt.exe |
"UDP Query User{29C970C3-F598-4506-AE87-283A1E97AB11}C:\program files\microsoft office\office12\powerpnt.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\powerpnt.exe |
"UDP Query User{B61E966D-C663-4C5D-A4BE-50A2244C5053}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{042A6F10-F770-4886-A502-B795DCF2D3B5}" = Nuance PDF Viewer Plus
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AE79B77-E3FA-4F9C-93D7-4FC643516D6A}" = AVG 2013
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{347607E9-669D-4DFD-80EA-BDF66DEF1288}" = liteCam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}" = PaperPort Anywhere 1.1.4310.24706 powered by OfficeDrop
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{590F8CD3-300F-425C-B447-E4D5AE6799C9}" = Nuance Cloud Connector
"{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6E12D9F6-E86A-4EE3-BA5A-965FDBC6687F}" = O2InstV3Win7UpdateV1
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C64C35E-093A-43B9-B7E5-9966581FC143}" = iSCC
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{ACE26AE1-75E0-44A3-A178-A8E99C62FBC5}" = Nuance PaperPort 14
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DEE76D44-8D7C-4A32-8FAE-A813817631FC}" = AVG 2013
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{EDAB5719-9336-434B-AB1E-1FAFE47AC198}" = Swiss Railway Clock
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AF4226E8D5EAFCFCFD3F2586FA56375A4B504CDE" = Windows Driver Package - Ralink (netr28u) Net (10/29/2008 2.02.04.0000)
"AVG" = AVG 2013
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DivX Setup" = DivX Setup
"ExpressRip" = Express Rip
"FairBot_is1" = FairBot
"Gadwin PrintScreen" = Gadwin PrintScreen
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6b4)" = Mozilla Firefox (3.6b4)
"ODIR_is1" = ODIR
"Rapport_msi" = Rapport
"Recordpad" = RecordPad Sound Recorder
"Scribe" = Express Scribe Uninstall
"SoundTap" = SoundTap Streaming Audio Recorder
"Switch" = Switch Sound File Converter
"Trusted Software Assistant_is1" = File Type Assistant
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 1.0.3
"WavePad" = WavePad Sound Editor
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3528189516-2229878515-3528017422-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Connect 9 Add-in" = Adobe Connect 9 Add-in
"GoToMeeting" = GoToMeeting 5.4.0.1082

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/06/2013 16:16:16 | Computer Name = Dell-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/06/2013 16:16:16 | Computer Name = Dell-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/06/2013 16:16:16 | Computer Name = Dell-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/06/2013 16:16:16 | Computer Name = Dell-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/06/2013 16:52:25 | Computer Name = Dell-PC | Source = Perflib | ID = 1008
Description =

Error - 10/06/2013 16:52:25 | Computer Name = Dell-PC | Source = Perflib | ID = 1010
Description =

Error - 10/06/2013 16:52:25 | Computer Name = Dell-PC | Source = Perflib | ID = 1008
Description =

Error - 10/06/2013 16:52:25 | Computer Name = Dell-PC | Source = Perflib | ID = 1008
Description =

Error - 10/06/2013 16:52:25 | Computer Name = Dell-PC | Source = Perflib | ID = 1008
Description =

Error - 10/06/2013 16:52:25 | Computer Name = Dell-PC | Source = Perflib | ID = 1008
Description =

Error - 10/06/2013 16:52:25 | Computer Name = Dell-PC | Source = Perflib | ID = 1008
Description =

[ System Events ]
Error - 06/06/2013 19:33:50 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 07/06/2013 02:48:54 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 07/06/2013 09:26:50 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 07/06/2013 09:40:06 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 07/06/2013 10:03:33 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 09/06/2013 20:29:36 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09/06/2013 21:09:05 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 10/06/2013 03:02:48 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/06/2013 16:10:09 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 10/06/2013 16:13:13 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >


GMER.txt


GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-11 07:23:46
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST325031 rev.4.AD 232.83GB
Running: mbni6p7v.exe; Driver: C:\Users\User_1\AppData\Local\Temp\pxldapod.sys


---- System - GMER 2.1 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x8E6821E6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x8E682EDA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x8E6831E2]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x8E686C2E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x8E686C7C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x8E686EC2]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x8E76A5D0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x8E76A700]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x8E68308A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x8E76A010]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x8E682626]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x8E6827E0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x8E686DCA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x8E686CE6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x8E686D3A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x8E686D82]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x8E682154]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x8E6832F6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x8E686B54]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x8E76A300]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x8E76A3E0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x8E76A120]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x8E76A210]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x8E76A4D0]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_50414.sys ZwCreateThreadEx [0x8E0CDDA0]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!KeSetEvent + 191 82CF88D4 4 Bytes [E6, 21, 68, 8E]
.text ntkrnlpa.exe!KeSetEvent + 1D9 82CF891C 4 Bytes [DA, 2E, 68, 8E]
.text ntkrnlpa.exe!KeSetEvent + 2D1 82CF8A14 8 Bytes [E2, 31, 68, 8E, 2E, 6C, 68, ...]
.text ntkrnlpa.exe!KeSetEvent + 2E1 82CF8A24 4 Bytes JMP EB3C06AB
.text ntkrnlpa.exe!KeSetEvent + 381 82CF8AC4 4 Bytes [C2, 6E, 68, 8E]
.text ...

