how-to block ads
|
|
Uniqs:
1755 |
Share Topic
 |
 |
|
|
|
remi
join:2011-11-28
Windsor, ON | [Malware] Need Help with Malaware known as DNS Changer My internet provider has informed me that I am infected with Malware known as DNS Changer . I see no symptoms whatsoever on my computer but my internet provider is telling me that my computer is sending out information and is infected with the DNS Changer and suspend my account due to this problem. I tried alot of different scanners and nothing is showing up. I need help please.
I am running windows 7 32 bit.
****contents of the MBAM log (Step 2)
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8255
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
11/28/2011 12:04:02 AM
mbam-log-2011-11-28 (00-04-02).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 287912
Time elapsed: 45 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
****contents of OTL.txt (Step 3)
OTL logfile created on: 11/28/2011 8:53:33 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\computer\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.64% Memory free
4.92 Gb Paging File | 3.85 Gb Available in Paging File | 78.24% Paging File free
Paging file location(s): c:\pagefile.sys 3000 3000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.49 Gb Total Space | 83.80 Gb Free Space | 58.81% Space Free | Partition Type: NTFS
Drive D: | 6.56 Gb Total Space | 0.26 Gb Free Space | 4.01% Space Free | Partition Type: NTFS
Computer Name: LAPTOP | User Name: computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2011/11/28 08:19:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\computer\Desktop\OTL.exe
PRC - [2011/11/14 10:50:18 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2010/03/15 13:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/07/01 13:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Users\computer\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Disabled | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2003/12/22 12:49:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/05/18 07:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/12/04 12:49:12 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/02/25 00:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/04/29 06:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2008/03/03 04:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/07/10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/02/15 19:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2007/01/27 13:40:48 | 000,041,160 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 35 06 31 CF 4A CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/22 09:48:56 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2011/11/24 00:14:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\computer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} »quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} »download.divx.com/player/DivXBro···ugin.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} »download.eset.com/special/eos/On···nner.cab (OnlineScanner Control)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} »acs.pandasoftware.com/activescan···ubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} »fpdownload2.macromedia.com/pub/s···lash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlus···6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49DA6464-467E-4185-BE46-850BA6B1D90F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49DA6464-467E-4185-BE46-850BA6B1D90F}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2011/11/28 08:19:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\computer\Desktop\OTL.exe
[2011/11/24 00:38:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/24 00:38:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/24 00:38:14 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\temp
[2011/11/24 00:00:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/24 00:00:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/24 00:00:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/24 00:00:51 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/23 23:51:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/23 23:34:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/20 12:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/20 10:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/19 21:26:14 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2011/11/19 21:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/11/19 21:15:12 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Roaming\QuickScan
[2011/11/19 10:28:07 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Roaming\AVG2012
[2011/11/19 10:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/11/19 10:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/11/19 10:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/11/14 08:55:58 | 000,000,000 | ---D | C] -- C:\inetpub
[2011/11/14 08:55:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\BestPractices
[2011/11/10 08:31:24 | 002,341,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/30 18:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/30 18:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/30 18:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/30 18:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/02 14:28:21 | 010,895,360 | ---- | C] ( ) -- C:\Windows\sspro.exe
[2010/09/03 22:43:54 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\computer\AppData\Roaming\pcouffin.sys
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2011/11/28 08:19:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\computer\Desktop\OTL.exe
[2011/11/27 23:21:46 | 000,021,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 23:21:46 | 000,021,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 23:18:53 | 000,686,878 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/27 23:18:53 | 000,127,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/27 23:16:43 | 000,000,178 | ---- | M] () -- C:\Users\computer\Desktop\Mandatory Steps Before Requesting Assistance Security Cleanup FAQ DSLReports.com, ISP Information.url
[2011/11/27 23:14:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/27 23:14:16 | 1602,789,376 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/27 23:08:31 | 000,001,110 | ---- | M] () -- C:\Users\computer\Desktop\TFC.exe - Shortcut.lnk
[2011/11/27 20:06:38 | 000,000,277 | ---- | M] () -- C:\Users\computer\Desktop\Learning Curve TWR Battery-Powered Thomas LCT99717 eBay.url
[2011/11/27 20:06:17 | 000,000,277 | ---- | M] () -- C:\Users\computer\Desktop\NEW THOMAS & FRIENDS WOODEN RAILWAY BATTERY-OP SALTY eBay.url
[2011/11/27 20:06:02 | 000,000,238 | ---- | M] () -- C:\Users\computer\Desktop\Amazon.com Shopping Cart.url
[2011/11/27 11:52:48 | 000,000,126 | ---- | M] () -- C:\Users\computer\Desktop\Job Bank - Search.url
[2011/11/27 08:25:56 | 110,885,427 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/11/24 17:18:43 | 000,050,367 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjg.avm
[2011/11/24 00:14:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/23 23:39:37 | 000,000,233 | ---- | M] () -- C:\Users\computer\Desktop\Remove Google redirect virus.url
[2011/11/22 21:21:43 | 000,000,341 | ---- | M] () -- C:\Users\computer\Desktop\Login to your File.url
[2011/11/22 09:48:56 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/21 13:07:13 | 000,000,501 | ---- | M] () -- C:\Users\computer\Desktop\Memory Lane Step back in time - Previously Classmates.com#!-ajax_memberListOptimized_2communityId=31914&communityType=1&startYear=1993&endYear=1993&tab=yearsAttended&sort=lastname&firstLetter=&ugcIcon=&page=2----ajax_member.url
[2011/11/20 13:11:50 | 000,000,941 | ---- | M] () -- C:\Windows\wininit.ini
[2011/11/20 13:04:06 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/20 10:20:03 | 000,001,250 | ---- | M] () -- C:\Users\computer\Desktop\Spybot - Search & Destroy.lnk
[2011/11/19 21:34:20 | 000,000,224 | ---- | M] () -- C:\Users\computer\Desktop\Microsoft Security.url
[2011/11/14 10:50:19 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/10 21:22:04 | 000,000,145 | ---- | M] () -- C:\Users\computer\Desktop\Thomas & Friends Videos.url
[2011/11/10 11:46:43 | 003,951,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/04 17:31:54 | 002,140,593 | ---- | M] () -- C:\Users\computer\Desktop\washer&dryer.pdf
[2011/11/02 11:55:17 | 000,000,193 | ---- | M] () -- C:\Users\computer\Desktop\Welcome to Facebook.url
[2011/10/30 18:54:58 | 000,001,862 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/30 18:52:21 | 000,002,503 | ---- | M] () -- C:\Users\computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/30 18:52:20 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/10/30 18:51:13 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011/11/27 23:16:43 | 000,000,178 | ---- | C] () -- C:\Users\computer\Desktop\Mandatory Steps Before Requesting Assistance Security Cleanup FAQ DSLReports.com, ISP Information.url
[2011/11/27 23:08:31 | 000,001,110 | ---- | C] () -- C:\Users\computer\Desktop\TFC.exe - Shortcut.lnk
[2011/11/27 20:06:38 | 000,000,277 | ---- | C] () -- C:\Users\computer\Desktop\Learning Curve TWR Battery-Powered Thomas LCT99717 eBay.url
[2011/11/27 20:06:17 | 000,000,277 | ---- | C] () -- C:\Users\computer\Desktop\NEW THOMAS & FRIENDS WOODEN RAILWAY BATTERY-OP SALTY eBay.url
[2011/11/27 20:06:02 | 000,000,238 | ---- | C] () -- C:\Users\computer\Desktop\Amazon.com Shopping Cart.url
[2011/11/27 11:52:48 | 000,000,126 | ---- | C] () -- C:\Users\computer\Desktop\Job Bank - Search.url
[2011/11/24 00:00:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/24 00:00:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/24 00:00:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/24 00:00:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/24 00:00:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/23 23:35:48 | 000,000,233 | ---- | C] () -- C:\Users\computer\Desktop\Remove Google redirect virus.url
[2011/11/21 13:07:12 | 000,000,501 | ---- | C] () -- C:\Users\computer\Desktop\Memory Lane Step back in time - Previously Classmates.com#!-ajax_memberListOptimized_2communityId=31914&communityType=1&startYear=1993&endYear=1993&tab=yearsAttended&sort=lastname&firstLetter=&ugcIcon=&page=2----ajax_member.url
[2011/11/20 13:04:06 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/20 12:54:55 | 000,001,939 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/19 21:34:20 | 000,000,224 | ---- | C] () -- C:\Users\computer\Desktop\Microsoft Security.url
[2011/11/19 10:27:08 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/10 21:22:04 | 000,000,145 | ---- | C] () -- C:\Users\computer\Desktop\Thomas & Friends Videos.url
[2011/11/04 17:31:54 | 002,140,593 | ---- | C] () -- C:\Users\computer\Desktop\washer&dryer.pdf
[2011/10/30 18:54:58 | 000,001,862 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/30 18:51:13 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/09/22 08:06:02 | 000,007,607 | ---- | C] () -- C:\Users\computer\AppData\Local\Resmon.ResmonCfg
[2011/06/02 14:28:20 | 000,328,704 | ---- | C] () -- C:\Windows\presys64.dll
[2011/06/02 14:28:20 | 000,320,000 | ---- | C] () -- C:\Windows\mdiwindb.dll
[2011/06/02 14:28:15 | 000,003,571 | ---- | C] () -- C:\Windows\memsetk.dll
[2011/06/02 14:28:15 | 000,000,304 | ---- | C] () -- C:\Windows\ktonthk.dll
[2011/06/02 14:28:15 | 000,000,000 | ---- | C] () -- C:\Windows\tedunrw.dll
[2011/06/02 14:28:15 | 000,000,000 | ---- | C] () -- C:\Windows\sntlevel.dll
[2011/06/02 14:28:15 | 000,000,000 | ---- | C] () -- C:\Windows\renbe23.dll
[2011/06/02 14:28:15 | 000,000,000 | ---- | C] () -- C:\Windows\javcorbin.dll
[2011/06/02 14:28:15 | 000,000,000 | ---- | C] () -- C:\Windows\javcorain.dll
[2011/05/29 08:28:39 | 000,000,027 | ---- | C] () -- C:\Windows\penwinx32.dll
[2010/12/01 09:25:29 | 000,000,002 | -HS- | C] () -- C:\Users\computer\AppData\Roaming\.zreglib
[2010/11/08 07:05:43 | 000,000,941 | ---- | C] () -- C:\Windows\wininit.ini
[2010/11/01 15:55:25 | 000,000,067 | ---- | C] () -- C:\Windows\AoADVDRipper.INI
[2010/10/03 16:52:57 | 000,081,920 | ---- | C] () -- C:\Users\computer\AppData\Roaming\ezpinst.exe
[2010/10/03 16:34:48 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/10/03 11:49:01 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2010/09/03 22:43:54 | 000,007,176 | ---- | C] () -- C:\Users\computer\AppData\Roaming\pcouffin.cat
[2010/09/03 22:43:54 | 000,001,144 | ---- | C] () -- C:\Users\computer\AppData\Roaming\pcouffin.inf
[2010/06/02 11:10:56 | 004,555,278 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2010/06/02 11:10:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/06/02 11:10:56 | 000,097,792 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2010/06/02 11:10:56 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2010/06/02 11:10:54 | 000,121,856 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2010/06/02 11:10:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2010/06/02 11:10:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010/06/02 11:10:52 | 001,449,935 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2010/06/02 11:10:52 | 000,882,688 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/06/02 11:10:52 | 000,877,385 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2010/06/02 11:10:52 | 000,556,491 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2010/06/02 11:10:52 | 000,357,888 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2010/06/02 11:10:52 | 000,336,384 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2010/06/02 11:10:52 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2010/06/02 11:10:52 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2010/06/02 11:10:52 | 000,216,576 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2010/06/02 11:10:52 | 000,169,984 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2010/06/02 11:10:52 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2010/06/02 11:10:52 | 000,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010/06/02 11:10:52 | 000,136,704 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2010/06/02 11:10:52 | 000,116,736 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2010/06/02 11:10:52 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2010/06/02 11:10:52 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2010/06/02 11:10:52 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2010/06/02 11:10:52 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2010/06/02 11:10:52 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2010/06/02 11:10:30 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2010/06/02 11:10:30 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2010/06/02 11:10:30 | 000,150,016 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2010/06/02 11:10:30 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2010/06/02 11:10:28 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2010/06/02 11:10:28 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2010/06/02 11:10:28 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2010/06/02 11:10:28 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/11/08 23:50:28 | 001,945,088 | ---- | C] () -- C:\Windows\System32\avcodec.dll
[2009/11/08 23:50:28 | 000,219,136 | ---- | C] () -- C:\Windows\System32\avformat.dll
[2009/11/08 23:50:28 | 000,022,528 | ---- | C] () -- C:\Windows\System32\avutil.dll
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 003,951,848 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,686,878 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,127,598 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/29 17:42:20 | 000,309,248 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2009/03/11 14:01:28 | 000,023,552 | ---- | C] () -- C:\Windows\System32\DirectCOM.dll
[2006/03/09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[color=#E56717]========== LOP Check ==========[/color]
[2011/01/12 08:09:47 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\AnvSoft
[2011/11/19 10:28:07 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\AVG2012
[2011/11/27 18:12:54 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\BitTorrent
[2010/09/12 13:57:58 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Canon
[2011/06/02 21:08:52 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/24 19:58:35 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\DVDVideoSoft
[2011/08/24 19:56:22 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/06/02 20:23:24 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Filter Forge 2
[2011/06/19 00:35:30 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\HandBrake
[2011/07/16 13:03:35 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Leadertech
[2011/03/14 07:12:06 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\MOBILedit
[2011/11/19 21:15:23 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\QuickScan
[2011/08/23 12:55:59 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Research In Motion
[2011/05/20 21:47:54 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Smilebox
[2011/06/02 10:39:21 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\TuneUp Software
[2011/11/14 12:30:52 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Vso
[2011/08/07 21:27:58 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:30FD0CBD
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:FB1B13D8
****contents of Extras.txt (Step 3)
OTL Extras logfile created on: 11/28/2011 8:53:33 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\computer\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.64% Memory free
4.92 Gb Paging File | 3.85 Gb Available in Paging File | 78.24% Paging File free
Paging file location(s): c:\pagefile.sys 3000 3000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.49 Gb Total Space | 83.80 Gb Free Space | 58.81% Space Free | Partition Type: NTFS
Drive D: | 6.56 Gb Total Space | 0.26 Gb Free Space | 4.01% Space Free | Partition Type: NTFS
Computer Name: LAPTOP | User Name: computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series" = Canon MX860 series MP Drivers
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DCF00F5-04A5-4543-A088-705480811202}_is1" = Compiled Driver Disk(Motorola) 0.99
"{41F4B3D2-3CC8-41B5-99B8-3A9C1BCDEA0A}" = AVG 2012
"{4447D5B5-95ED-4C4D-A9C3-1D8E892D5377}" = AVG 2012
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.12.327
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB26AB83-D2E8-45E4-B510-CD670C506C74}" = Codecs Video Pack
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.1.1
"AnyDVD" = AnyDVD
"AVG" = AVG 2012
"BitTorrent" = BitTorrent
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneDVD2" = CloneDVD2
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Filter Forge 2_is1" = Filter Forge 2.008
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.8.815
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smilebox" = Smilebox
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 11/14/2011 5:52:38 PM | Computer Name = computer-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Dependent Assembly
Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 11/14/2011 5:53:51 PM | Computer Name = computer-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Research
In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 11/14/2011 5:54:57 PM | Computer Name = computer-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\compiled
driver disk(motorola)\driverinstaller\amd64\DriverInstaller64.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 11/14/2011 5:54:59 PM | Computer Name = computer-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.
Error - 11/19/2011 1:54:26 AM | Computer Name = laptop | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 12.0.7601.17514 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 16f0 Start
Time: 01cca67f4fc092f5 Termination Time: 54 Application Path: C:\Program Files\Windows
Media Player\wmplayer.exe Report Id: d63900db-1272-11e1-96b3-001b248e0cb7
Error - 11/19/2011 10:31:50 AM | Computer Name = laptop | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary AVG network filter service. System Error: The system cannot find the file
specified. .