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1344] ntdll.dll!KiUserApcDispatcher 76F85B78 5 Bytes JMP 013E47F0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1344] kernel32.dll!LoadLibraryExW + 173 74E693DF 4 Bytes JMP 71AB000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1344] WS2_32.dll!getaddrinfo 74FC418A 5 Bytes JMP 71A50022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1344] WS2_32.dll!gethostbyname 74FD62D4 5 Bytes JMP 71AE0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2248] ntdll.dll!KiUserApcDispatcher 76F85B78 5 Bytes JMP 0084CC40 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2248] kernel32.dll!LoadLibraryExW + 173 74E693DF 4 Bytes JMP 71AC000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2248] USER32.dll!InSendMessageEx + 3B1 74F2E6B0 6 Bytes JMP 71AE001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2248] WS2_32.dll!getaddrinfo 74FC418A 5 Bytes JMP 71A20022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2248] WS2_32.dll!gethostbyname 74FD62D4 5 Bytes JMP 71A60022
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] ntdll.dll!NtMapViewOfSection 76F84994 5 Bytes JMP 719F0022
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] ntdll.dll!KiUserApcDispatcher + E 76F85B86 5 Bytes JMP 6FA70FC0 c:\program files\trusteer\rapport\bin\rooksdol.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] kernel32.dll!QueueUserWorkItem 74E59104 6 Bytes PUSH 70FC0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] kernel32.dll!LoadLibraryExW + 173 74E693DF 4 Bytes JMP 71AC000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] kernel32.dll!SetUnhandledExceptionFilter 74E6A8B5 6 Bytes PUSH 71A30022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WS2_32.dll!connect 74FC40D9 5 Bytes JMP 710D0022
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WS2_32.dll!getaddrinfo 74FC418A 5 Bytes JMP 71080022
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WS2_32.dll!GetAddrInfoExW 74FD288D 5 Bytes JMP 71120022
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] GDI32.dll!BitBlt 753070A6 6 Bytes PUSH 71810022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!DdeInitializeW 74F27921 6 Bytes PUSH 71750022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!EnableWindow 74F2CD8B 5 Bytes JMP 6E689EBC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!RegisterClassExW 74F2DA30 6 Bytes PUSH 71AE0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!CreateWindowExA 74F2DC2A 6 Bytes JMP 7192000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!RegisterClassA 74F2DF42 6 Bytes PUSH 71890022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!RegisterClassW 74F2E1AB 6 Bytes PUSH 71A60022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!CreateWindowExW 74F31305 6 Bytes JMP 7196000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!TranslateMessage 74F401AD 6 Bytes PUSH 716B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!PeekMessageW 74F4045A 6 Bytes PUSH 719B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!DialogBoxParamW 74F510B0 5 Bytes JMP 6E5E189B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!DialogBoxIndirectParamW 74F52EF5 5 Bytes JMP 6E7D91B6 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!GetClipboardData 74F6715A 6 Bytes PUSH 71710022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!DialogBoxParamA 74F68152 5 Bytes JMP 6E7D9151 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!DialogBoxIndirectParamA 74F6847D 5 Bytes JMP 6E7D921B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!MessageBoxIndirectA 74F7D4D9 5 Bytes JMP 6E7D90D8 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!MessageBoxIndirectW 74F7D5D3 5 Bytes JMP 6E7D905F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!MessageBoxExA 74F7D639 5 Bytes JMP 6E7D8FFB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!MessageBoxExW 74F7D65D 5 Bytes JMP 6E7D8F97 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] ole32.dll!CoCreateInstance 754C9F3E 6 Bytes JMP 718E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] ole32.dll!CoCreateInstanceEx 754C9F81 5 Bytes JMP 717D0022
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetCloseHandle 7511C664 6 Bytes PUSH 714B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetReadFile 7511F8D8 6 Bytes PUSH 712B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!HttpAddRequestHeadersA 75122A3C 6 Bytes PUSH 71670022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetQueryDataAvailable 75123184 6 Bytes PUSH 712F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetOpenA 7512D5E0 6 Bytes PUSH 71370022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetConnectA 7514567E 6 Bytes PUSH 71470022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!HttpOpenRequestA 75145761 6 Bytes PUSH 71630022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetConnectW 75145CFA 6 Bytes PUSH 71430022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!HttpOpenRequestW 75145FEF 6 Bytes PUSH 715F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!HttpSendRequestW 7514632D 6 Bytes PUSH 714F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetOpenW 7514C596 6 Bytes PUSH 71330022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetSetStatusCallback 7514C7AA 6 Bytes PUSH 711F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetReadFileExW 7514F9EE 6 Bytes PUSH 71230022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetReadFileExA 7514FA49 6 Bytes PUSH 71270022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetGetCookieExA 75152B91 6 Bytes PUSH 713B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!HttpSendRequestExW 7515F564 6 Bytes PUSH 71530022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetWriteFile 7515F6C6 6 Bytes PUSH 711B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!HttpSendRequestA 7517525A 6 Bytes PUSH 715B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!HttpSendRequestExA 751BECE5 6 Bytes PUSH 71570022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[3184] WININET.dll!InternetGetCookieA 751C03DE 6 Bytes PUSH 713F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] ntdll.dll!NtMapViewOfSection 76F84994 5 Bytes JMP 719F0022
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] ntdll.dll!KiUserApcDispatcher + E 76F85B86 5 Bytes JMP 6FA70FC0 c:\program files\trusteer\rapport\bin\rooksdol.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] kernel32.dll!QueueUserWorkItem 74E59104 6 Bytes PUSH 70FC0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] kernel32.dll!LoadLibraryExW + 173 74E693DF 4 Bytes JMP 71AC000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] kernel32.dll!SetUnhandledExceptionFilter 74E6A8B5 6 Bytes PUSH 71A30022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] kernel32.dll!CreateThread 74E8CB0E 5 Bytes JMP 6E6475E3 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WS2_32.dll!connect 74FC40D9 5 Bytes JMP 710D0022
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WS2_32.dll!getaddrinfo 74FC418A 5 Bytes JMP 71080022
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WS2_32.dll!GetAddrInfoExW 74FD288D 5 Bytes JMP 71120022
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] GDI32.dll!BitBlt 753070A6 6 Bytes PUSH 71810022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!CreateDialogParamW 74F272A2 3 Bytes JMP 6E7D9520 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!CreateDialogParamW + 4 74F272A6 1 Byte [F9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!DdeInitializeW 74F27921 6 Bytes PUSH 71750022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!GetAsyncKeyState 74F2863C 5 Bytes JMP 6E62DECD C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!SetWindowsHookExW 74F287AD 5 Bytes JMP 6E6825B4 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!CallNextHookEx 74F28E3B 5 Bytes JMP 6E6A7FF1 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!UnhookWindowsHookEx 74F298DB 5 Bytes JMP 6E6CED14 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!EnableWindow 74F2CD8B 5 Bytes JMP 6E689EBC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!RegisterClassExW 74F2DA30 6 Bytes PUSH 71AE0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!DefWindowProcA 74F2DB88 7 Bytes JMP 6E64980D C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!CreateWindowExA 74F2DC2A 6 Bytes JMP 6E653643 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!RegisterClassA 74F2DF42 6 Bytes PUSH 71890022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!RegisterClassW 74F2E1AB 6 Bytes PUSH 71A60022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!CreateWindowExW 74F31305 6 Bytes JMP 7196000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!GetKeyState 74F38CB1 5 Bytes JMP 6E62DDA7 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!TranslateMessage 74F401AD 6 Bytes PUSH 716B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!DefWindowProcW 74F403B4 7 Bytes JMP 6E6A8054 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!PeekMessageW 74F4045A 6 Bytes PUSH 719B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!IsDialogMessageW 74F40745 5 Bytes JMP 6E7D9C7A C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!CreateDialogParamA 74F417AA 5 Bytes JMP 6E7D94E8 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!IsDialogMessage 74F41847 5 Bytes JMP 6E7D9C52 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!CreateDialogIndirectParamA 74F426F1 5 Bytes JMP 6E7D9558 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!CreateDialogIndirectParamW 74F49A62 5 Bytes JMP 6E7D9590 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!SetKeyboardState 74F50987 5 Bytes JMP 6E7DA571 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!DialogBoxParamW 74F510B0 5 Bytes JMP 6E5E189B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!DialogBoxIndirectParamW 74F52EF5 5 Bytes JMP 6E7D91B6 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!SendInput 74F52F75 5 Bytes JMP 6E7DA519 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!EndDialog 74F5326E 5 Bytes JMP 6E7D9F26 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!SetCursorPos 74F66FB2 5 Bytes JMP 6E7DA5F2 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!GetClipboardData 74F6715A 6 Bytes PUSH 71710022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!DialogBoxParamA 74F68152 5 Bytes JMP 6E7D9151 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!DialogBoxIndirectParamA 74F6847D 5 Bytes JMP 6E7D921B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!MessageBoxIndirectA 74F7D4D9 5 Bytes JMP 6E7D90D8 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!MessageBoxIndirectW 74F7D5D3 5 Bytes JMP 6E7D905F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!MessageBoxExA 74F7D639 5 Bytes JMP 6E7D8FFB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!MessageBoxExW 74F7D65D 5 Bytes JMP 6E7D8F97 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!keybd_event 74F7D972 5 Bytes JMP 6E7DA4D6 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] SHELL32.dll!SHRestricted + D95 756489A8 4 Bytes [CF, 01, F6, 6B]
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] SHELL32.dll!SHRestricted + D9D 756489B0 8 Bytes [E0, 61, F5, 6B, 79, F7, F5, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] ole32.dll!OleLoadFromStream 75491E80 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] ole32.dll!OleLoadFromStream 75491E80 5 Bytes JMP 6E7D9984 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] ole32.dll!CoCreateInstanceEx 754C9F81 5 Bytes JMP 717D0022
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetCloseHandle 7511C664 6 Bytes PUSH 714B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetReadFile 7511F8D8 6 Bytes PUSH 712B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!HttpAddRequestHeadersA 75122A3C 6 Bytes PUSH 71670022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetQueryDataAvailable 75123184 6 Bytes PUSH 712F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetOpenA 7512D5E0 6 Bytes PUSH 71370022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetConnectA 7514567E 6 Bytes PUSH 71470022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!HttpOpenRequestA 75145761 6 Bytes PUSH 71630022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetConnectW 75145CFA 6 Bytes PUSH 71430022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!HttpOpenRequestW 75145FEF 6 Bytes PUSH 715F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!HttpSendRequestW 7514632D 6 Bytes PUSH 714F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetOpenW 7514C596 6 Bytes PUSH 71330022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetSetStatusCallback 7514C7AA 6 Bytes PUSH 711F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetReadFileExW 7514F9EE 6 Bytes PUSH 71230022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetReadFileExA 7514FA49 6 Bytes PUSH 71270022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetGetCookieExA 75152B91 6 Bytes PUSH 713B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!HttpSendRequestExW 7515F564 6 Bytes PUSH 71530022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetWriteFile 7515F6C6 6 Bytes PUSH 711B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!HttpSendRequestA 7517525A 6 Bytes PUSH 715B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!HttpSendRequestExA 751BECE5 6 Bytes PUSH 71570022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] WININET.dll!InternetGetCookieA 751C03DE 6 Bytes PUSH 713F0022; RET