Error - 11/20/2011 8:00:16 PM | Computer Name = laptop | Source = Windows Backup | ID = 4103
Description =
Error - 11/22/2011 10:49:34 AM | Computer Name = laptop | Source = MsiInstaller | ID = 1013
Description =
Error - 11/26/2011 11:47:58 PM | Computer Name = laptop | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: Flash11e.ocx, version: 11.1.102.55,
time stamp: 0x4eaf89fc Exception code: 0xc0000005 Fault offset: 0x000a1993 Faulting
process id: 0x934 Faulting application start time: 0x01ccacaf1198533f Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\Macromed\Flash\Flash11e.ocx
Report
Id: 983ccbe8-18aa-11e1-9678-001b248e0cb7
Error - 11/27/2011 8:00:01 PM | Computer Name = laptop | Source = Windows Backup | ID = 4103
Description =
[ System Events ]
Error - 7/24/2011 8:44:37 PM | Computer Name = computer-PC | Source = DCOM | ID = 10010
Description =
Error - 7/24/2011 8:46:56 PM | Computer Name = computer-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ElbyVCD
Error - 7/28/2011 8:44:55 AM | Computer Name = computer-PC | Source = DCOM | ID = 10016
Description =
Error - 7/28/2011 8:45:21 AM | Computer Name = computer-PC | Source = DCOM | ID = 10016
Description =
Error - 7/28/2011 3:48:42 PM | Computer Name = computer-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the BFE service.
Error - 8/2/2011 9:57:34 AM | Computer Name = computer-PC | Source = DCOM | ID = 10016
Description =
Error - 8/2/2011 9:57:35 AM | Computer Name = computer-PC | Source = DCOM | ID = 10016
Description =
Error - 8/2/2011 10:49:50 AM | Computer Name = computer-PC | Source = DCOM | ID = 10016
Description =
Error - 8/2/2011 10:49:50 AM | Computer Name = computer-PC | Source = DCOM | ID = 10016
Description =
Error - 8/6/2011 6:34:47 PM | Computer Name = computer-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ElbyVCD
****contents of checkup.txt (Step 4)
Results of screen317's Security Check version 0.99.28
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]
Windows Firewall Disabled!
AVG 2012
ESET Online Scanner v3
Microsoft Security Essentials
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]
Malwarebytes' Anti-Malware
CCleaner
Adobe Reader 9 [color=red]Adobe Reader out of date![/color]
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]
Windows Defender MSMpEng.exe
AVG avgrsx.exe
AVG avgemc.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````
****contents of the Online AntiVirus Scan log(Step 5)
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1bbd82a2bc16a946bd3919f3a80dbc11
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-29 04:24:02
# local_time=2011-11-28 11:24:02 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 21524629 74078194 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=118382
# found=0
# cleaned=0
# scan_time=7260 | |
 lilhurricaneCrunchin' For CuresPremium,Mod
join:2003-01-11
Purple Zone
kudos:51
 ·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery
| QuickScan 32-bit v0.9.9.100
---------------------------
Scan date: Mon Nov 28 19:38:25 2011
Machine ID: D05A0F27
No infection found.
-------------------
Processes
---------
(verified) AVG Internet Security 424 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(verified) AVG Internet Security 392 C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
(verified) Flash® Player Installer/Uninstaller 3952 C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
(verified) Intel(R) Common User Interface 2928 C:\Windows\System32\igfxsrvc.exe
(verified) Microsoft Malware Protection 1072 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(verified) Microsoft® .NET Framework 1796 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
(verified) Microsoft® Windows® Operating System 3400 C:\Program Files\Windows Media Player\wmpnetwk.exe
(verified) Microsoft® Windows® Operating System 2036 C:\Windows\explorer.exe
(verified) Microsoft® Windows® Operating System 1428 C:\Windows\System32\conhost.exe
(verified) Microsoft® Windows® Operating System 712 C:\Windows\System32\csrss.exe
(verified) Microsoft® Windows® Operating System 644 C:\Windows\System32\csrss.exe
(verified) Microsoft® Windows® Operating System 1984 C:\Windows\System32\dwm.exe
(verified) Microsoft® Windows® Operating System 772 C:\Windows\System32\lsass.exe
(verified) Microsoft® Windows® Operating System 780 C:\Windows\System32\lsm.exe
(verified) Microsoft® Windows® Operating System 2792 C:\Windows\System32\notepad.exe
(verified) Microsoft® Windows® Operating System 3196 C:\Windows\System32\notepad.exe
(verified) Microsoft® Windows® Operating System 3172 C:\Windows\System32\notepad.exe
(verified) Microsoft® Windows® Operating System 3040 C:\Windows\System32\notepad.exe
(verified) Microsoft® Windows® Operating System 2820 C:\Windows\System32\notepad.exe
(verified) Microsoft® Windows® Operating System 764 C:\Windows\System32\services.exe
(verified) Microsoft® Windows® Operating System 276 C:\Windows\System32\smss.exe
(verified) Microsoft® Windows® Operating System 1668 C:\Windows\System32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 596 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 940 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1696 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2056 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2088 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1512 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1448 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1404 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2940 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1272 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1244 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1200 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1816 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1020 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 3756 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1904 C:\Windows\System32\taskhost.exe
(verified) Microsoft® Windows® Operating System 692 C:\Windows\System32\wininit.exe
(verified) Microsoft® Windows® Operating System 844 C:\Windows\System32\winlogon.exe
(verified) MobileDeviceService 1836 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(verified) OnlineCmdLineScanner.exe 2808 C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(verified) OnlineCmdLineScanner.exe 3788 C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(verified) Windows® Internet Explorer 2796 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3168 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3464 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3932 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3220 C:\Program Files\Internet Explorer\iexplore.exe
Network activity
----------------
Process iexplore.exe (3932) connected on port 80 (HTTP) --> 216.246.75.147
Process iexplore.exe (3932) connected on port 80 (HTTP) --> 216.246.75.147
Process iexplore.exe (3932) connected on port 80 (HTTP) --> 66.235.142.58
Process iexplore.exe (3932) connected on port 80 (HTTP) --> 66.235.142.58
Process iexplore.exe (3932) connected on port 80 (HTTP) --> 74.125.226.225
Process iexplore.exe (3932) connected on port 80 (HTTP) --> 74.125.226.225
Process iexplore.exe (3932) connected on port 80 (HTTP) --> 69.171.228.40
Process iexplore.exe (3932) connected on port 80 (HTTP) --> 69.171.228.40
Process wininit.exe (692) listens on ports: 49152 (RPC)
Process services.exe (764) listens on ports: 49158 (RPC)
Process lsass.exe (772) listens on ports: 49155 (RPC)
Process svchost.exe (1020) listens on ports: 135 (RPC)
Process svchost.exe (1200) listens on ports: 49153 (RPC)
Process svchost.exe (1272) listens on ports: 49154 (RPC)
Process svchost.exe (2940) listens on ports: 49159 (RPC)
Process wmpnetwk.exe (3400) listens on ports: 554 (RTSP)
Autoruns and critical files
---------------------------
(unsigned) QuickTime C:\Program Files\QuickTime\QTTask.exe
(verified) Apple Push C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(verified) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
(verified) Intel(R) Common User Interface C:\Windows\system32\igfxdev.dll
(verified) iTunes C:\Program Files\iTunes\iTunesHelper.exe
(verified) Microsoft® Windows® Operating System C:\Windows\system32\cmd.exe
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) MobileMe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
(verified) Windows® Internet Explorer c:\windows\system32\webcheck.dll
Browser plugins
---------------
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(verified) AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
(verified) AVG Internet Security c:\program files\avg\avg2012\avgssie.dll
(verified) BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
(verified) Flash® Player Installer/Uninstaller C:\Windows\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
(verified) Flash® Player Installer/Uninstaller C:\Windows\Downloaded Program Files\CONFLICT.2\FP_AX_CAB_INSTALLER.exe
(verified) Flash® Player Installer/Uninstaller C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
(verified) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
(verified) NPWebSLLauncher.dll C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
(verified) Panda ActiveScan 2.0 C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
(verified) Panda ActiveScan 2.0 C:\Windows\Downloaded Program Files\as2stubie.dll
(verified) sdhelper.dll c:\program files\spybot - search & destroy\sdhelper.dll
(verified) Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
(verified) Windows® Internet Explorer C:\Windows\System32\ieframe.dll
Scan
----
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: af43c4f7f3c8bc95dad95024f96cdc4a C:\Program Files\QuickTime\QTTask.exe
MD5: 638f45c6397c911828d2a478729b23aa C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MD5: 3967e309bd3c1de0574cdd5a2c06cfc4 C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6294f61f25c953212b92b7e13a0fd9c1\SMDiagnostics.ni.dll
MD5: bf9f1da37c1a597fec0c50b86fb23daf C:\Windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\2a25182592e8c63ea14d0935b0580b9d\SMSvcHost.ni.exe
MD5: 3e80e0995b343504acdc380a6e485193 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MD5: 3da097922954e10b426b39080d9218d7 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\92422bb40324d57ccd11c1cd9d50d8cf\System.IdentityModel.ni.dll
MD5: 536f6963798ce038090fa047a9026949 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\76692f411b404f1db0c95d81dd537c37\System.Runtime.Serialization.ni.dll
MD5: e15ff0fd41e998a7ce27af1f1cf8dca3 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\64ef7169e1266b6a98131b82bddd234b\System.ServiceModel.ni.dll
MD5: 0b8a02326aaa52df2878ead4b3faf2d5 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
MD5: c53291a27182148d28f47cfc2bdadff5 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MD5: a2fbad05e30d830e9208b6e8dfb409f6 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MD5: c1ef78195dee2d5c6175b4bc1f4d69a0 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MD5: d5e459bed3db9cf7fc6cc1455f177d2d C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL
No file uploaded.