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3528189516-2229878515-3528017422-1000@RefCount 4

---- EOF - GMER 2.1 ----
mylittlepony
Active Member
 
Posts: 12
Joined: June 5th, 2013, 9:52 am

Re: Help with malware removal

Unread postby deltalima » June 11th, 2013, 3:05 am

Hi mylittlepony,

TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool. Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. Click Change parameters
  4. Under Additional Options CHECK Verify file digital signatures
  5. IMPORTANT: Ensure Detect TDLFS file system remains UNCHECKED.
  6. Click Start scan and allow it to scan for Malicious objects.

    • If Malicious objects are detected, the default action will be Cure, ensure SKIP is selected... then click Continue
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected... then click Continue
    • If Unsigned files are detected, the default action will be Skip, ensure Skip is selected... then click Continue

    DO NOT change the default actions, other than CURE to SKIP.

  7. You may be asked to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  8. A log will be created on your root drive (usually C:) drive. The log will have a name like Name.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  9. If no reboot is required, click on Report. A log file should appear.
  10. Please post the contents of the log file in your next reply
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help with malware removal

Unread postby mylittlepony » June 11th, 2013, 5:14 am

Hi deltalima

I have previously run TDSSKiller.exe and I have the log from the previous results if you require them. The log listed below was produced after downloading TDSSKiller.exe just now and following the instructions in your last post.

Latest Log

09:42:02.0967 5664 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:42:03.0160 5664 ============================================================
09:42:03.0160 5664 Current date / time: 2013/06/11 09:42:03.0160
09:42:03.0160 5664 SystemInfo:
09:42:03.0160 5664
09:42:03.0160 5664 OS Version: 6.0.6002 ServicePack: 2.0
09:42:03.0160 5664 Product type: Workstation
09:42:03.0160 5664 ComputerName: DELL-PC
09:42:03.0161 5664 UserName: User_1
09:42:03.0161 5664 Windows directory: C:\Windows
09:42:03.0161 5664 System windows directory: C:\Windows
09:42:03.0161 5664 Processor architecture: Intel x86
09:42:03.0161 5664 Number of processors: 2
09:42:03.0161 5664 Page size: 0x1000
09:42:03.0161 5664 Boot type: Normal boot
09:42:03.0161 5664 ============================================================
09:42:03.0846 5664 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:42:03.0849 5664 ============================================================
09:42:03.0849 5664 \Device\Harddisk0\DR0:
09:42:03.0901 5664 MBR partitions:
09:42:03.0902 5664 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x1E00000
09:42:03.0902 5664 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E27800, BlocksNum 0x1B381000
09:42:03.0902 5664 ============================================================
09:42:04.0046 5664 C: <-> \Device\Harddisk0\DR0\Partition2
09:42:04.0075 5664 D: <-> \Device\Harddisk0\DR0\Partition1
09:42:04.0075 5664 ============================================================
09:42:04.0075 5664 Initialize success
09:42:04.0075 5664 ============================================================
09:43:16.0260 4232 ============================================================
09:43:16.0260 4232 Scan started
09:43:16.0260 4232 Mode: Manual; SigCheck;
09:43:16.0260 4232 ============================================================
09:43:16.0845 4232 ================ Scan system memory ========================
09:43:16.0845 4232 System memory - ok
09:43:16.0845 4232 ================ Scan services =============================
09:43:17.0035 4232 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
09:43:17.0150 4232 ACPI - ok
09:43:17.0247 4232 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:43:17.0264 4232 AdobeARMservice - ok
09:43:17.0322 4232 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:43:17.0340 4232 AdobeFlashPlayerUpdateSvc - ok
09:43:17.0388 4232 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:43:17.0435 4232 adp94xx - ok
09:43:17.0456 4232 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:43:17.0476 4232 adpahci - ok
09:43:17.0492 4232 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
09:43:17.0510 4232 adpu160m - ok
09:43:17.0529 4232 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:43:17.0546 4232 adpu320 - ok
09:43:17.0615 4232 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:43:17.0682 4232 AeLookupSvc - ok
09:43:17.0736 4232 [ 97210CDE1BA95053CAD83D0FBB7C6A89 ] AERTFilters C:\Windows\system32\AERTSrv.exe
09:43:17.0793 4232 AERTFilters - ok
09:43:17.0861 4232 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
09:43:17.0926 4232 AFD - ok
09:43:17.0983 4232 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:43:17.0999 4232 agp440 - ok
09:43:18.0044 4232 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
09:43:18.0061 4232 aic78xx - ok
09:43:18.0101 4232 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
09:43:18.0285 4232 ALG - ok
09:43:18.0321 4232 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
09:43:18.0334 4232 aliide - ok
09:43:18.0387 4232 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:43:18.0402 4232 amdagp - ok
09:43:18.0436 4232 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
09:43:18.0450 4232 amdide - ok
09:43:18.0485 4232 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
09:43:18.0556 4232 AmdK7 - ok
09:43:18.0569 4232 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:43:18.0613 4232 AmdK8 - ok
09:43:18.0653 4232 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
09:43:18.0685 4232 Appinfo - ok
09:43:18.0715 4232 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
09:43:18.0730 4232 arc - ok
09:43:18.0764 4232 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:43:18.0782 4232 arcsas - ok
09:43:18.0910 4232 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:43:18.0943 4232 aspnet_state - ok
09:43:18.0984 4232 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:43:19.0059 4232 AsyncMac - ok
09:43:19.0072 4232 [ 0D83C87A801A3DFCD1BF73893FE7518C ] atapi C:\Windows\system32\drivers\atapi.sys
09:43:19.0086 4232 atapi - ok
09:43:19.0153 4232 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:43:19.0183 4232 AudioEndpointBuilder - ok
09:43:19.0203 4232 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:43:19.0226 4232 Audiosrv - ok
09:43:19.0438 4232 [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
09:43:19.0663 4232 AVGIDSAgent - ok
09:43:19.0715 4232 [ 4750A2A188D39034F5DDDDAE1BF38BF8 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
09:43:19.0738 4232 AVGIDSDriver - ok
09:43:19.0796 4232 [ B0DEF92F4E1E6B9242E6C8FAB82703F7 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
09:43:19.0828 4232 AVGIDSHX - ok
09:43:19.0850 4232 [ A426B2DC795531D99E2EE1952AEC051A ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
09:43:19.0863 4232 AVGIDSShim - ok
09:43:19.0940 4232 [ 08FA13787D77A75DC413E27FD92B44E8 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
09:43:19.0961 4232 Avgldx86 - ok
09:43:19.0990 4232 [ 3E587EE55C70E6DB78A98D7121D3052E ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
09:43:20.0007 4232 Avglogx - ok
09:43:20.0059 4232 [ 5AC56B2CF8EE751796C5A8FC5C631B66 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
09:43:20.0074 4232 Avgmfx86 - ok
09:43:20.0096 4232 [ C29E6070396E437FDE184D739CCBA2C7 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
09:43:20.0109 4232 Avgrkx86 - ok
09:43:20.0161 4232 [ 14370FB29526F593C04FA48B5D69F7F0 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
09:43:20.0178 4232 Avgtdix - ok
09:43:20.0229 4232 [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
09:43:20.0247 4232 avgwd - ok
09:43:20.0355 4232 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
09:43:20.0374 4232 BBSvc - ok
09:43:20.0423 4232 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
09:43:20.0453 4232 BBUpdate - ok
09:43:20.0479 4232 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
09:43:20.0523 4232 Beep - ok
09:43:20.0588 4232 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
09:43:20.0635 4232 BFE - ok
09:43:20.0744 4232 [ 85D5E6AC46A2AE4672C1AC813AE45B95 ] BingDesktopUpdate C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
09:43:20.0764 4232 BingDesktopUpdate - ok
09:43:20.0864 4232 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
09:43:20.0947 4232 BITS - ok
09:43:20.0970 4232 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
09:43:21.0036 4232 blbdrive - ok
09:43:21.0084 4232 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:43:21.0145 4232 bowser - ok
09:43:21.0196 4232 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
09:43:21.0270 4232 BrFiltLo - ok
09:43:21.0281 4232 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
09:43:21.0320 4232 BrFiltUp - ok
09:43:21.0339 4232 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
09:43:21.0414 4232 Browser - ok
09:43:21.0452 4232 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
09:43:21.0612 4232 Brserid - ok
09:43:21.0635 4232 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
09:43:21.0703 4232 BrSerWdm - ok
09:43:21.0718 4232 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
09:43:21.0778 4232 BrUsbMdm - ok
09:43:21.0806 4232 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
09:43:21.0872 4232 BrUsbSer - ok
09:43:21.0917 4232 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:43:21.0967 4232 BTHMODEM - ok
09:43:22.0018 4232 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:43:22.0067 4232 cdfs - ok
09:43:22.0149 4232 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:43:22.0227 4232 cdrom - ok
09:43:22.0290 4232 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
09:43:22.0346 4232 CertPropSvc - ok
09:43:22.0366 4232 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
09:43:22.0409 4232 circlass - ok
09:43:22.0470 4232 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
09:43:22.0513 4232 CLFS - ok
09:43:22.0716 4232 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:43:22.0732 4232 clr_optimization_v2.0.50727_32 - ok
09:43:22.0783 4232 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:43:22.0799 4232 clr_optimization_v4.0.30319_32 - ok
09:43:22.0839 4232 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:43:22.0853 4232 cmdide - ok
09:43:22.0867 4232 [ 4FC0A44DA7603229E1A9454126A59EFD ] Compbatt C:\Windows\system32\drivers\compbatt.sys
09:43:22.0882 4232 Compbatt - ok
09:43:22.0887 4232 COMSysApp - ok
09:43:22.0906 4232 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:43:22.0934 4232 crcdisk - ok
09:43:22.0953 4232 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
09:43:23.0001 4232 Crusoe - ok
09:43:23.0086 4232 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:43:23.0129 4232 CryptSvc - ok
09:43:23.0233 4232 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:43:23.0286 4232 DcomLaunch - ok
09:43:23.0334 4232 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:43:23.0367 4232 DfsC - ok
09:43:23.0487 4232 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
09:43:23.0700 4232 DFSR - ok
09:43:23.0773 4232 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
09:43:23.0812 4232 Dhcp - ok
09:43:23.0853 4232 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
09:43:23.0880 4232 disk - ok
09:43:23.0997 4232 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:43:24.0047 4232 Dnscache - ok
09:43:24.0102 4232 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:43:24.0142 4232 dot3svc - ok
09:43:24.0182 4232 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
09:43:24.0210 4232 DPS - ok
09:43:24.0244 4232 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:43:24.0278 4232 drmkaud - ok
09:43:24.0416 4232 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:43:24.0458 4232 DXGKrnl - ok
09:43:24.0507 4232 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
09:43:24.0563 4232 e1express - ok
09:43:24.0596 4232 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
09:43:24.0640 4232 E1G60 - ok
09:43:24.0668 4232 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
09:43:24.0697 4232 EapHost - ok
09:43:24.0772 4232 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
09:43:24.0790 4232 Ecache - ok
09:43:24.0871 4232 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:43:24.0915 4232 ehRecvr - ok
09:43:24.0934 4232 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
09:43:24.0977 4232 ehSched - ok
09:43:25.0003 4232 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
09:43:25.0027 4232 ehstart - ok
09:43:25.0095 4232 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:43:25.0169 4232 elxstor - ok
09:43:25.0316 4232 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
09:43:25.0414 4232 EMDMgmt - ok
09:43:25.0474 4232 [ F2A80DE2D1B7116052C09CB4D4CA1416 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:43:25.0541 4232 ErrDev - ok