Scan finished - communication took 1 sec
Total traffic - 0.00 MB sent, 0.07 KB recvd
Scanned 957 files and modules - 3 seconds
==============================================================================
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~ | |
lilhurricaneCrunchin' For CuresPremium,Mod
join:2003-01-11
Purple Zone
kudos:51 | reply to remi
Hang tight, remi..we'll have you looked over. | |
 LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23
·Comcast
| reply to remi
Re: [Malware] Need Help with Malaware known as DNS Changer The log does not show signs of the DNS Malware, so further checking is warranted. I also want to check on file that is supicious.
First:
Download and run TDSS Killer, posting the log in this thread. Please post the log, even if nothing is detected.
You'll find the link(s) and instruction(s) here:
»Security Cleanup FAQ »Rootkit Detection Applications
Second:
Please go to »www.virustotal.com/
Press the 'Browse' button to the right of the yellow box.
Navigate to the file(s) listed below, one at a time (if more than one file). Press the 'Open' button in the file dialog box or double click on the file name. The file name and path should appear in the yellow box.
C:\Windows\sspro.exe
Click on the Send File button
Note: If you can't find the file, let me know in your next post.
Once the Scan is completed, a Web page will open with the scan results. Copy and paste the address of that webpage from the address bar of your browser into your next post in this thread. Note that you can also copy and paste the contents of the webpage if you find that easier.
If the file has been previously scanned, the results webpage will show:
"File has already been submitted:"
Press the "View Last Report" button then copy and paste the address of that webpage from the address bar of your browser into your next post in this thread.
If there is more than one file listed for scanning, press the Another File button at the bottom of the page. Repeat this procedure until all files listed have been scanned.
Third:
The log shows you installed Combofix. Please post the log in this thread.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum | |
remi
join:2011-11-28
Windsor, ON | reply to remi
Re: [Malware] Need Help with Malaware known as DNS Changer Thanks for the help. My account keeps on getting suspended due to the DSN Changer detected by my Internet service provider so there is definitely a problem somewhere.
TDS killer has been removed from my computer and I cant see any log file. Do you waht me to reinstall it and run it again to get a log.
****The contents of TDSS Killer
16:04:11.0848 5284 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
16:04:11.0958 5284 ============================================================
16:04:11.0958 5284 Current date / time: 2011/11/29 16:04:11.0958
16:04:11.0958 5284 SystemInfo:
16:04:11.0958 5284
16:04:11.0958 5284 OS Version: 6.1.7601 ServicePack: 1.0
16:04:11.0958 5284 Product type: Workstation
16:04:11.0958 5284 ComputerName: LAPTOP
16:04:11.0958 5284 UserName: computer
16:04:11.0958 5284 Windows directory: C:\Windows
16:04:11.0958 5284 System windows directory: C:\Windows
16:04:11.0958 5284 Processor architecture: Intel x86
16:04:11.0958 5284 Number of processors: 2
16:04:11.0958 5284 Page size: 0x1000
16:04:11.0958 5284 Boot type: Normal boot
16:04:11.0958 5284 ============================================================
16:04:13.0085 5284 Initialize success
16:04:47.0099 5240 ============================================================
16:04:47.0099 5240 Scan started
16:04:47.0099 5240 Mode: Manual;
16:04:47.0099 5240 ============================================================
16:04:49.0656 5240 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
16:04:49.0656 5240 1394ohci - ok
16:04:49.0687 5240 61182320 - ok
16:04:49.0719 5240 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
16:04:49.0734 5240 ACPI - ok
16:04:49.0750 5240 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
16:04:49.0750 5240 AcpiPmi - ok
16:04:49.0906 5240 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:04:49.0921 5240 adp94xx - ok
16:04:49.0999 5240 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:04:49.0999 5240 adpahci - ok
16:04:50.0124 5240 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:04:50.0124 5240 adpu320 - ok
16:04:50.0202 5240 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
16:04:50.0202 5240 AFD - ok
16:04:50.0233 5240 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
16:04:50.0233 5240 agp440 - ok
16:04:50.0343 5240 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:04:50.0343 5240 aic78xx - ok
16:04:50.0389 5240 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
16:04:50.0389 5240 aliide - ok
16:04:50.0421 5240 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
16:04:50.0421 5240 amdagp - ok
16:04:50.0452 5240 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
16:04:50.0452 5240 amdide - ok
16:04:50.0577 5240 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:04:50.0577 5240 AmdK8 - ok
16:04:50.0623 5240 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:04:50.0623 5240 AmdPPM - ok
16:04:50.0655 5240 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
16:04:50.0655 5240 amdsata - ok
16:04:50.0779 5240 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:04:50.0779 5240 amdsbs - ok
16:04:50.0857 5240 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
16:04:50.0857 5240 amdxata - ok
16:04:50.0920 5240 AnyDVD (f3505f6e2cfb108b80b0ffe78e6b14a4) C:\Windows\system32\Drivers\AnyDVD.sys
16:04:50.0920 5240 AnyDVD - ok
16:04:51.0045 5240 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
16:04:51.0045 5240 AppID - ok
16:04:51.0154 5240 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:04:51.0170 5240 arc - ok
16:04:51.0294 5240 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:04:51.0294 5240 arcsas - ok
16:04:51.0357 5240 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:04:51.0357 5240 AsyncMac - ok
16:04:51.0388 5240 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
16:04:51.0388 5240 atapi - ok
16:04:51.0560 5240 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
16:04:51.0560 5240 AVGIDSDriver - ok
16:04:51.0622 5240 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
16:04:51.0638 5240 AVGIDSEH - ok
16:04:51.0716 5240 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
16:04:51.0716 5240 AVGIDSFilter - ok
16:04:51.0825 5240 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
16:04:51.0825 5240 AVGIDSShim - ok
16:04:51.0934 5240 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
16:04:51.0934 5240 Avgldx86 - ok
16:04:52.0074 5240 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
16:04:52.0074 5240 Avgmfx86 - ok
16:04:52.0152 5240 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
16:04:52.0168 5240 Avgrkx86 - ok
16:04:52.0293 5240 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
16:04:52.0293 5240 Avgtdix - ok
16:04:52.0402 5240 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:04:52.0418 5240 b06bdrv - ok
16:04:52.0527 5240 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:04:52.0527 5240 b57nd60x - ok
16:04:52.0714 5240 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:04:52.0714 5240 Beep - ok
16:04:52.0792 5240 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:04:52.0792 5240 blbdrive - ok
16:04:52.0854 5240 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
16:04:52.0870 5240 bowser - ok
16:04:52.0995 5240 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:04:52.0995 5240 BrFiltLo - ok
16:04:53.0042 5240 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:04:53.0042 5240 BrFiltUp - ok
16:04:53.0118 5240 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
16:04:53.0118 5240 Brserid - ok
16:04:53.0165 5240 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:04:53.0165 5240 BrSerWdm - ok
16:04:53.0290 5240 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:04:53.0306 5240 BrUsbMdm - ok
16:04:53.0321 5240 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
16:04:53.0321 5240 BrUsbSer - ok
16:04:53.0352 5240 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:04:53.0352 5240 BTHMODEM - ok
16:04:53.0540 5240 catchme - ok
16:04:53.0680 5240 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:04:53.0680 5240 cdfs - ok
16:04:53.0727 5240 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
16:04:53.0727 5240 cdrom - ok
16:04:53.0758 5240 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:04:53.0758 5240 circlass - ok
16:04:53.0820 5240 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:04:53.0820 5240 CLFS - ok