09:43:25.0665 4232 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
09:43:25.0729 4232 EventSystem - ok
09:43:25.0802 4232 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
09:43:25.0899 4232 exfat - ok
09:43:25.0956 4232 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:43:26.0029 4232 fastfat - ok
09:43:26.0046 4232 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:43:26.0123 4232 fdc - ok
09:43:26.0146 4232 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
09:43:26.0171 4232 fdPHost - ok
09:43:26.0189 4232 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
09:43:26.0241 4232 FDResPub - ok
09:43:26.0258 4232 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:43:26.0286 4232 FileInfo - ok
09:43:26.0303 4232 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:43:26.0346 4232 Filetrace - ok
09:43:26.0364 4232 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:43:26.0405 4232 flpydisk - ok
09:43:26.0485 4232 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:43:26.0513 4232 FltMgr - ok
09:43:26.0737 4232 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
09:43:26.0816 4232 FontCache - ok
09:43:26.0907 4232 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:43:26.0920 4232 FontCache3.0.0.0 - ok
09:43:26.0950 4232 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:43:26.0995 4232 Fs_Rec - ok
09:43:27.0022 4232 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:43:27.0037 4232 gagp30kx - ok
09:43:27.0173 4232 [ 1C49BA676E9F779B7F8A7FFD504B527D ] GladFileMonSvc C:\Program Files\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe
09:43:27.0186 4232 GladFileMonSvc - ok
09:43:27.0243 4232 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
09:43:27.0321 4232 gpsvc - ok
09:43:27.0419 4232 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1caafef9d3113e3 C:\Program Files\Google\Update\GoogleUpdate.exe
09:43:27.0433 4232 gupdate1caafef9d3113e3 - ok
09:43:27.0452 4232 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:43:27.0466 4232 gupdatem - ok
09:43:27.0498 4232 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:43:27.0513 4232 gusvc - ok
09:43:27.0556 4232 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:43:27.0620 4232 HDAudBus - ok
09:43:27.0661 4232 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:43:27.0743 4232 HidBth - ok
09:43:27.0758 4232 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
09:43:27.0821 4232 HidIr - ok
09:43:27.0865 4232 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
09:43:27.0916 4232 hidserv - ok
09:43:27.0953 4232 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:43:27.0987 4232 HidUsb - ok
09:43:28.0016 4232 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:43:28.0042 4232 hkmsvc - ok
09:43:28.0064 4232 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
09:43:28.0079 4232 HpCISSs - ok
09:43:28.0137 4232 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:43:28.0192 4232 HTTP - ok
09:43:28.0235 4232 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
09:43:28.0250 4232 i2omp - ok
09:43:28.0278 4232 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:43:28.0319 4232 i8042prt - ok
09:43:28.0413 4232 [ F79525634B192F5A18DE503568F94EF3 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
09:43:28.0444 4232 IAANTMON - ok
09:43:28.0503 4232 [ 707C1692214B1C290271067197F075F6 ] iaStor C:\Windows\system32\drivers\iastor.sys
09:43:28.0519 4232 iaStor - ok
09:43:28.0554 4232 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
09:43:28.0574 4232 iaStorV - ok
09:43:28.0650 4232 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:43:28.0731 4232 idsvc - ok
09:43:29.0030 4232 [ DCE0B53570703CCE580D066F89EF58CD ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
09:43:29.0616 4232 igfx - ok
09:43:29.0637 4232 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:43:29.0674 4232 iirsp - ok
09:43:29.0746 4232 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
09:43:29.0817 4232 IKEEXT - ok
09:43:30.0077 4232 [ 9B89F2E3D705651DEC1F01033B9D6B24 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:43:30.0225 4232 IntcAzAudAddService - ok
09:43:30.0290 4232 [ 8DAB99684CFE8B4DDD5D6D0C5D55FDAC ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
09:43:30.0324 4232 IntcHdmiAddService - ok
09:43:30.0341 4232 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
09:43:30.0356 4232 intelide - ok
09:43:30.0376 4232 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:43:30.0421 4232 intelppm - ok
09:43:30.0483 4232 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:43:30.0550 4232 IPBusEnum - ok
09:43:30.0603 4232 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:43:30.0681 4232 IpFilterDriver - ok
09:43:30.0737 4232 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:43:30.0777 4232 iphlpsvc - ok
09:43:30.0782 4232 IpInIp - ok
09:43:30.0801 4232 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
09:43:30.0844 4232 IPMIDRV - ok
09:43:30.0866 4232 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
09:43:30.0944 4232 IPNAT - ok
09:43:30.0958 4232 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:43:31.0011 4232 IRENUM - ok
09:43:31.0033 4232 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:43:31.0070 4232 isapnp - ok
09:43:31.0127 4232 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
09:43:31.0145 4232 iScsiPrt - ok
09:43:31.0178 4232 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
09:43:31.0192 4232 iteatapi - ok
09:43:31.0205 4232 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
09:43:31.0237 4232 iteraid - ok
09:43:31.0285 4232 [ B07084095F8C03AADB9811C9DF14B5E4 ] JRAID C:\Windows\system32\drivers\jraid.sys
09:43:31.0341 4232 JRAID - ok
09:43:31.0372 4232 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:43:31.0386 4232 kbdclass - ok
09:43:31.0449 4232 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:43:31.0521 4232 kbdhid - ok
09:43:31.0571 4232 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
09:43:31.0613 4232 KeyIso - ok
09:43:31.0748 4232 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:43:31.0796 4232 KSecDD - ok
09:43:31.0851 4232 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
09:43:31.0960 4232 KtmRm - ok
09:43:32.0016 4232 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
09:43:32.0090 4232 LanmanServer - ok
09:43:32.0190 4232 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:43:32.0258 4232 LanmanWorkstation - ok
09:43:32.0294 4232 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:43:32.0329 4232 lltdio - ok
09:43:32.0432 4232 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:43:32.0473 4232 lltdsvc - ok
09:43:32.0489 4232 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:43:32.0531 4232 lmhosts - ok
09:43:32.0582 4232 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:43:32.0608 4232 LSI_FC - ok
09:43:32.0627 4232 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:43:32.0644 4232 LSI_SAS - ok
09:43:32.0663 4232 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:43:32.0679 4232 LSI_SCSI - ok
09:43:32.0692 4232 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
09:43:32.0742 4232 luafv - ok
09:43:32.0855 4232 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe
09:43:32.0874 4232 MatSvc - ok
09:43:32.0905 4232 [ D6767D36902E4B9F9EBB2DDD3BBF1A35 ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys
09:43:32.0920 4232 mbamchameleon - ok
09:43:32.0956 4232 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:43:33.0020 4232 Mcx2Svc - ok
09:43:33.0054 4232 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
09:43:33.0069 4232 megasas - ok
09:43:33.0105 4232 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
09:43:33.0152 4232 MegaSR - ok
09:43:33.0233 4232 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
09:43:33.0259 4232 MMCSS - ok
09:43:33.0288 4232 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
09:43:33.0359 4232 Modem - ok
09:43:33.0389 4232 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:43:33.0437 4232 monitor - ok
09:43:33.0448 4232 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:43:33.0471 4232 mouclass - ok
09:43:33.0494 4232 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:43:33.0538 4232 mouhid - ok
09:43:33.0550 4232 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
09:43:33.0568 4232 MountMgr - ok
09:43:33.0591 4232 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
09:43:33.0607 4232 mpio - ok
09:43:33.0631 4232 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:43:33.0675 4232 mpsdrv - ok
09:43:33.0726 4232 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
09:43:33.0824 4232 MpsSvc - ok
09:43:33.0853 4232 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
09:43:33.0867 4232 Mraid35x - ok
09:43:33.0910 4232 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:43:33.0962 4232 MRxDAV - ok
09:43:34.0005 4232 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:43:34.0057 4232 mrxsmb - ok
09:43:34.0108 4232 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:43:34.0157 4232 mrxsmb10 - ok
09:43:34.0186 4232 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:43:34.0243 4232 mrxsmb20 - ok
09:43:34.0269 4232 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
09:43:34.0284 4232 msahci - ok
09:43:34.0299 4232 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:43:34.0319 4232 msdsm - ok
09:43:34.0336 4232 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
09:43:34.0382 4232 MSDTC - ok
09:43:34.0403 4232 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:43:34.0455 4232 Msfs - ok
09:43:34.0484 4232 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:43:34.0498 4232 msisadrv - ok
09:43:34.0531 4232 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:43:34.0615 4232 MSiSCSI - ok
09:43:34.0619 4232 msiserver - ok
09:43:34.0660 4232 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:43:34.0710 4232 MSKSSRV - ok
09:43:34.0726 4232 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:43:34.0784 4232 MSPCLOCK - ok
09:43:34.0819 4232 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:43:34.0864 4232 MSPQM - ok
09:43:34.0916 4232 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:43:34.0939 4232 MsRPC - ok
09:43:34.0960 4232 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:43:34.0975 4232 mssmbios - ok
09:43:34.0996 4232 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:43:35.0031 4232 MSTEE - ok
09:43:35.0096 4232 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
09:43:35.0130 4232 Mup - ok
09:43:35.0178 4232 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
09:43:35.0211 4232 napagent - ok
09:43:35.0273 4232 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:43:35.0316 4232 NativeWifiP - ok
09:43:35.0451 4232 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:43:35.0551 4232 NDIS - ok
09:43:35.0585 4232 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:43:35.0649 4232 NdisTapi - ok
09:43:35.0654 4232 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:43:35.0694 4232 Ndisuio - ok
09:43:35.0734 4232 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:43:35.0779 4232 NdisWan - ok
09:43:35.0793 4232 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:43:35.0825 4232 NDProxy - ok
09:43:35.0855 4232 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:43:35.0901 4232 NetBIOS - ok
09:43:35.0952 4232 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
09:43:36.0010 4232 netbt - ok
09:43:36.0027 4232 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
09:43:36.0042 4232 Netlogon - ok
09:43:36.0066 4232 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
09:43:36.0110 4232 Netman - ok
09:43:36.0153 4232 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:43:36.0168 4232 NetMsmqActivator - ok
09:43:36.0203 4232 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:43:36.0216 4232 NetPipeActivator - ok
09:43:36.0258 4232 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
09:43:36.0299 4232 netprofm - ok
09:43:36.0359 4232 [ AF14F279BF4AC27560C6BCC82CB09D24 ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
09:43:36.0478 4232 netr28u - ok
09:43:36.0544 4232 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:43:36.0557 4232 NetTcpActivator - ok
09:43:36.0586 4232 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:43:36.0600 4232 NetTcpPortSharing - ok
09:43:36.0640 4232 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:43:36.0654 4232 nfrd960 - ok
09:43:36.0682 4232 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:43:36.0720 4232 NlaSvc - ok
09:43:36.0761 4232 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:43:36.0814 4232 Npfs - ok
09:43:36.0837 4232 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
09:43:36.0876 4232 nsi - ok
09:43:36.0885 4232 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:43:36.0925 4232 nsiproxy - ok
09:43:37.0143 4232 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:43:37.0221 4232 Ntfs - ok
09:43:37.0248 4232 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
09:43:37.0299 4232 ntrigdigi - ok
09:43:37.0318 4232 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
09:43:37.0374 4232 Null - ok
09:43:37.0403 4232 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:43:37.0437 4232 nvraid - ok
09:43:37.0464 4232 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:43:37.0478 4232 nvstor - ok
09:43:37.0493 4232 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:43:37.0511 4232 nv_agp - ok
09:43:37.0522 4232 NwlnkFlt - ok
09:43:37.0529 4232 NwlnkFwd - ok
09:43:37.0576 4232 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:43:37.0638 4232 ohci1394 - ok
09:43:37.0724 4232 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
09:43:37.0865 4232 p2pimsvc - ok
09:43:37.0899 4232 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
09:43:37.0952 4232 p2psvc - ok
09:43:38.0040 4232 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
09:43:38.0112 4232 Parport - ok
09:43:38.0159 4232 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:43:38.0173 4232 partmgr - ok
09:43:38.0200 4232 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
09:43:38.0269 4232 Parvdm - ok
09:43:38.0285 4232 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
09:43:38.0316 4232 PcaSvc - ok
09:43:38.0364 4232 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
09:43:38.0382 4232 pci - ok
09:43:38.0408 4232 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
09:43:38.0422 4232 pciide - ok
09:43:38.0451 4232 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:43:38.0467 4232 pcmcia - ok
09:43:38.0563 4232 [ 5C8F33687D43F2ACEC209162E2741539 ] PDFProFiltSrvPP C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
09:43:38.0579 4232 PDFProFiltSrvPP - ok
09:43:38.0627 4232 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:43:38.0737 4232 PEAUTH - ok
09:43:38.0808 4232 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
09:43:38.0875 4232 pla - ok
09:43:38.0923 4232 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:43:38.0957 4232 PlugPlay - ok
09:43:38.0981 4232 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
09:43:39.0038 4232 PNRPAutoReg - ok
09:43:39.0098 4232 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
09:43:39.0178 4232 PNRPsvc - ok
09:43:39.0203 4232 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:43:39.0240 4232 PolicyAgent - ok
09:43:39.0292 4232 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:43:39.0337 4232 PptpMiniport - ok
09:43:39.0353 4232 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
09:43:39.0389 4232 Processor - ok
09:43:39.0428 4232 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
09:43:39.0451 4232 ProfSvc - ok
09:43:39.0459 4232 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
09:43:39.0474 4232 ProtectedStorage - ok
09:43:39.0519 4232 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
09:43:39.0548 4232 PSched - ok
09:43:39.0593 4232 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
09:43:39.0605 4232 PxHelp20 - ok
09:43:39.0660 4232 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:43:39.0721 4232 ql2300 - ok
09:43:39.0761 4232 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:43:39.0777 4232 ql40xx - ok
09:43:39.0809 4232 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
09:43:39.0840 4232 QWAVE - ok
09:43:39.0856 4232 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:43:39.0879 4232 QWAVEdrv - ok
09:43:39.0963 4232 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
09:43:40.0196 4232 R300 - ok
09:43:40.0286 4232 [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
09:43:40.0354 4232 RapiMgr - ok
09:43:40.0550 4232 [ CD55DB50735961FF8046AD3160E900A6 ] RapportCerberus_50414 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_50414.sys
09:43:40.0570 4232 RapportCerberus_50414 - ok
09:43:40.0638 4232 [ 8D0A8AF4AD6BE98D2C807BF7B643B8BC ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
09:43:40.0652 4232 RapportEI - ok
09:43:40.0661 4232 [ 2DA510F53AA703D68D95E8AF82F5F2B4 ] RapportKELL C:\Windows\system32\Drivers\RapportKELL.sys
09:43:40.0678 4232 RapportKELL - ok
09:43:40.0712 4232 [ 9B0E9AF5C264521C635A3C3CB966AF85 ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
09:43:40.0809 4232 RapportMgmtService - ok
09:43:40.0862 4232 [ 11C5C0FDB224E88AAD8B6B712D1FE7DF ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
09:43:40.0878 4232 RapportPG - ok
09:43:40.0931 4232 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:43:40.0970 4232 RasAcd - ok
09:43:40.0990 4232 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
09:43:41.0022 4232 RasAuto - ok
09:43:41.0037 4232 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:43:41.0078 4232 Rasl2tp - ok
09:43:41.0124 4232 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
09:43:41.0157 4232 RasMan - ok
09:43:41.0207 4232 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:43:41.0238 4232 RasPppoe - ok
09:43:41.0281 4232 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:43:41.0324 4232 RasSstp - ok
09:43:41.0373 4232 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:43:41.0417 4232 rdbss - ok
09:43:41.0432 4232 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:43:41.0477 4232 RDPCDD - ok
09:43:41.0501 4232 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
09:43:41.0550 4232 rdpdr - ok
09:43:41.0573 4232 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:43:41.0616 4232 RDPENCDD - ok
09:43:41.0657 4232 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:43:41.0723 4232 RDPWD - ok
09:43:41.0759 4232 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:43:41.0785 4232 RemoteAccess - ok
09:43:41.0833 4232 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:43:41.0904 4232 RemoteRegistry - ok
09:43:41.0921 4232 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
09:43:41.0963 4232 RpcLocator - ok
09:43:42.0016 4232 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
09:43:42.0044 4232 RpcSs - ok
09:43:42.0088 4232 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:43:42.0127 4232 rspndr - ok
09:43:42.0194 4232 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
09:43:42.0231 4232 RTL8169 - ok
09:43:42.0275 4232 [ 7F8D15EE000577BE703537849D4F9397 ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
09:43:42.0311 4232 RtNdPt60 - ok
09:43:42.0324 4232 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
09:43:42.0339 4232 SamSs - ok
09:43:42.0373 4232 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:43:42.0397 4232 sbp2port - ok
09:43:42.0463 4232 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:43:42.0484 4232 SCardSvr - ok
09:43:42.0550 4232 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
09:43:42.0684 4232 Schedule - ok
09:43:42.0721 4232 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:43:42.0741 4232 SCPolicySvc - ok
09:43:42.0786 4232 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:43:42.0830 4232 SDRSVC - ok
09:43:42.0867 4232 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:43:42.0922 4232 secdrv - ok
09:43:42.0935 4232 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
09:43:42.0961 4232 seclogon - ok
09:43:42.0972 4232 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
09:43:43.0009 4232 SENS - ok
09:43:43.0031 4232 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:43:43.0065 4232 Serenum - ok
09:43:43.0102 4232 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:43:43.0130 4232 Serial - ok
09:43:43.0158 4232 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:43:43.0192 4232 sermouse - ok
09:43:43.0231 4232 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
09:43:43.0257 4232 SessionEnv - ok
09:43:43.0266 4232 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:43:43.0310 4232 sffdisk - ok
09:43:43.0335 4232 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:43:43.0376 4232 sffp_mmc - ok
09:43:43.0387 4232 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:43:43.0427 4232 sffp_sd - ok
09:43:43.0443 4232 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
09:43:43.0504 4232 sfloppy - ok
09:43:43.0529 4232 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:43:43.0559 4232 SharedAccess - ok
09:43:43.0619 4232 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:43:43.0660 4232 ShellHWDetection - ok
09:43:43.0684 4232 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:43:43.0699 4232 sisagp - ok
09:43:43.0725 4232 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
09:43:43.0739 4232 SiSRaid2 - ok
09:43:43.0765 4232 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:43:43.0780 4232 SiSRaid4 - ok
09:43:43.0883 4232 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
09:43:43.0899 4232 SkypeUpdate - ok
09:43:44.0041 4232 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
09:43:44.0229 4232 slsvc - ok
09:43:44.0251 4232 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
09:43:44.0285 4232 SLUINotify - ok
09:43:44.0325 4232 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:43:44.0380 4232 Smb - ok
09:43:44.0413 4232 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:43:44.0428 4232 SNMPTRAP - ok
09:43:44.0448 4232 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
09:43:44.0462 4232 spldr - ok
09:43:44.0514 4232 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
09:43:44.0547 4232 Spooler - ok
09:43:44.0599 4232 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:43:44.0646 4232 srv - ok
09:43:44.0672 4232 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:43:44.0737 4232 srv2 - ok
09:43:44.0759 4232 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:43:44.0789 4232 srvnet - ok
09:43:44.0816 4232 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:43:44.0851 4232 SSDPSRV - ok