16:04:53.0961 5240 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:04:53.0961 5240 CmBatt - ok
16:04:54.0023 5240 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
16:04:54.0023 5240 cmdide - ok
16:04:54.0070 5240 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
16:04:54.0070 5240 CNG - ok
16:04:54.0195 5240 CnxtHdAudService (a4d44ab8423791db757b38150ec599a4) C:\Windows\system32\drivers\CHDRT32.sys
16:04:54.0195 5240 CnxtHdAudService - ok
16:04:54.0273 5240 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:04:54.0273 5240 Compbatt - ok
16:04:54.0382 5240 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
16:04:54.0382 5240 CompositeBus - ok
16:04:54.0460 5240 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
16:04:54.0460 5240 crcdisk - ok
16:04:54.0491 5240 dc3d (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys
16:04:54.0507 5240 dc3d - ok
16:04:54.0663 5240 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
16:04:54.0663 5240 DfsC - ok
16:04:54.0772 5240 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:04:54.0772 5240 discache - ok
16:04:54.0819 5240 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
16:04:54.0819 5240 Disk - ok
16:04:54.0881 5240 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:04:54.0881 5240 drmkaud - ok
16:04:55.0037 5240 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
16:04:55.0053 5240 DXGKrnl - ok
16:04:55.0178 5240 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\Windows\system32\DRIVERS\e100b325.sys
16:04:55.0178 5240 E100B - ok
16:04:55.0349 5240 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
16:04:55.0474 5240 ebdrv - ok
16:04:55.0599 5240 ElbyCDIO (309ac30471a0f1c3a89dee1c81230576) C:\Windows\system32\Drivers\ElbyCDIO.sys
16:04:55.0614 5240 ElbyCDIO - ok
16:04:55.0646 5240 ElbyDelay (e205c313417da6fa7afe85912a310a65) C:\Windows\system32\Drivers\ElbyDelay.sys
16:04:55.0646 5240 ElbyDelay - ok
16:04:55.0661 5240 ElbyVCD - ok
16:04:55.0724 5240 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
16:04:55.0739 5240 elxstor - ok
16:04:55.0864 5240 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
16:04:55.0864 5240 ErrDev - ok
16:04:55.0926 5240 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:04:55.0926 5240 exfat - ok
16:04:55.0958 5240 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:04:55.0958 5240 fastfat - ok
16:04:56.0082 5240 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
16:04:56.0082 5240 fdc - ok
16:04:56.0129 5240 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:04:56.0129 5240 FileInfo - ok
16:04:56.0160 5240 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:04:56.0160 5240 Filetrace - ok
16:04:56.0192 5240 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
16:04:56.0192 5240 flpydisk - ok
16:04:56.0348 5240 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:04:56.0348 5240 FltMgr - ok
16:04:56.0394 5240 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:04:56.0394 5240 FsDepends - ok
16:04:56.0426 5240 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
16:04:56.0426 5240 Fs_Rec - ok
16:04:56.0472 5240 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
16:04:56.0472 5240 fvevol - ok
16:04:56.0613 5240 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:04:56.0613 5240 gagp30kx - ok
16:04:56.0660 5240 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:04:56.0660 5240 GEARAspiWDM - ok
16:04:56.0706 5240 HBtnKey (c172f0d0329e46513b09e1fc60a27b9d) C:\Windows\system32\DRIVERS\cpqbttn.sys
16:04:56.0706 5240 HBtnKey - ok
16:04:56.0847 5240 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:04:56.0847 5240 hcw85cir - ok
16:04:56.0909 5240 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
16:04:56.0909 5240 HdAudAddService - ok
16:04:56.0940 5240 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
16:04:56.0940 5240 HDAudBus - ok
16:04:57.0065 5240 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
16:04:57.0065 5240 HidBatt - ok
16:04:57.0096 5240 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
16:04:57.0096 5240 HidBth - ok
16:04:57.0128 5240 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
16:04:57.0128 5240 HidIr - ok
16:04:57.0174 5240 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
16:04:57.0174 5240 HidUsb - ok
16:04:57.0330 5240 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
16:04:57.0330 5240 HpqKbFiltr - ok
16:04:57.0408 5240 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
16:04:57.0408 5240 HpSAMD - ok
16:04:57.0572 5240 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:04:57.0603 5240 HSF_DPV - ok
16:04:57.0712 5240 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:04:57.0712 5240 HSXHWAZL - ok
16:04:57.0775 5240 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
16:04:57.0775 5240 HTTP - ok
16:04:57.0915 5240 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
16:04:57.0915 5240 hwpolicy - ok
16:04:57.0962 5240 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
16:04:57.0962 5240 i8042prt - ok
16:04:58.0009 5240 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
16:04:58.0024 5240 iaStorV - ok
16:04:58.0304 5240 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:04:58.0460 5240 igfx - ok
16:04:58.0585 5240 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
16:04:58.0585 5240 iirsp - ok
16:04:58.0632 5240 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
16:04:58.0632 5240 intelide - ok
16:04:58.0663 5240 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:04:58.0663 5240 intelppm - ok
16:04:58.0710 5240 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:04:58.0710 5240 IpFilterDriver - ok
16:04:58.0835 5240 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
16:04:58.0835 5240 IPMIDRV - ok
16:04:58.0882 5240 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:04:58.0882 5240 IPNAT - ok
16:04:58.0928 5240 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:04:58.0928 5240 IRENUM - ok
16:04:59.0053 5240 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
16:04:59.0053 5240 isapnp - ok
16:04:59.0100 5240 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
16:04:59.0100 5240 iScsiPrt - ok
16:04:59.0131 5240 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:04:59.0131 5240 kbdclass - ok
16:04:59.0162 5240 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
16:04:59.0162 5240 kbdhid - ok
16:04:59.0225 5240 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
16:04:59.0225 5240 KSecDD - ok
16:04:59.0350 5240 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
16:04:59.0350 5240 KSecPkg - ok
16:04:59.0412 5240 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:04:59.0412 5240 lltdio - ok
16:04:59.0459 5240 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:04:59.0474 5240 LSI_FC - ok
16:04:59.0490 5240 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:04:59.0506 5240 LSI_SAS - ok
16:04:59.0630 5240 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:04:59.0630 5240 LSI_SAS2 - ok
16:04:59.0662 5240 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:04:59.0662 5240 LSI_SCSI - ok
16:04:59.0693 5240 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:04:59.0693 5240 luafv - ok
16:04:59.0740 5240 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:04:59.0740 5240 mdmxsdk - ok
16:04:59.0786 5240 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
16:04:59.0786 5240 megasas - ok
16:04:59.0896 5240 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
16:04:59.0896 5240 MegaSR - ok
16:04:59.0974 5240 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:04:59.0974 5240 Modem - ok
16:05:00.0005 5240 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:05:00.0005 5240 monitor - ok
16:05:00.0083 5240 motmodem (c3b0fd4f463e90b3917ff6ccea853bb6) C:\Windows\system32\DRIVERS\motmodem.sys
16:05:00.0083 5240 motmodem - ok
16:05:00.0161 5240 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
16:05:00.0161 5240 mouclass - ok
16:05:00.0208 5240 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:05:00.0208 5240 mouhid - ok
16:05:00.0270 5240 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
16:05:00.0270 5240 mountmgr - ok
16:05:00.0379 5240 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
16:05:00.0379 5240 MpFilter - ok
16:05:00.0442 5240 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
16:05:00.0457 5240 mpio - ok
16:05:00.0488 5240 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:05:00.0488 5240 MpNWMon - ok
16:05:00.0535 5240 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:05:00.0535 5240 mpsdrv - ok
16:05:00.0660 5240 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
16:05:00.0660 5240 MRxDAV - ok
16:05:00.0738 5240 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:05:00.0738 5240 mrxsmb - ok
16:05:00.0800 5240 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:05:00.0800 5240 mrxsmb10 - ok
16:05:00.0925 5240 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:05:00.0941 5240 mrxsmb20 - ok
16:05:01.0019 5240 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
16:05:01.0019 5240 msahci - ok
16:05:01.0066 5240 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
16:05:01.0081 5240 msdsm - ok
16:05:01.0190 5240 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:05:01.0190 5240 Msfs - ok
16:05:01.0253 5240 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:05:01.0253 5240 mshidkmdf - ok
16:05:01.0284 5240 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
16:05:01.0284 5240 msisadrv - ok
16:05:01.0331 5240 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:05:01.0331 5240 MSKSSRV - ok
16:05:01.0440 5240 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:05:01.0440 5240 MSPCLOCK - ok
16:05:01.0502 5240 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:05:01.0502 5240 MSPQM - ok
16:05:01.0549 5240 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:05:01.0549 5240 MsRPC - ok
16:05:01.0596 5240 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
16:05:01.0596 5240 mssmbios - ok
16:05:01.0690 5240 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:05:01.0690 5240 MSTEE - ok
16:05:01.0752 5240 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
16:05:01.0752 5240 MTConfig - ok
16:05:01.0783 5240 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:05:01.0783 5240 Mup - ok
16:05:01.0830 5240 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:05:01.0830 5240 NativeWifiP - ok
16:05:01.0955 5240 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
16:05:01.0970 5240 NDIS - ok
16:05:02.0111 5240 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:05:02.0111 5240 NdisCap - ok
16:05:02.0142 5240 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:05:02.0142 5240 NdisTapi - ok
16:05:02.0189 5240 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
16:05:02.0204 5240 Ndisuio - ok
16:05:02.0251 5240 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
16:05:02.0251 5240 NdisWan - ok
16:05:02.0392 5240 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
16:05:02.0392 5240 NDProxy - ok
16:05:02.0438 5240 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:05:02.0438 5240 NetBIOS - ok
16:05:02.0501 5240 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
16:05:02.0501 5240 NetBT - ok
16:05:02.0782 5240 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
16:05:02.0938 5240 netw5v32 - ok
16:05:03.0067 5240 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
16:05:03.0067 5240 nfrd960 - ok
16:05:03.0114 5240 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:05:03.0129 5240 NisDrv - ok
16:05:03.0160 5240 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:05:03.0160 5240 Npfs - ok
16:05:03.0207 5240 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:05:03.0207 5240 nsiproxy - ok
16:05:03.0363 5240 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
16:05:03.0394 5240 Ntfs - ok
16:05:03.0504 5240 NuidFltr (37be10ff10a92031fc5a01e8363925cc) C:\Windows\system32\DRIVERS\NuidFltr.sys
16:05:03.0504 5240 NuidFltr - ok
16:05:03.0550 5240 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:05:03.0566 5240 Null - ok
16:05:03.0597 5240 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
16:05:03.0597 5240 nvraid - ok
16:05:03.0628 5240 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
16:05:03.0628 5240 nvstor - ok
16:05:03.0753 5240 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
16:05:03.0753 5240 nv_agp - ok
16:05:03.0800 5240 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
16:05:03.0800 5240 ohci1394 - ok
16:05:03.0862 5240 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
16:05:03.0862 5240 Parport - ok
16:05:03.0909 5240 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
16:05:03.0925 5240 partmgr - ok
16:05:04.0050 5240 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
16:05:04.0050 5240 Parvdm - ok
16:05:04.0128 5240 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\Windows\system32\drivers\pavboot.sys
16:05:04.0128 5240 pavboot - ok
16:05:04.0268 5240 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
16:05:04.0268 5240 pci - ok
16:05:04.0299 5240 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
16:05:04.0299 5240 pciide - ok
16:05:04.0346 5240 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
16:05:04.0346 5240 pcmcia - ok
16:05:04.0471 5240 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
16:05:04.0471 5240 pcouffin - ok
16:05:04.0518 5240 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:05:04.0518 5240 pcw - ok
16:05:04.0580 5240 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:05:04.0596 5240 PEAUTH - ok
16:05:04.0752 5240 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
16:05:04.0767 5240 Point32 - ok
16:05:04.0845 5240 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:05:04.0845 5240 PptpMiniport - ok
16:05:04.0876 5240 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
16:05:04.0876 5240 Processor - ok
16:05:05.0017 5240 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:05:05.0032 5240 Psched - ok
16:05:05.0110 5240 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
16:05:05.0142 5240 ql2300 - ok
16:05:05.0282 5240 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
16:05:05.0282 5240 ql40xx - ok
16:05:05.0329 5240 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:05:05.0329 5240 QWAVEdrv - ok
16:05:05.0360 5240 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:05:05.0360 5240 RasAcd - ok
16:05:05.0485 5240 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:05:05.0500 5240 RasAgileVpn - ok
16:05:05.0563 5240 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:05:05.0563 5240 Rasl2tp - ok
16:05:05.0594 5240 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:05:05.0594 5240 RasPppoe - ok
16:05:05.0734 5240 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:05:05.0750 5240 RasSstp - ok
16:05:05.0797 5240 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
16:05:05.0797 5240 rdbss - ok
16:05:05.0828 5240 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
16:05:05.0828 5240 rdpbus - ok
16:05:05.0875 5240 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:05:05.0875 5240 RDPCDD - ok
16:05:06.0000 5240 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:05:06.0000 5240 RDPENCDD - ok
16:05:06.0031 5240 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:05:06.0031 5240 RDPREFMP - ok
16:05:06.0093 5240 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
16:05:06.0093 5240 RDPWD - ok
16:05:06.0156 5240 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
16:05:06.0156 5240 rdyboost - ok
16:05:06.0312 5240 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
16:05:06.0327 5240 rimmptsk - ok
16:05:06.0358 5240 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
16:05:06.0358 5240 rimsptsk - ok
16:05:06.0405 5240 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
16:05:06.0405 5240 RimUsb - ok
16:05:06.0561 5240 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
16:05:06.0561 5240 RimVSerPort - ok
16:05:06.0592 5240 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
16:05:06.0592 5240 rismxdp - ok
16:05:06.0670 5240 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
16:05:06.0670 5240 ROOTMODEM - ok
16:05:06.0826 5240 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:05:06.0826 5240 rspndr - ok
16:05:06.0873 5240 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
16:05:06.0873 5240 sbp2port - ok
16:05:06.0936 5240 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
16:05:06.0936 5240 scfilter - ok
16:05:06.0982 5240 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
16:05:06.0982 5240 sdbus - ok
16:05:07.0123 5240 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:05:07.0123 5240 secdrv - ok
16:05:07.0170 5240 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
16:05:07.0170 5240 Serenum - ok
16:05:07.0201 5240 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
16:05:07.0201 5240 Serial - ok
16:05:07.0248 5240 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
16:05:07.0248 5240 sermouse - ok
16:05:07.0388 5240 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
16:05:07.0388 5240 sffdisk - ok
16:05:07.0404 5240 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
16:05:07.0404 5240 sffp_mmc - ok
16:05:07.0419 5240 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:05:07.0435 5240 sffp_sd - ok
16:05:07.0466 5240 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
16:05:07.0482 5240 sfloppy - ok
16:05:07.0638 5240 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
16:05:07.0638 5240 sisagp - ok
16:05:07.0684 5240 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:05:07.0684 5240 SiSRaid2 - ok
16:05:07.0716 5240 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
16:05:07.0731 5240 SiSRaid4 - ok
16:05:07.0747 5240 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:05:07.0747 5240 Smb - ok
16:05:07.0903 5240 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:05:07.0903 5240 spldr - ok
16:05:07.0981 5240 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
16:05:07.0981 5240 srv - ok
16:05:08.0028 5240 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
16:05:08.0046 5240 srv2 - ok
16:05:08.0172 5240 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:05:08.0188 5240 SrvHsfHDA - ok
16:05:08.0250 5240 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
16:05:08.0266 5240 SrvHsfV92 - ok
16:05:08.0406 5240 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
16:05:08.0422 5240 SrvHsfWinac - ok
16:05:08.0516 5240 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
16:05:08.0516 5240 srvnet - ok
16:05:08.0625 5240 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
16:05:08.0625 5240 stexstor - ok
16:05:08.0703 5240 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
16:05:08.0703 5240 StillCam - ok
16:05:08.0750 5240 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
16:05:08.0750 5240 swenum - ok
16:05:08.0859 5240 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
16:05:08.0874 5240 SynTP - ok
16:05:08.0999 5240 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
16:05:09.0030 5240 Tcpip - ok
16:05:09.0186 5240 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
16:05:09.0202 5240 TCPIP6 - ok
16:05:09.0342 5240 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
16:05:09.0342 5240 tcpipreg - ok
16:05:09.0389 5240 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
16:05:09.0389 5240 TDPIPE - ok
16:05:09.0405 5240 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
16:05:09.0405 5240 TDTCP - ok
16:05:09.0452 5240 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
16:05:09.0452 5240 tdx - ok
16:05:09.0498 5240 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
16:05:09.0498 5240 TermDD - ok
16:05:09.0670 5240 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:05:09.0670 5240 tssecsrv - ok
16:05:09.0717 5240 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
16:05:09.0717 5240 TsUsbFlt - ok
16:05:09.0764 5240 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
16:05:09.0764 5240 tunnel - ok
16:05:09.0904 5240 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
16:05:09.0920 5240 uagp35 - ok
16:05:09.0966 5240 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
16:05:09.0966 5240 udfs - ok
16:05:10.0013 5240 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
16:05:10.0029 5240 uliagpkx - ok
16:05:10.0138 5240 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
16:05:10.0138 5240 umbus - ok
16:05:10.0200 5240 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
16:05:10.0200 5240 UmPass - ok
16:05:10.0247 5240 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
16:05:10.0247 5240 USBAAPL - ok
16:05:10.0372 5240 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
16:05:10.0388 5240 usbccgp - ok
16:05:10.0419 5240 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
16:05:10.0419 5240 usbcir - ok
16:05:10.0450 5240 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
16:05:10.0466 5240 usbehci - ok
16:05:10.0497 5240 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
16:05:10.0497 5240 usbhub - ok
16:05:10.0637 5240 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
16:05:10.0637 5240 usbohci - ok
16:05:10.0668 5240 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
16:05:10.0668 5240 usbprint - ok
16:05:10.0731 5240 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
16:05:10.0731 5240 usbscan - ok
16:05:10.0778 5240 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:05:10.0778 5240 USBSTOR - ok
16:05:10.0918 5240 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
16:05:10.0918 5240 usbuhci - ok
16:05:10.0965 5240 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
16:05:10.0965 5240 usbvideo - ok
16:05:10.0996 5240 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
16:05:11.0012 5240 vdrvroot - ok
16:05:11.0121 5240 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:05:11.0136 5240 vga - ok
16:05:11.0152 5240 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
16:05:11.0152 5240 VgaSave - ok
16:05:11.0199 5240 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
16:05:11.0199 5240 vhdmp - ok
16:05:11.0230 5240 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
16:05:11.0230 5240 viaagp - ok
16:05:11.0277 5240 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
16:05:11.0277 5240 ViaC7 - ok
16:05:11.0386 5240 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
16:05:11.0386 5240 viaide - ok
16:05:11.0433 5240 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
16:05:11.0433 5240 volmgr - ok
16:05:11.0480 5240 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
16:05:11.0495 5240 volmgrx - ok
16:05:11.0526 5240 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
16:05:11.0542 5240 volsnap - ok
16:05:11.0667 5240 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
16:05:11.0667 5240 vsmraid - ok
16:05:11.0714 5240 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
16:05:11.0714 5240 vwifibus - ok
16:05:11.0760 5240 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
16:05:11.0760 5240 WacomPen - ok
16:05:11.0792 5240 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:05:11.0807 5240 WANARP - ok
16:05:11.0807 5240 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:05:11.0807 5240 Wanarpv6 - ok
16:05:11.0963 5240 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
16:05:11.0963 5240 Wd - ok
16:05:12.0026 5240 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:05:12.0026 5240 Wdf01000 - ok
16:05:12.0213 5240 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
16:05:12.0213 5240 WfpLwf - ok
16:05:12.0244 5240 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
16:05:12.0244 5240 WIMMount - ok
16:05:12.0306 5240 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:05:12.0322 5240 winachsf - ok
16:05:12.0494 5240 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
16:05:12.0509 5240 WinUsb - ok
16:05:12.0572 5240 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
16:05:12.0572 5240 WmiAcpi - ok
16:05:12.0634 5240 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
16:05:12.0650 5240 ws2ifsl - ok
16:05:12.0806 5240 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
16:05:12.0806 5240 WudfPf - ok
16:05:12.0837 5240 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:05:12.0852 5240 WUDFRd - ok
16:05:12.0884 5240 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys
16:05:12.0884 5240 XAudio - ok
16:05:12.0930 5240 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:05:12.0930 5240 \Device\Harddisk0\DR0 - ok
16:05:12.0962 5240 Boot (0x1200) (52cbb9e1deaf7016b5cb95774a9797a1) \Device\Harddisk0\DR0\Partition0
16:05:12.0962 5240 \Device\Harddisk0\DR0\Partition0 - ok
16:05:12.0993 5240 Boot (0x1200) (fb3b7da8e57f773714abf451b90e59eb) \Device\Harddisk0\DR0\Partition1
16:05:12.0993 5240 \Device\Harddisk0\DR0\Partition1 - ok
16:05:12.0993 5240 ============================================================
16:05:12.0993 5240 Scan finished
16:05:12.0993 5240 ============================================================
16:05:13.0008 6008 Detected object count: 0
16:05:13.0008 6008 Actual detected object count: 0
****Address from virus total web page.
»www.virustotal.com/file-scan/rep···06170030 | | |
|
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 Reviews:
·Comcast
| reply to remi
Download ComboFix from one of these locations:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.infospyware.net/antimalware/combofix/
* IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[*]Double click on ComboFix.exe & follow the prompts.
[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Give it at least 20-30 minutes to finish if needed.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum | |
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 | reply to remi
Also, if you use a router, check the status page and post the IP Address(es) of the DSN servers being used. | |
remi
join:2011-11-28
Windsor, ON | ComboFix 11-11-29.04 - computer 11/29/2011 18:54:25.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.965 [GMT -5:00]
Running from: c:\users\computer\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-30 )))))))))))))))))))))))))))))))
.
.
2011-11-21 18:02 . 2011-10-07 01:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-20 18:03 . 2011-11-20 18:02 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD368FBC-E5B1-4C71-A5FF-BD3C31C7C847}\gapaengine.dll
2011-11-20 17:54 . 2011-11-20 17:55 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-20 15:28 . 2011-11-20 15:28 -------- d-----w- c:\program files\ESET
2011-11-20 02:26 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-11-20 02:26 . 2011-11-20 02:26 -------- d-----w- c:\program files\Panda Security
2011-11-20 02:15 . 2011-11-29 00:42 -------- d-----w- c:\users\computer\AppData\Roaming\QuickScan
2011-11-19 15:51 . 2011-11-19 15:51 -------- d-----w- c:\users\DefaultAppPool
2011-11-19 15:28 . 2011-11-19 15:28 -------- d-----w- c:\users\computer\AppData\Roaming\AVG2012
2011-11-19 15:26 . 2011-11-24 04:49 -------- d-----w- c:\programdata\AVG2012
2011-11-19 15:21 . 2011-11-27 13:26 -------- d-----w- c:\programdata\MFAData
2011-11-14 13:55 . 2011-11-14 13:55 -------- d-----w- c:\windows\system32\BestPractices
2011-11-14 13:55 . 2011-11-14 13:55 -------- d-----w- C:\inetpub
2011-11-10 13:31 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-10 13:31 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-10 13:31 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 15:50 . 2011-05-19 18:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-13 14:48 . 2011-10-13 14:48 53248 ----a-r- c:\users\computer\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2011-10-07 11:23 . 2011-10-07 11:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 11:21 . 2011-10-04 11:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-01 02:35 . 2011-10-12 03:41 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-12 03:41 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-12 03:41 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-24_05.28.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-02 19:46 . 2011-11-28 04:16 44302 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-11-28 04:16 45546 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-02 19:46 . 2011-11-28 04:16 11562 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2098787853-2589996545-2676783875-1001_UserData.bin
+ 2010-09-02 18:41 . 2011-11-29 11:39 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-02 18:41 . 2011-11-23 23:35 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-02 18:41 . 2011-11-29 11:39 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-02 18:41 . 2011-11-23 23:35 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2011-11-23 23:35 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2011-11-29 11:39 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-28 04:14 . 2011-11-28 04:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-24 04:48 . 2011-11-24 04:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-24 04:48 . 2011-11-24 04:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-28 04:14 . 2011-11-28 04:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-03 00:19 . 2011-11-27 21:14 297794 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:05 . 2011-11-28 04:18 686878 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2011-11-24 04:53 686878 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2011-11-24 04:53 127598 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2011-11-28 04:18 127598 c:\windows\System32\perfc009.dat
+ 2009-07-14 04:47 . 2011-11-28 04:13 492508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2011-11-24 04:47 492508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-21 12:24 . 2011-11-27 16:06 3146820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2098787853-2589996545-2676783875-1001-8192.dat
+ 2011-06-12 21:42 . 2011-11-28 04:13 42446876 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2098787853-2589996545-2676783875-1001-4096.dat
+ 2011-05-02 12:04 . 2011-11-24 14:17 33247704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2098787853-2589996545-2676783875-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start »www.avg.com/ww.special-uninstall···9.0.894" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^computer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HP SimpleSave Monitor.lnk]
path=c:\users\computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
backup=c:\windows\pss\HP SimpleSave Monitor.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^computer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Seagate Product Registration.lnk]
path=c:\users\computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate Product Registration.lnk
backup=c:\windows\pss\Seagate Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 21:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 11:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2007-01-27 18:45 287077 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 05:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2011-10-25 01:29 2415456 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2010-11-22 22:21 4765040 ----a-w- c:\program files\BitTorrent\BitTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoreADManager]
2011-05-04 02:42 3308032 ----a-w- c:\windows\diskperfm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 22:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-24 02:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-24 02:30 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2010-01-19 01:43 124256 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2011-08-01 19:56 1821576 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 22:06 421736 ----a-w- c:\program files\Itunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 20:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-24 02:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-24 15:07 323640 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-02-18 15:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
2011-05-12 03:26 313160 ----a-w- c:\users\computer\AppData\Roaming\Smilebox\SmileboxTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startw3i]
2010-11-24 17:09 173328 ----a-w- c:\program files\PC Speed Maximizer\Startw3i.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-28 06:05 1045800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 61182320;61182320; [x]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-09-04 47360]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R4 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R4 BackupService;BackupService;c:\users\computer\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2010-07-01 83512]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 10925416
*Deregistered* - 10925416
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\computer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{49DA6464-467E-4185-BE46-850BA6B1D90F}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{49DA6464-467E-4185-BE46-850BA6B1D90F}\2454C4C4636313: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{49DA6464-467E-4185-BE46-850BA6B1D90F}\25F4E4: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{49DA6464-467E-4185-BE46-850BA6B1D90F}\4505D2C494E4B4F5549334237383: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{49DA6464-467E-4185-BE46-850BA6B1D90F}\A657E6761627F6F6: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{49DA6464-467E-4185-BE46-850BA6B1D90F}\F43726F627E656026416D696C697: NameServer = 208.67.222.222,208.67.220.220
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2098787853-2589996545-2676783875-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FA1827BC-05E8-B234-08F7-B86A77B8CAA5}*]
"haelnmlhiemadbhe"=hex:69,61,67,6a,65,6d,70,6c,66,63,62,6c,63,6f,6f,6d,70,6f,
00,00
"iakalcicfhhnalafcc"=hex:69,61,67,6a,65,6d,70,6c,66,63,62,6c,63,6f,6f,6d,70,6f,
00,00
"hancaoboikjdlnkf"=hex:61,63,65,68,6c,6f,62,63,65,6f,6e,6e,69,68,66,64,65,67,
6a,68,65,68,6b,6a,6d,66,6e,65,63,6d,6d,61,6b,67,6d,64,62,64,6c,68,6a,68,61,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA1827BC-05E8-B234-08F7-B86A77B8CAA5}\InProcServer32*]
"jaiacoedopjodlflajoo"=hex:69,61,67,6a,65,6d,70,6c,66,63,62,6c,63,6f,6f,6d,70,
6f,00,00
"iaiamogaoigcfomlfe"=hex:69,61,67,6a,65,6d,70,6c,66,63,62,6c,63,6f,6f,6d,70,6f,
00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-29 19:09:24
ComboFix-quarantined-files.txt 2011-11-30 00:09
ComboFix2.txt 2011-11-24 05:38
.
Pre-Run: 90,857,648,128 bytes free
Post-Run: 90,807,492,608 bytes free
.
- - End Of File - - EA0388EA6EE82D04BE62386AC66C1174
DNS servers
208.67.222.222
208.67.220.220 | |
remi
join:2011-11-28
Windsor, ON | Any luck.
My internet provider detects the DNS Changer right away if I leave my internet on for e few hours and suspends my account. | |
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 Reviews:
·Comcast
| reply to remi
Can you get your ISP to be more specific in what they are detecting? There is nothing in the logs to indicate an exploit yet that are finding something.
The only recommendation I have at this point would be to backup all you data, reformat and start over. | |
remi
join:2011-11-28
Windsor, ON | Is this what you need?
Wireless LAN adapter Wireless Network Connection:
Conection-specific DNS Suffix:
Link-local IPv6 Address.....:fe80::35ef:128a:ae39:b4fe%11
IPv4 Address....................:192.168.0.102
Subnet Mask.....................:255.255.255.0
Default Gateway................:192.168.0.1 | |
remi
join:2011-11-28
Windsor, ON | The Virus Total scan detected some things.
Does that mean anything?
»www.virustotal.com/file-scan/rep···06170030 | |
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 Reviews:
·Comcast
| reply to remi
Sorry, my goof. I thought I had asked you to rename that file.
Rename C:\Windows\sspro.exe to C:\Windows\ssproexe.old
There is a remote possibility that it is a valid file, although the location is suspicious. I don't want to delete it yet, but want to neuter it.
After you have done that, then check with your ISP to see if they are still getting the DNS Changer detect.
FYI:L DNS Changer uses a known set of IP Address ranges and none of the ones your computer or router use are in those ranges. That's what is puzzling me about the detect. If it turns out that sspro.exe if indeed bad, and uses any of those rangers, that would explain the detect.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum | |
remi
join:2011-11-28
Windsor, ON | I renamed that file.
My internet provider is getting tired of reactivating my account and are strongly advising a format.
I am just going to format it. | |
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 Reviews:
·Comcast
| reply to remi
That is probably best. The file only got three hits at Virus Total. While it's suspect, it is not glaring. None of the other detects we ran could find anything, including corrupted system files.
I'm puzzled by it, but a format will at least start you off clean.
One thing to check,. Make sure you router is protected from unwarranted users. You want to use WPA or WPA2 encryption to make sure no one else can use it. And make the password strong.
It is possible that another computer was connecting thru your router and that is causing the detects.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum | |
remi
join:2011-11-28
Windsor, ON | Formatting the computer fixed the problem. So the DSN Changer was on my hard drive even though no scans would detect it. My internet provider noticed the difference immediately after I formatted.
Thanks for the Help. | |
|