09:43:44.0870 4232 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:43:44.0887 4232 SstpSvc - ok
09:43:44.0937 4232 [ 5C031C715E14F10DFC9395004F54EE21 ] stdriver C:\Windows\system32\DRIVERS\stdriver32.sys
09:43:44.0961 4232 stdriver - ok
09:43:45.0012 4232 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
09:43:45.0038 4232 stisvc - ok
09:43:45.0107 4232 SupportSoft RemoteAssist - ok
09:43:45.0132 4232 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:43:45.0146 4232 swenum - ok
09:43:45.0199 4232 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
09:43:45.0236 4232 swprv - ok
09:43:45.0251 4232 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
09:43:45.0266 4232 Symc8xx - ok
09:43:45.0285 4232 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
09:43:45.0298 4232 Sym_hi - ok
09:43:45.0328 4232 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
09:43:45.0341 4232 Sym_u3 - ok
09:43:45.0399 4232 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
09:43:45.0463 4232 SysMain - ok
09:43:45.0488 4232 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:43:45.0517 4232 TabletInputService - ok
09:43:45.0561 4232 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:43:45.0588 4232 TapiSrv - ok
09:43:45.0611 4232 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
09:43:45.0648 4232 TBS - ok
09:43:45.0717 4232 [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:43:45.0764 4232 Tcpip - ok
09:43:45.0819 4232 [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
09:43:45.0870 4232 Tcpip6 - ok
09:43:45.0904 4232 [ CD21572F83F7EC6E2C20C465967BEDD9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:43:45.0981 4232 tcpipreg - ok
09:43:46.0011 4232 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:43:46.0053 4232 TDPIPE - ok
09:43:46.0070 4232 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:43:46.0105 4232 TDTCP - ok
09:43:46.0147 4232 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:43:46.0183 4232 tdx - ok
09:43:46.0196 4232 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:43:46.0215 4232 TermDD - ok
09:43:46.0263 4232 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
09:43:46.0331 4232 TermService - ok
09:43:46.0368 4232 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
09:43:46.0387 4232 Themes - ok
09:43:46.0418 4232 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
09:43:46.0444 4232 THREADORDER - ok
09:43:46.0460 4232 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
09:43:46.0494 4232 TrkWks - ok
09:43:46.0535 4232 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:43:46.0578 4232 TrustedInstaller - ok
09:43:46.0607 4232 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:43:46.0684 4232 tssecsrv - ok
09:43:46.0723 4232 [ 0D630405311E1AE574BC2EC6681E485E ] TuneUp.Defrag C:\Windows\System32\TuneUpDefragService.exe
09:43:46.0765 4232 TuneUp.Defrag - ok
09:43:46.0794 4232 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
09:43:46.0828 4232 tunmp - ok
09:43:46.0856 4232 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:43:46.0882 4232 tunnel - ok
09:43:46.0912 4232 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:43:46.0927 4232 uagp35 - ok
09:43:46.0973 4232 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:43:47.0018 4232 udfs - ok
09:43:47.0047 4232 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:43:47.0085 4232 UI0Detect - ok
09:43:47.0104 4232 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:43:47.0120 4232 uliagpkx - ok
09:43:47.0148 4232 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
09:43:47.0167 4232 uliahci - ok
09:43:47.0184 4232 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
09:43:47.0200 4232 UlSata - ok
09:43:47.0223 4232 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
09:43:47.0239 4232 ulsata2 - ok
09:43:47.0248 4232 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:43:47.0292 4232 umbus - ok
09:43:47.0320 4232 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
09:43:47.0360 4232 upnphost - ok
09:43:47.0410 4232 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:43:47.0460 4232 usbccgp - ok
09:43:47.0481 4232 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:43:47.0548 4232 usbcir - ok
09:43:47.0598 4232 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:43:47.0642 4232 usbehci - ok
09:43:47.0662 4232 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:43:47.0794 4232 usbhub - ok
09:43:47.0814 4232 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:43:47.0865 4232 usbohci - ok
09:43:47.0911 4232 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:43:47.0945 4232 usbprint - ok
09:43:47.0987 4232 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:43:48.0042 4232 usbscan - ok
09:43:48.0086 4232 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:43:48.0130 4232 USBSTOR - ok
09:43:48.0152 4232 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:43:48.0184 4232 usbuhci - ok
09:43:48.0263 4232 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
09:43:48.0332 4232 usbvideo - ok
09:43:48.0374 4232 [ 228F444F9AF0D3B9ECA9FC3F4FEB12F2 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
09:43:48.0430 4232 usb_rndisx - ok
09:43:48.0468 4232 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
09:43:48.0514 4232 UxSms - ok
09:43:48.0543 4232 [ 838C97B3D28BFEBDD11D12ADFE957004 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
09:43:48.0556 4232 UxTuneUp - ok
09:43:48.0657 4232 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
09:43:48.0696 4232 vds - ok
09:43:48.0726 4232 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:43:48.0790 4232 vga - ok
09:43:48.0814 4232 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
09:43:48.0863 4232 VgaSave - ok
09:43:48.0880 4232 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:43:48.0896 4232 viaagp - ok
09:43:48.0913 4232 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
09:43:48.0950 4232 ViaC7 - ok
09:43:48.0964 4232 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
09:43:48.0984 4232 viaide - ok
09:43:48.0999 4232 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:43:49.0014 4232 volmgr - ok
09:43:49.0096 4232 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:43:49.0137 4232 volmgrx - ok
09:43:49.0225 4232 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:43:49.0247 4232 volsnap - ok
09:43:49.0349 4232 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:43:49.0365 4232 vsmraid - ok
09:43:49.0424 4232 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
09:43:49.0531 4232 VSS - ok
09:43:49.0642 4232 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
09:43:49.0684 4232 W32Time - ok
09:43:49.0724 4232 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:43:49.0775 4232 WacomPen - ok
09:43:49.0812 4232 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
09:43:49.0850 4232 Wanarp - ok
09:43:49.0862 4232 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:43:49.0889 4232 Wanarpv6 - ok
09:43:49.0973 4232 [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
09:43:50.0023 4232 WcesComm - ok
09:43:50.0139 4232 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:43:50.0181 4232 wcncsvc - ok
09:43:50.0243 4232 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:43:50.0271 4232 WcsPlugInService - ok
09:43:50.0295 4232 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
09:43:50.0310 4232 Wd - ok
09:43:50.0446 4232 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:43:50.0491 4232 Wdf01000 - ok
09:43:50.0534 4232 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:43:50.0569 4232 WdiServiceHost - ok
09:43:50.0573 4232 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:43:50.0609 4232 WdiSystemHost - ok
09:43:50.0661 4232 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
09:43:50.0699 4232 WebClient - ok
09:43:50.0753 4232 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:43:50.0795 4232 Wecsvc - ok
09:43:50.0825 4232 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:43:50.0879 4232 wercplsupport - ok
09:43:50.0940 4232 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
09:43:50.0963 4232 WerSvc - ok
09:43:51.0146 4232 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:43:51.0175 4232 WinDefend - ok
09:43:51.0187 4232 WinHttpAutoProxySvc - ok
09:43:51.0298 4232 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:43:51.0327 4232 Winmgmt - ok
09:43:51.0775 4232 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
09:43:51.0900 4232 WinRM - ok
09:43:52.0066 4232 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:43:52.0200 4232 Wlansvc - ok
09:43:52.0271 4232 [ 48CA581C12022AC60FE82E2B96FBF5D4 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:43:52.0311 4232 WmiAcpi - ok
09:43:52.0401 4232 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:43:52.0423 4232 wmiApSrv - ok
09:43:52.0485 4232 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:43:52.0538 4232 WMPNetworkSvc - ok
09:43:52.0613 4232 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:43:52.0658 4232 WPCSvc - ok
09:43:52.0701 4232 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:43:52.0759 4232 WPDBusEnum - ok
09:43:52.0813 4232 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
09:43:52.0879 4232 WpdUsb - ok
09:43:53.0198 4232 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:43:53.0277 4232 WPFFontCache_v0400 - ok
09:43:53.0345 4232 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:43:53.0425 4232 ws2ifsl - ok
09:43:53.0467 4232 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
09:43:53.0494 4232 wscsvc - ok
09:43:53.0503 4232 WSearch - ok
09:43:53.0732 4232 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
09:43:53.0822 4232 wuauserv - ok
09:43:53.0923 4232 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:43:53.0948 4232 WudfPf - ok
09:43:54.0020 4232 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:43:54.0081 4232 WUDFRd - ok
09:43:54.0133 4232 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:43:54.0153 4232 wudfsvc - ok
09:43:54.0211 4232 ================ Scan global ===============================
09:43:54.0228 4232 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
09:43:54.0305 4232 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
09:43:54.0384 4232 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
09:43:54.0512 4232 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
09:43:54.0531 4232 [Global] - ok
09:43:54.0532 4232 ================ Scan MBR ==================================
09:43:54.0557 4232 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
09:43:55.0453 4232 \Device\Harddisk0\DR0 - ok
09:43:55.0454 4232 ================ Scan VBR ==================================
09:43:55.0477 4232 [ 4B36FFE77ACB1F5854F34E19B358658F ] \Device\Harddisk0\DR0\Partition1
09:43:55.0479 4232 \Device\Harddisk0\DR0\Partition1 - ok
09:43:55.0496 4232 [ 580CDC5E839DE964D608B6052123EC6C ] \Device\Harddisk0\DR0\Partition2
09:43:55.0497 4232 \Device\Harddisk0\DR0\Partition2 - ok
09:43:55.0501 4232 ============================================================
09:43:55.0501 4232 Scan finished
09:43:55.0501 4232 ============================================================
09:43:55.0510 2568 Detected object count: 0
09:43:55.0510 2568 Actual detected object count: 0
09:47:10.0765 2544 Deinitialize success
mylittlepony
Active Member
 
Posts: 12
Joined: June 5th, 2013, 9:52 am

Re: Help with malware removal

Unread postby deltalima » June 11th, 2013, 1:59 pm

Hi mylittlepony,

Run OTL Script

  • Double-click OTL.exe (Right click and choose "Run as administrator" in Vista/Win7).
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :processes
    killallprocesses
    :otl
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ie ... =1&sr=0&q= {searchTerms}
    IE - HKLM\..\SearchScopes\{BCF61B68-08FF-4B36-936E-B8AD31622187}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=23 ... 808abc5&q= {searchTerms}
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
    IE - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ie ... =1&sr=0&q= {searchTerms}
    IE - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..\SearchScopes\{BCF61B68-08FF-4B36-936E-B8AD31622187}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=23 ... 808abc5&q= {searchTerms}
    FF - prefs.js..browser.search.defaultenginename: "Search Results"
    FF - prefs.js..browser.search.order.1: "Search Results"
    FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=1083&systemid=1&sr=0&q="
    [2012/01/18 10:39:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
    [2011/11/22 22:01:41 | 000,000,000 | ---D | M] (VshareComplete - Speed up your search with your personal search suggestions tool) -- C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403}
    [2012/07/29 09:33:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\extensions\plugin@yontoo.com
    [2011/11/22 22:08:59 | 000,002,517 | ---- | M] () -- C:\Users\User_1\AppData\Roaming\Mozilla\Firefox\Profiles\l98v6n8k.default\searchplugins\Search_Results.xml
    CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npvsharetvplg.dll
    O3 - HKLM\..\Toolbar: (no name) - !{8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-3528189516-2229878515-3528017422-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    :services
    :reg
    :files
    :commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [RESETHOSTS]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 111 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware