# generic trojan in services.exe



## MTeague (Jun 21, 2012)

I ran a scan with AVG, got the following result that AVG couldn't handle as it is a requisite system file:
"";"C:\Windows\System32\services.exe";"Trojan horse Dropper.Generic_c.MMI";"Object is white-listed (critical/system file that should not be removed)"

I have downloaded and run HijackThis and DDS, and here are the results:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:35:04 AM, on 6/21/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53brmon.exe
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbrmon.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Users\Mitch\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {de6c5f41-7812-41c4-8a87-30f0bfbe0a3e} - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53SrcAs.dll
R3 - URLSearchHook: (no name) - {a8625cb7-85fe-4936-92a4-b2a7c925209e} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtSrcAs.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Assistant BHO - {19b4fdc9-b1b5-4c8e-ab5f-adcf4ebc0b0b} - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53SrcAs.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Toolbar BHO - {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} - C:\PROGRA~2\GAMING~2\bar\1.bin\gtbar.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Assistant BHO - {ab5d199e-9659-47a2-930b-fc3b69061353} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtSrcAs.dll
O2 - BHO: Toolbar BHO - {d36bfff8-a3ae-4032-a179-f29083c68ba7} - C:\PROGRA~2\DAILYF~2\bar\1.bin\53bar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: Daily Fitness Center - {a6547405-a964-4600-8326-e91c95218964} - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53bar.dll
O3 - Toolbar: GamingWonderland - {a899079d-206f-43a6-be6a-07e0fa648ea0} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Daily Fitness Center Search Scope Monitor] "C:\PROGRA~2\DAILYF~2\bar\1.bin\53srchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [DailyFitnessCenter_53 Browser Plugin Loader] C:\PROGRA~2\DAILYF~2\bar\1.bin\53brmon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GamingWonderland Search Scope Monitor] "C:\PROGRA~2\GAMING~2\bar\1.bin\gtsrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [GamingWonderland Browser Plugin Loader] C:\PROGRA~2\GAMING~2\bar\1.bin\gtbrmon.exe
O4 - HKLM\..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] "C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] "C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
O4 - HKCU\..\Run: [Best Buy pc app] C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mitch\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.4.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Mitch\Desktop\PartyPoker.lnk (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Mitch\Desktop\PartyPoker.lnk (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games  Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Daily Fitness CenterService (DailyFitnessCenter_53Service) - COMPANYVERS_NAME - C:\PROGRA~2\DAILYF~2\bar\1.bin\53barsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GamingWonderlandService - COMPANYVERS_NAME - C:\PROGRA~2\GAMING~2\bar\1.bin\gtbarsvc.exe
O23 - Service: Updater Service (IBUpdaterService) - Unknown owner - C:\ProgramData\IBUpdaterService\ibsvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13187 bytes

and for the DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 8.0.7601.17514
Run by Mitch at 6:41:13 on 2012-06-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.912 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\PROGRA~2\DAILYF~2\bar\1.bin\53barsvc.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~2\GAMING~2\bar\1.bin\gtbarsvc.exe
C:\ProgramData\IBUpdaterService\ibsvc.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53brmon.exe
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbrmon.exe
C:\windows\system32\igfxext.exe
-netsvcs
C:\windows\system32\conhost.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\splwow64.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wuauclt.exe

I have also attached the 'Attach' from DDS. Your help would be greatly appreciated.


----------



## flavallee (May 12, 2002)

You appear to already have *Malwarebytes Anti-Malware 1.61.0.1400* installed. :up:

Also install *SUPERAntiSpyware 5.1.0.1002*

Uncheck and opt out to install any extras it may offer.

Make sure the definition files in both programs are up-to-date.

Run a quick scan with each one.

DON'T use the computer while each scan is in progress.

Select and remove EVERYTHING they find.

After you're all done, submit a new HiJackThis log.

-----------------------------------------------------------

A word of warning about *AVG 2012*.

DON'T use its built-in file and registry cleaning feature. :down:

----------------------------------------------------------


----------



## MTeague (Jun 21, 2012)

I ran Malwarebytes and superantispyware and removed all the found items. Re-ran HijackThis and here is the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:47:24 PM, on 6/21/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Users\Mitch\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {de6c5f41-7812-41c4-8a87-30f0bfbe0a3e} - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53SrcAs.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: Daily Fitness Center - {a6547405-a964-4600-8326-e91c95218964} - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53bar.dll (file missing)
O3 - Toolbar: GamingWonderland - {a899079d-206f-43a6-be6a-07e0fa648ea0} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll (file missing)
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] "C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] "C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
O4 - HKLM\..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
O4 - HKCU\..\Run: [Best Buy pc app] C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mitch\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.4.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Mitch\Desktop\PartyPoker.lnk (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Mitch\Desktop\PartyPoker.lnk (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games  Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11208 bytes


----------



## flavallee (May 12, 2002)

Let's see what the scans found and what action you took.

----------------------------------------------------------

Start Malwarebytes Anti-Malware.

Click "Logs"(tab).

Highlight the scan log entry for the most current log, then click "Open".

When the scan log appears in Notepad, copy-and-paste it here.

--------------------------------------------------------

Start SUPERAntiSpyware.

Click "View Scan Logs".

Highlight the scan log entry for the most current log, then click "View Selected Log".

When the scan log appears in Notepad, copy-and-paste it here.

--------------------------------------------------------


----------



## flavallee (May 12, 2002)

Let's do a little "housecleaning" of your HiJackThis log.

Start HiJackThis, then click "Do a system scan only".

When the scan is finished in about 30 - 60 seconds, put a checkmark in these log entries:

*R3 - URLSearchHook: (no name) - {de6c5f41-7812-41c4-8a87-30f0bfbe0a3e} - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53SrcAs.dll (file missing)

O3 - Toolbar: Daily Fitness Center - {a6547405-a964-4600-8326-e91c95218964} - C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53bar.dll (file missing)

O3 - Toolbar: GamingWonderland - {a899079d-206f-43a6-be6a-07e0fa648ea0} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Mitch\Desktop\PartyPoker.lnk (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Mitch\Desktop\PartyPoker.lnk (file missing)*

After you confirm that you selected the correct log entries, click "Fix Checked - Yes".

Close HiJackThis.

---------------------------------------------------


----------



## MTeague (Jun 21, 2012)

The Super AntiSpyware Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/21/2012 at 07:30 PM
Application Version : 5.1.1002
Core Rules Database Version : 8778
Trace Rules Database Version: 6590
Scan type : Quick Scan
Total Scan Time : 00:11:27
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 569
Memory threats detected : 0
Registry items scanned : 53751
Registry threats detected : 0
File items scanned : 14090
File threats detected : 94
Adware.Tracking Cookie
C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Cookies\7209PF67.txt [ /atdmt.com ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\MRCU81QK.txt [ Cookie:[email protected]/cgi-bin ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\MB5W9HYL.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\EPI1IYNQ.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\IO4UPIIM.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\9LIS46LU.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\NVI3S8I1.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\8MI6478Z.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZF4PR47R.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\CTXOGGIM.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\7PBVNK2C.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\OA8388KN.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\66MDAQ9B.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\QDTYDAAJ.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\91SPVG0Z.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\ST6AOD63.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\QCC6HOAL.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z495US20.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\1B88K4H3.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\6AHCBE9W.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\MB9KJ9EV.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\6RAIDSQL.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\SIX19R59.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\FGN5ZI1V.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\GVJ2BTUD.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\S9OTJ0XF.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\6753EJY0.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\3M7Q709E.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\R932R9W4.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\S15KN08T.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\3ONX7MY3.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\3CQFFE1E.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\TUV3I8BW.txt [ Cookie:[email protected]/ak/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\FBYMVQDU.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\JFS9QAT1.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\OOR0S9VH.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\KNBDTGNQ.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\AS595RQR.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\66T0Z4WB.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\LIDLX4CE.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\D01LMLWU.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\750ZS6AW.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZR4YYZNH.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\TF0OVDD7.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\9KDFM55F.txt [ Cookie:[email protected]/videos/watch/video/freak-encounters-monster-spider/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\2F36BWLW.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\4RMATULW.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\VM34SRYT.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\DWTSIQ6G.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\6JSXS2TZ.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\FD1FYP89.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\GSBYUQQS.txt [ Cookie:[email protected]/adserving ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\AA46AORZ.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZRP20730.txt [ Cookie:[email protected]/ ]
.divx.112.2o7.net [ C:\USERS\MITCH\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\20KA8AT2.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\OUW6OWK6.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\ROHRTCT8.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\MG09ID9O.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\RNWOXXCE.txt [ Cookie:[email protected]/hc/33238650 ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\0FXJ75CY.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\FHZHISKN.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\56P9VL56.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\988T3MTF.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\BXCEBZJX.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\L7ED6DJ3.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\D9GML4NR.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\W042QAI7.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\TP91R16Q.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\W1CELQQU.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\5WZPIHMU.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\M989R1GI.txt [ Cookie:[email protected]****book.org/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\35QHEN6N.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\9EU8LMF2.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\G1F0TOVY.txt [ Cookie:[email protected]/hc/71384334 ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\S0I5IPFT.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\6DICJIFF.txt [ Cookie:[email protected]/pagead/conversion/969029711/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\QNXGQ9GS.txt [ Cookie:[email protected]****book.org/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\4P8HUEHW.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\ELIVU0YI.txt [ Cookie:[email protected]/servlet/ajrotator/194009/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\CZCCXZS4.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\0B8U7M6F.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q0TAJ7X7.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\338S8NE3.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\4HBRUE9X.txt [ Cookie:[email protected]/SurveyTrafficUI/STMUI/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\LNMEOOVV.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\I1WP9QOO.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\GGC6GFPE.txt [ Cookie:[email protected]/pagead/conversion/1048257392/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\CG1IXEKJ.txt [ Cookie:[email protected]/stats/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\JXPDGIIA.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\RWD19ZFX.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\2L2P977N.txt [ Cookie:[email protected]/ ]
C:\USERS\MITCH\AppData\Roaming\Microsoft\Windows\Cookies\Low\RYEBHVAZ.txt [ Cookie:[email protected]/pagead/conversion/1071332492/ ]
C:\USERS\MITCH\Cookies\7209PF67.txt [ Cookie:[email protected]/ ]

The Malware Bytes Log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.16.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Mitch :: MITCH-PC [administrator]
6/21/2012 8:31:48 AM
mbam-log-2012-06-21 (08-31-48).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 317918
Time elapsed: 46 minute(s), 40 second(s)
Memory Processes Detected: 4
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 1892 -> Delete on reboot.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53brmon.exe (PUP.MyWebSearch) -> 3500 -> Delete on reboot.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbrmon.exe (PUP.MyWebSearch) -> 3612 -> Delete on reboot.
C:\Windows\svchost.exe (Trojan.Agent) -> 4084 -> Delete on reboot.
Memory Modules Detected: 2
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbrstub.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53brstub.dll (PUP.MyWebSearch) -> Delete on reboot.
Registry Keys Detected: 152
HKLM\SYSTEM\CurrentControlSet\Services\DailyFitnessCenter_53Service (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\GamingWonderlandService (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
HKCR\CLSID\{73c3a474-f0f8-4274-ba4a-96f216fca42d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{13b43da8-c083-4456-87fd-3d307f5616ef} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{05AD605E-6721-4370-B48A-07042587DF76} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\DailyFitnessCenter_53.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\DailyFitnessCenter_53.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{73C3A474-F0F8-4274-BA4A-96F216FCA42D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{73C3A474-F0F8-4274-BA4A-96F216FCA42D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DailyFitnessCenter_53bar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{d36bfff8-a3ae-4032-a179-f29083c68ba7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D36BFFF8-A3AE-4032-A179-F29083C68BA7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D36BFFF8-A3AE-4032-A179-F29083C68BA7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D36BFFF8-A3AE-4032-A179-F29083C68BA7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{19b4fdc9-b1b5-4c8e-ab5f-adcf4ebc0b0b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19B4FDC9-B1B5-4C8E-AB5F-ADCF4EBC0B0B} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{19B4FDC9-B1B5-4C8E-AB5F-ADCF4EBC0B0B} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{19B4FDC9-B1B5-4C8E-AB5F-ADCF4EBC0B0B} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{08fbcb5f-de4f-49e0-977e-e4269f4d7206} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8b4c0e7e-23f4-419f-814e-957e905c31f3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{0DB657AC-FA16-4F01-AADF-023D29F75D62} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\GamingWonderland.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\GamingWonderland.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{08FBCB5F-DE4F-49E0-977E-E4269F4D7206} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08FBCB5F-DE4F-49E0-977E-E4269F4D7206} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GamingWonderlandbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7c8f8fe5-9785-4f74-bcf8-895ef9752d97} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C8F8FE5-9785-4F74-BCF8-895EF9752D97} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7C8F8FE5-9785-4F74-BCF8-895EF9752D97} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C8F8FE5-9785-4F74-BCF8-895EF9752D97} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{a8625cb7-85fe-4936-92a4-b2a7c925209e} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ab5d199e-9659-47a2-930b-fc3b69061353} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB5D199E-9659-47A2-930B-FC3B69061353} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AB5D199E-9659-47A2-930B-FC3B69061353} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AB5D199E-9659-47A2-930B-FC3B69061353} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{2ae25207-f912-4152-82ce-c6e7f06d9105} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{1d5d528e-1d54-473c-86d0-1acb26b5f53e} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{57C7075F-F4DD-48F0-A147-B133C8E4FD45} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{5b280691-8497-4a88-a4cc-6e36f3302bc8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{ca234e00-f8b9-4220-b5df-f7df3c675e55} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{B88574B7-9028-4235-97F2-697A093AACEA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{4e85679f-5eb7-4888-b826-4bb29995a198} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\DailyFitnessCenter_53.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\DailyFitnessCenter_53.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{d13049fe-3294-4234-b137-3e720cb590c2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{e72b6238-e5a7-497d-8111-90796823a65e} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{59167AE9-7D78-429F-A249-328E70D55F52} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\DailyFitnessCenter_53.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\DailyFitnessCenter_53.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{d41058fd-cb2c-482d-9157-3e10478fd16c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{e565ae4e-8875-44d8-86a5-1d68e78dc776} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{34ECF4BB-61EA-47C7-863A-3C7853D9FC71} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\DailyFitnessCenter_53.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\DailyFitnessCenter_53.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D41058FD-CB2C-482D-9157-3E10478FD16C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D41058FD-CB2C-482D-9157-3E10478FD16C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{B8BDDE9B-BEA1-4160-82BB-D32A7A041D25} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\DailyFitnessCenter_53.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\DailyFitnessCenter_53.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B8BDDE9B-BEA1-4160-82BB-D32A7A041D25} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{09bde2ca-0344-48bd-b3ce-ed3a9965f4fd} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{decd2e93-fe57-4957-8cfc-33a15bfcd34b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{7580723B-C577-4491-8071-78AFADBFB976} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{decbd5aa-1402-4ce3-a046-9bb3848d6dd9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\DailyFitnessCenter_53.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\DailyFitnessCenter_53.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{0664f519-8a88-4de0-8451-d45c07c4ff62} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{57396fd6-c84f-4f54-8eeb-a0ad4538ec2b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{6AE8F66F-B80B-473D-B907-28FD36E8D795} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\DailyFitnessCenter_53.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\DailyFitnessCenter_53.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0664F519-8A88-4DE0-8451-D45C07C4FF62} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ef2fda59-d43c-4ccf-b8fd-65d234ba2733} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{58d9cfa0-515f-4858-a937-784acbb2aace} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{E9DE1EE3-FE40-41F2-BB4B-6044AD1A4623} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\DailyFitnessCenter_53.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\DailyFitnessCenter_53.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{1220031c-c7cc-4d58-a00a-bef3ba6825bd} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\DailyFitnessCenter_53.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\DailyFitnessCenter_53.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{64c8b80b-d958-4965-9d3d-997f2a23ffda} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{794a7f67-5ad8-43a2-8340-783b04644f05} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{1FAB027E-D990-41D0-AE3A-E0987AA1022F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64C8B80B-D958-4965-9D3D-997F2A23FFDA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{eed7f091-12ce-4f92-901e-cb69198bcc03} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{25e917f8-16db-4536-89d5-02a9e54c5345} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{3E869C50-F3CE-4DB6-817A-947ECF2DFB6B} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\DailyFitnessCenter_53.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\DailyFitnessCenter_53.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EED7F091-12CE-4F92-901E-CB69198BCC03} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{9b4221e4-11a5-4f8d-ab28-afc59860fef4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\DailyFitnessCenter_53.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\DailyFitnessCenter_53.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{44eaf1f4-7ff5-4b15-9bee-522532831236} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{6c71ddef-4c18-4fbc-aac2-d397ca175626} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{206F84B4-A5BC-448E-BB07-C091E2CA3F17} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{6fba26f4-e7c7-4db3-9276-a3312ccf07d0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{2a5fb2eb-3559-4ad3-8d61-3cd3e8528fa6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{2E252970-F6F6-46DA-B9A5-FEF849174D84} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{f4b1272e-0cb2-488c-9fa7-320e55fb8307} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\GamingWonderland.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\GamingWonderland.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{e71835ec-50b3-4409-a418-cca38afc49b1} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{1ba8c07d-d46c-444b-bf2c-577bd961d2e4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{7975C249-952B-40B1-937F-F79986B47081} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\GamingWonderland.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\GamingWonderland.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{99c8d756-4d22-4d0f-898a-34a232884ce1} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{970f08a0-2151-4f81-91d9-3c5e5c9a6861} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{1998CE9F-20C5-4EC7-80A8-0F6F8A2411E8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\GamingWonderland.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\GamingWonderland.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99C8D756-4D22-4D0F-898A-34A232884CE1} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{26A73C38-B71A-4D3A-80B7-E010420DA1E7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\GamingWonderland.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\GamingWonderland.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{26A73C38-B71A-4D3A-80B7-E010420DA1E7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{9634ef63-f560-4ece-b213-aee5667d7c3c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{98840585-a9cf-477a-b7d4-81ce1fb1c2e4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{B5923F3E-B4BC-4FB5-8318-9DFDF1BC7889} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{aa59b2d8-edd2-4730-8efb-c266e75e1168} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\GamingWonderland.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\GamingWonderland.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{1a30aa28-2fc6-4360-9e14-cfa627d51b6c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{7494f5bf-10b7-4d2f-b90f-dfea50616a3e} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{5E394D6E-A48F-428C-9A87-DA32C2A57346} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\GamingWonderland.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\GamingWonderland.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1A30AA28-2FC6-4360-9E14-CFA627D51B6C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7bff5694-a950-4d01-a2fa-d5aea811d201} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{ac88eb5d-de86-4519-8b73-a4d677965b8c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{66706B98-BBBD-4633-B2B4-1B8AD9EA8487} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\GamingWonderland.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\GamingWonderland.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ed1ac743-8648-4e55-9104-a0c74baba152} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\GamingWonderland.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\GamingWonderland.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{0c7bac04-8f5d-4bbd-956a-34fafa547752} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{5e579db7-8e17-4137-b1e0-fd9dcb35f528} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{C2AA38BF-2179-45CB-9EF0-C9A555F4354F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0C7BAC04-8F5D-4BBD-956A-34FAFA547752} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{f4d7584b-6643-4bc7-8e24-17c3258dc5ef} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{5e302f1c-2e1f-4df7-bb17-687ccf9a8de2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{0D49EF2C-6D09-4FE0-A26E-7301D89245C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\GamingWonderland.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\GamingWonderland.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F4D7584B-6643-4BC7-8E24-17C3258DC5EF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{dd51557a-1bdc-473a-b9fd-b0d195155da8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\GamingWonderland.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\GamingWonderland.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Detected: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DailyFitnessCenter_53 Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~2\DAILYF~2\bar\1.bin\53brmon.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GamingWonderland Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~2\GAMING~2\bar\1.bin\gtbrmon.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Daily Fitness Center Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~2\DAILYF~2\bar\1.bin\53srchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GamingWonderland Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~2\GAMING~2\bar\1.bin\gtsrchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{A8625CB7-85FE-4936-92A4-B2A7C925209E} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 72
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53barsvc.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbarsvc.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Delete on reboot.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbrstub.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53brstub.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53brmon.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbrmon.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53SrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtSrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53bar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53SrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtSrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53auxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53datact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53dlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53dyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53feedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53highin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53hkstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53html.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53htmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53httpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53idle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53ieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53impipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53medint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53mlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53msg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53Plugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53radio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53regfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53reghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53regiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53script.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53skin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53skplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53tpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\53uabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin\NP53Stub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtauxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtdatact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtdlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtdyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtfeedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gthighin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gthkstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gthtml.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gthtmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gthttpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtidle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtimpipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtmedint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtmlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtmsg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtPlugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtradio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtregfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtreghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtregiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtscript.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtskin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtskplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gttpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtuabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\GamingWonderland\bar\1.bin\NPgtStub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Mitch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14M41DAL\VideoPerformer_Setup[1].exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
C:\Users\Mitch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OLALO73N\GamingWonderland[1].exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Users\Mitch\AppData\LocalLow\DailyFitnessCenter_53EI\Installr\Cache\144299F8.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\Installer\{626cd329-29cf-3db4-cbcc-f7ac18480fe1}\U\[email protected] (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)


----------



## flavallee (May 12, 2002)

Thanks for the logs. It looks like a lot of problems were found and removed. 

I suggest you put them both to use at least a week. Make sure to update the definition files first before running a quick scan. Make sure to select and remove everything that's found. 

How is the computer doing now?

--------------------------------------------------------------


----------



## MTeague (Jun 21, 2012)

The original virus that I posted about is still operating out of my services.exe file, I get warnings about it every few minutes.

I did not have a problem with the cookies and adware, I may not have been diligent about running MAB and SAS every week, but I do run them, and make sure the files are updated regularly.

But this trojan Generic dropper thing is of great concern to me, how do we proceed with this?


----------



## flavallee (May 12, 2002)

How do you feel about getting rid of *AVG 2012* and replacing it with *Microsoft Security Essentials 4.0.1526.0*?

It's not bloated and problematic like AVG, it's more user-friendly, and it's well recommended here.

---------------------------------------------------------


----------



## MTeague (Jun 21, 2012)

By your post, you seem to be implying that I do not have a problem with a trojan or virus, but with my anti-virus. Are you saying that AVG is creating this problem? If my software does not operate as it should, I'm all for replacing it, but it has worked well in the past, and I just would like you to be clear as to what you are saying....


----------



## MTeague (Jun 21, 2012)

Ok, I downloaded MS Security essentials, ran a scan, eliminated a couple of things, now my computer continually re-boots. It will come up, all the way, everything looks fine, then it will say "Windows has encountered a critical problem and will shut down in 1 minute" 

It will do this even in safe mode. So now what do I do?

(I do not have a boot or recovery disk-I know, dumb)


----------



## MTeague (Jun 21, 2012)

I was able to create a windows repair disc from another computer using Windows 7. I was also able to muddle through the process of changing the boot priority through BIOS, and was able to run some system repair tools.

1. There was NOT a startup problem
2. Using the most recent restore point, I was able to finally boot my computer up, though it still gets the AVG error message.
3. While I was having the boot problem, I knew that the System32\services.exe file was the problem, so I took the limited time I had on boot up to look into that folder. The services.exe file had changed (post MS Security essentials scan) to multiple files of unidentified type with the services.exe file name, and a long alpha-numeric sequence as the file extension. There were about 9 of these files, and the normal Services files (one a doc and one an app) were both missing. I cross checked the folder contents with those of my clean desktop to be sure.
4. I took copies of the clean services files from my desktop, put them on aflash drive, and transferred them to the desktop of the sick laptop. I DID NOT attempt to move the files or swap out the infected ones. this is what I did do.

I ran a scan with AVG on the infected file, and got the now expected result that it is infected with the Trojan Horse Dropper.Generic_c.MMI malware. I also ran a scan on the "clean" files I dropped onto my desk top. That scan showed negative, perfectly clean.

The only conclusions I can make are that 
1. I have an infection in my System32 folder, and this infection is affecting my basic operating system.
2. Avg was correct in identifying this threat, and also in NOT removing it as this would cause critical system issues.
3. Microsoft Security essentials ALSO identified the threat, did NOT identify the folder as critical, and attempted to remove it, creating the bizarre files and messing up my operating system. Forcing me to do a system restore to a point before MSSE was installed. (By the way, even AFTER MSSE removed the trojan, I was still getting warning messages about that trojan from AVG)
4. I still need work done to get my system cleaned up, without destroying it or rendering it useless.
5. I have absolutely NO IDEA how to do that.

I would MASSIVELY appreciate any help on this.

Thank you.


----------



## flavallee (May 12, 2002)

I wasn't implying anything. I was merely making a suggestion.

AVG needed to be uninstalled first before MSE was installed. Having multiple antivirus programs installed and running in the same computer will cause them to fight each other.

I've done what I can from here. I suggest you submit new required logs and then let a gold/blue shield removal specialist help you.

------------------------------------------------------------


----------



## flavallee (May 12, 2002)

As soon as you submit new required logs here, as previously advised to do, a gold/blue shield removal specialist will be requested to assist you.

A Moderator has closed the duplicate thread that you started here.

---------------------------------------------------------


----------



## kevinf80 (Mar 21, 2006)

Download *Farbar Recovery Scan Toolx64* and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter *System Recovery Options* I give two methods, use whichever is convenient for you.

*To enter System Recovery Options from the Advanced Boot Options:*

Restart the computer.
As soon as the BIOS is loaded begin tapping the* F8* key until Advanced Boot Options appears.
Use the arrow keys to select the *Repair your computer* menu item.
Select *US* as the keyboard language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account an click *Next*.

*To enter System Recovery Options by using Windows installation disc:*

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click *Repair your computer*.
Select *Your Country* as the keyboard language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account and click *Next*.

*On the System Recovery Options menu you will get the following options:*
*Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt*


Select *Command Prompt*
In the command window type in *notepad* and press *Enter*.
The notepad opens. Under File menu select *Open*.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type *e:\frst64*) and press *Enter* 
*Note:* Replace letter *e* with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press *Scan* button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Kevin...


----------



## MTeague (Jun 21, 2012)

I completed the instructions the log follows. I did want to mention that when I tried to boot the "repair your computer" from the computer itself, I got an error message:

ERROR
an error has occurred
ERROR: F3-F100-0010
an error has occurred
please press [OK] to turn off the computer.

I had to run the system repair from a windows repair disc. I don't know if it is relevant, but thought I should mention it just in case.

From FRST:

Scan result of Farbar Recovery Scan Tool Version: 25-06-2012
Ran by SYSTEM at 28-06-2012 09:53:29
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) 
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [] [x]
HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [166424 2010-03-18] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [391192 2010-03-18] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [410648 2010-03-18] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2009-11-19] ()
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKU\Mitch\...\Run: [Best Buy pc app] C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms [x]
HKU\Mitch\...\Run: [Google Update] "C:\Users\Mitch\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-01-28] (Google Inc.)
HKU\Mitch\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4786048 2012-06-21] (SUPERAntiSpyware.com)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] "C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer [155648 2012-01-30] ()
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] "C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer [135168 2012-01-30] (DivX, LLC)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer [335872 2012-01-30] ()
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer [1101824 2012-01-30] ()
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Mitch\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk
ShortcutTarget: OpenOffice.org 3.4.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Services (Whitelisted) ======
2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5106744 2012-04-30] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
========================== Drivers (Whitelisted) =============
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [26840 2009-07-14] (TOSHIBA Corporation)
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-06-28 07:37 - 2012-06-28 07:37 - 00001870 ____A C:\Users\Mitch\Desktop\repairtools.txt
2012-06-28 05:24 - 2012-06-28 05:24 - 00017951 ____A C:\Users\Mitch\Desktop\DDS.txt
2012-06-28 05:24 - 2012-06-28 05:24 - 00012432 ____A C:\Users\Mitch\Desktop\Attach.txt
2012-06-28 05:20 - 2012-06-28 05:20 - 00011625 ____A C:\Users\Mitch\Desktop\hijackthis.log
2012-06-28 05:18 - 2012-06-28 05:19 - 00000000 ____D C:\Users\Mitch\Desktop\Virus logs 1
2012-06-28 03:43 - 2012-06-28 03:43 - 00001500 ____A C:\Users\Mitch\Documents\Obit.rtf
2012-06-27 16:22 - 2012-06-27 16:22 - 00025561 ____A C:\Users\Mitch\Documents\Dad'1.odt
2012-06-27 14:39 - 2012-06-27 14:39 - 00017541 ____A C:\Users\Mitch\Documents\Dad.odt
2012-06-25 17:36 - 2012-06-25 17:38 - 00000000 ____D C:\Users\Mitch\Downloads\True Blood
2012-06-22 18:14 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 18:14 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 18:14 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 18:14 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 18:13 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 18:13 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 18:13 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 18:13 - 2009-07-13 17:39 - 00328704 ____A (Microsoft Corporation) C:\Users\Mitch\Desktop\services.exe
2012-06-22 18:13 - 2009-06-10 12:38 - 00092745 ____A C:\Users\Mitch\Desktop\services.msc
2012-06-22 17:10 - 2012-06-22 17:10 - 00000253 ____A C:\rkill.log
2012-06-22 16:27 - 2012-06-22 20:07 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-22 05:10 - 2012-06-22 05:10 - 00002147 ____A C:\Users\Mitch\Documents\garrett pi.rtf
2012-06-21 20:07 - 2012-06-21 20:43 - 00000000 ____D C:\Users\Mitch\Downloads\Seeking Justice (2011)
2012-06-21 20:02 - 2012-06-21 20:23 - 00000000 ____D C:\Users\Mitch\Downloads\Superman vs The Elite (2012) DVDRip
2012-06-21 17:03 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-06-21 04:34 - 2012-06-21 04:34 - 00000745 ____A C:\Users\Mitch\Documents\hijackthis warning.rtf
2012-06-21 04:22 - 2012-06-21 04:22 - 00607260 ____R (Swearware) C:\Users\Mitch\Desktop\dds.com
2012-06-21 04:21 - 2012-06-21 04:21 - 00388608 ____A (Trend Micro Inc.) C:\Users\Mitch\Desktop\HijackThis.exe
2012-06-21 04:09 - 2012-06-21 04:09 - 04563474 ____A (Swearware) C:\Users\Mitch\Desktop\Gotcha.exe
2012-06-20 19:46 - 2012-06-02 13:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-20 19:46 - 2012-06-02 13:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-18 06:19 - 2012-06-21 20:07 - 00000000 ____D C:\Users\Mitch\Downloads\The Six-Figure Second Income - How To Start and Grow A Successful Online Business Without Quitting Your Day Job (Pdf,Epub,Mobi) -Mantesh
2012-06-18 06:01 - 2012-06-18 06:03 - 00000000 ____D C:\Users\Mitch\Downloads\Secrets Of Self Made Millionaires
2012-06-18 05:16 - 2012-06-18 05:16 - 00000000 ____D C:\Users\Mitch\Downloads\true.blood.s05e02.hdtv.x264-asap
2012-06-17 08:09 - 2012-06-17 14:36 - 00000000 ____D C:\Users\Mitch\Downloads\Doctor.Who.2005.S01.576p.PAL-DVD.AAC2.0.H.264-TheSponge
2012-06-17 07:13 - 2012-06-21 20:07 - 00000000 ____D C:\Users\Mitch\Downloads\John Carter (2012) 720p BRrip scOrp {~dude7001~}
2012-06-16 12:43 - 2012-06-16 12:43 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-16 12:28 - 2012-06-16 12:28 - 00000000 ____D C:\Windows\Sun
2012-06-16 11:08 - 2012-06-16 11:08 - 00277216 ____A C:\Windows\Minidump\061612-41371-01.dmp
2012-06-15 19:28 - 2012-06-15 19:28 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-15 19:28 - 2012-06-15 19:28 - 00000000 ____D C:\Users\Mitch\AppData\Roaming\Malwarebytes
2012-06-15 19:28 - 2012-06-15 19:28 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-15 19:28 - 2012-06-15 19:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-15 19:28 - 2012-04-04 13:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-12 15:59 - 2012-05-14 20:01 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-12 15:59 - 2012-05-14 19:59 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-12 15:59 - 2012-05-14 19:03 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-12 15:59 - 2012-05-14 19:00 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-12 15:59 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-12 15:59 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-12 15:59 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-12 15:59 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-12 15:59 - 2012-04-19 21:42 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-12 15:59 - 2012-04-19 21:42 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-12 15:59 - 2012-04-19 21:42 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-12 15:59 - 2012-04-19 21:42 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-12 15:59 - 2012-04-19 21:42 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-12 15:59 - 2012-04-19 21:42 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-12 15:59 - 2012-04-19 21:42 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-12 15:59 - 2012-04-19 21:42 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-12 15:59 - 2012-04-19 21:00 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-12 15:59 - 2012-04-19 21:00 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-12 15:59 - 2012-04-19 20:57 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-12 15:59 - 2012-04-19 20:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-12 15:59 - 2012-04-19 20:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-12 15:59 - 2012-04-19 20:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-12 15:59 - 2012-04-19 20:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-12 15:59 - 2012-04-19 20:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-12 15:59 - 2012-04-19 19:45 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-12 15:59 - 2012-04-19 19:16 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-12 15:59 - 2012-04-16 21:31 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-12 15:59 - 2012-04-16 20:34 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-12 15:58 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 15:58 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-12 15:58 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-12 15:58 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-12 15:58 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-12 15:58 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-12 15:58 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-12 15:58 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-12 15:58 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-12 15:58 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-11 16:36 - 2012-06-11 16:45 - 00000000 ____D C:\Users\Mitch\Downloads\Faster
2012-06-11 04:21 - 2012-06-21 20:07 - 00000000 ____D C:\Users\Mitch\Downloads\Download @ Superseeds.Org True.Blood.S05E01.HDTV.x264-ASAP[ss]
2012-06-10 12:10 - 2012-06-10 12:10 - 00000000 ____D C:\Users\Public\Documents\sun
2012-06-10 12:09 - 2012-06-10 12:09 - 00001168 ____A C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
2012-06-10 12:05 - 2012-06-10 12:05 - 00000000 ____D C:\Users\Mitch\Desktop\OpenOffice.org 3.4 (en-US) Installation Files
2012-06-01 17:18 - 2012-06-09 15:59 - 00000000 ____D C:\Users\Mitch\Desktop\Hatfields and McCoys

============ 3 Months Modified Files and Folders =============
2012-06-28 09:53 - 2012-06-28 09:53 - 00000000 ____D C:\FRST
2012-06-28 07:48 - 2010-11-22 21:20 - 01904967 ____A C:\Windows\WindowsUpdate.log
2012-06-28 07:48 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-28 07:48 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-28 07:44 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-28 07:43 - 2009-07-13 20:51 - 00046625 ____A C:\Windows\setupact.log
2012-06-28 07:39 - 2011-01-29 15:42 - 00000000 ____D C:\Users\Mitch\AppData\Roaming\uTorrent
2012-06-28 07:37 - 2012-06-28 07:37 - 00001870 ____A C:\Users\Mitch\Desktop\repairtools.txt
2012-06-28 07:35 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-28 07:25 - 2011-03-03 22:07 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-06-28 07:24 - 2011-03-03 21:44 - 00000000 ____D C:\Users\All Users\MFAData
2012-06-28 06:43 - 2012-01-28 11:14 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-957343538-1582870690-1857239576-1002UA.job
2012-06-28 06:40 - 2012-04-21 04:57 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-28 05:24 - 2012-06-28 05:24 - 00017951 ____A C:\Users\Mitch\Desktop\DDS.txt
2012-06-28 05:24 - 2012-06-28 05:24 - 00012432 ____A C:\Users\Mitch\Desktop\Attach.txt
2012-06-28 05:20 - 2012-06-28 05:20 - 00011625 ____A C:\Users\Mitch\Desktop\hijackthis.log
2012-06-28 05:19 - 2012-06-28 05:18 - 00000000 ____D C:\Users\Mitch\Desktop\Virus logs 1
2012-06-28 03:43 - 2012-06-28 03:43 - 00001500 ____A C:\Users\Mitch\Documents\Obit.rtf
2012-06-27 16:22 - 2012-06-27 16:22 - 00025561 ____A C:\Users\Mitch\Documents\Dad'1.odt
2012-06-27 14:39 - 2012-06-27 14:39 - 00017541 ____A C:\Users\Mitch\Documents\Dad.odt
2012-06-27 13:43 - 2012-01-28 11:14 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-957343538-1582870690-1857239576-1002Core.job
2012-06-25 17:38 - 2012-06-25 17:36 - 00000000 ____D C:\Users\Mitch\Downloads\True Blood
2012-06-23 14:00 - 2011-01-31 09:01 - 00030332 ____A C:\Users\Mitch\Documents\Budget.ods
2012-06-22 21:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-22 20:07 - 2012-06-22 16:27 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-22 20:07 - 2011-03-06 20:47 - 00000000 ____D C:\Users\Mitch\Documents\software
2012-06-22 20:07 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-06-22 20:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-06-22 18:40 - 2012-04-21 04:57 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-22 18:40 - 2011-06-29 06:03 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-22 18:09 - 2011-01-29 10:32 - 00000000 ____D C:\users\Mitch
2012-06-22 17:10 - 2012-06-22 17:10 - 00000253 ____A C:\rkill.log
2012-06-22 05:10 - 2012-06-22 05:10 - 00002147 ____A C:\Users\Mitch\Documents\garrett pi.rtf
2012-06-21 20:43 - 2012-06-21 20:07 - 00000000 ____D C:\Users\Mitch\Downloads\Seeking Justice (2011)
2012-06-21 20:23 - 2012-06-21 20:02 - 00000000 ____D C:\Users\Mitch\Downloads\Superman vs The Elite (2012) DVDRip
2012-06-21 20:07 - 2012-06-18 06:19 - 00000000 ____D C:\Users\Mitch\Downloads\The Six-Figure Second Income - How To Start and Grow A Successful Online Business Without Quitting Your Day Job (Pdf,Epub,Mobi) -Mantesh
2012-06-21 20:07 - 2012-06-17 07:13 - 00000000 ____D C:\Users\Mitch\Downloads\John Carter (2012) 720p BRrip scOrp {~dude7001~}
2012-06-21 20:07 - 2012-06-11 04:21 - 00000000 ____D C:\Users\Mitch\Downloads\Download @ Superseeds.Org True.Blood.S05E01.HDTV.x264-ASAP[ss]
2012-06-21 17:32 - 2010-10-15 09:53 - 00537158 ____A C:\Windows\PFRO.log
2012-06-21 17:10 - 2012-02-18 11:25 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-21 17:02 - 2012-03-01 18:53 - 00000000 ____D C:\Users\All Users\IBUpdaterService
2012-06-21 04:34 - 2012-06-21 04:34 - 00000745 ____A C:\Users\Mitch\Documents\hijackthis warning.rtf
2012-06-21 04:27 - 2011-01-29 10:32 - 00000000 ____D C:\Users\Mitch\AppData\Local\VirtualStore
2012-06-21 04:22 - 2012-06-21 04:22 - 00607260 ____R (Swearware) C:\Users\Mitch\Desktop\dds.com
2012-06-21 04:21 - 2012-06-21 04:21 - 00388608 ____A (Trend Micro Inc.) C:\Users\Mitch\Desktop\HijackThis.exe
2012-06-21 04:09 - 2012-06-21 04:09 - 04563474 ____A (Swearware) C:\Users\Mitch\Desktop\Gotcha.exe
2012-06-18 06:03 - 2012-06-18 06:01 - 00000000 ____D C:\Users\Mitch\Downloads\Secrets Of Self Made Millionaires
2012-06-18 05:16 - 2012-06-18 05:16 - 00000000 ____D C:\Users\Mitch\Downloads\true.blood.s05e02.hdtv.x264-asap
2012-06-17 14:36 - 2012-06-17 08:09 - 00000000 ____D C:\Users\Mitch\Downloads\Doctor.Who.2005.S01.576p.PAL-DVD.AAC2.0.H.264-TheSponge
2012-06-16 12:43 - 2012-06-16 12:43 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-16 12:28 - 2012-06-16 12:28 - 00000000 ____D C:\Windows\Sun
2012-06-16 11:08 - 2012-06-16 11:08 - 00277216 ____A C:\Windows\Minidump\061612-41371-01.dmp
2012-06-16 11:08 - 2012-05-13 13:04 - 266664664 ____A C:\Windows\MEMORY.DMP
2012-06-16 11:08 - 2012-05-13 13:04 - 00000000 ____D C:\Windows\Minidump
2012-06-16 11:08 - 2009-07-13 21:08 - 00032600 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-15 19:28 - 2012-06-15 19:28 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-15 19:28 - 2012-06-15 19:28 - 00000000 ____D C:\Users\Mitch\AppData\Roaming\Malwarebytes
2012-06-15 19:28 - 2012-06-15 19:28 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-15 19:28 - 2012-06-15 19:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-13 04:13 - 2011-01-29 10:34 - 00064312 ____A C:\Users\Mitch\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-13 01:34 - 2009-07-13 20:45 - 00295584 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 01:12 - 2012-05-09 01:14 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-06-13 01:10 - 2011-02-01 22:40 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-11 21:45 - 2012-01-28 11:15 - 00002409 ____A C:\Users\Mitch\Desktop\Google Chrome.lnk
2012-06-11 16:45 - 2012-06-11 16:36 - 00000000 ____D C:\Users\Mitch\Downloads\Faster
2012-06-11 04:22 - 2012-01-30 06:08 - 00000000 ____D C:\Users\Mitch\Desktop\Movies
2012-06-11 04:22 - 2011-10-15 09:51 - 00000000 ____D C:\Users\Mitch\Desktop\Young Justice
2012-06-10 15:20 - 2011-04-17 19:15 - 00000000 ____D C:\Users\Mitch\Desktop\Game of Thrones
2012-06-10 12:10 - 2012-06-10 12:10 - 00000000 ____D C:\Users\Public\Documents\sun
2012-06-10 12:09 - 2012-06-10 12:09 - 00001168 ____A C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
2012-06-10 12:09 - 2011-01-29 11:45 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2012-06-10 12:05 - 2012-06-10 12:05 - 00000000 ____D C:\Users\Mitch\Desktop\OpenOffice.org 3.4 (en-US) Installation Files
2012-06-09 15:59 - 2012-06-01 17:18 - 00000000 ____D C:\Users\Mitch\Desktop\Hatfields and McCoys
2012-06-02 14:19 - 2012-06-22 18:14 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 18:14 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 18:14 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 18:13 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 18:13 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-22 18:14 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-22 18:13 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 13:19 - 2012-06-20 19:46 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 13:15 - 2012-06-20 19:46 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:28 - 2012-03-27 18:42 - 00000000 ____D C:\Users\Mitch\Desktop\The Legend of Korra
2012-06-02 04:26 - 2011-11-13 18:35 - 00000000 ____D C:\Users\Mitch\Desktop\Green Lantern TAS
2012-05-27 06:53 - 2012-05-22 21:10 - 00000000 ____D C:\Users\Mitch\Desktop\Lost Girl Season 1 and 2
2012-05-26 04:44 - 2011-09-25 06:53 - 00001189 ____A C:\Users\Mitch\AppData\Roaming\vso_ts_preview.xml
2012-05-26 04:44 - 2011-09-25 06:53 - 00000000 ____D C:\Users\Mitch\AppData\Roaming\Vso
2012-05-25 20:48 - 2011-12-10 22:04 - 00000000 ____D C:\Users\Mitch\Documents\ConvertXToDVD
2012-05-21 04:14 - 2012-02-02 19:44 - 00000000 ____D C:\Users\Mitch\Desktop\Archer
2012-05-21 04:11 - 2011-11-08 21:04 - 00000000 ____D C:\Users\Mitch\Desktop\Robot Chicken Season 5
2012-05-20 14:15 - 2011-09-27 19:24 - 00000000 ____D C:\Users\Mitch\Desktop\Dexter
2012-05-20 14:15 - 2011-09-07 18:34 - 00000000 ____D C:\Users\Mitch\Desktop\Sons of Anarchy
2012-05-20 14:15 - 2011-07-30 06:59 - 00000000 ____D C:\Users\Mitch\Desktop\True Blood
2012-05-20 14:14 - 2011-11-24 05:13 - 00000000 ____D C:\Users\Mitch\Desktop\The Walking Dead
2012-05-20 14:13 - 2011-02-10 18:10 - 00000000 ____D C:\Users\Mitch\Desktop\Justified
2012-05-20 10:37 - 2011-01-29 12:13 - 00000000 ____D C:\Users\Mitch\Desktop\shortcuts
2012-05-20 10:25 - 2011-12-31 08:04 - 00000000 ____D C:\Users\Mitch\Documents\Books
2012-05-19 01:01 - 2012-05-19 01:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-19 01:01 - 2012-05-19 01:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-14 20:01 - 2012-06-12 15:59 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:59 - 2012-06-12 15:59 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:03 - 2012-06-12 15:59 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:00 - 2012-06-12 15:59 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-14 17:32 - 2012-06-12 15:58 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-13 13:04 - 2012-05-13 13:04 - 00277216 ____A C:\Windows\Minidump\051312-44148-01.dmp
2012-05-12 07:38 - 2011-06-22 19:43 - 00000000 ___HD C:\$AVG
2012-05-12 05:11 - 2012-05-12 05:08 - 00000000 ____D C:\Users\Mitch\Downloads\fringe422
2012-05-09 04:27 - 2012-05-09 04:24 - 00006987 ____A C:\Users\Mitch\Documents\Geeky insults.rtf
2012-05-09 01:00 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-08 05:07 - 2011-12-31 11:19 - 00000000 ____D C:\Users\Mitch\Documents\New Books
2012-05-07 04:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-04-30 21:40 - 2012-06-12 15:59 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-12 15:58 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-12 15:59 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-12 15:59 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-12 15:59 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 17:19 - 2012-04-25 17:19 - 00000000 ____D C:\Program Files (x86)\GamingWonderland
2012-04-25 08:13 - 2012-04-25 08:13 - 00000000 ____D C:\Users\Mitch\Documents\Instruction_for_fixing_your_player_problems
2012-04-24 17:58 - 2012-04-24 17:58 - 00000000 ____D C:\Users\Mitch\AppData\Roaming\Media Player Classic
2012-04-24 17:48 - 2012-04-24 17:44 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-04-24 17:47 - 2010-10-15 09:44 - 00204595 ____A C:\Windows\DirectX.log
2012-04-24 17:46 - 2010-11-22 21:43 - 00000000 ___HD C:\Windows\msdownld.tmp
2012-04-24 17:42 - 2012-04-24 17:42 - 00000000 ____D C:\Program Files\Media Player Classic - Home Cinema
2012-04-23 21:37 - 2012-06-12 15:58 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-12 15:58 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-12 15:58 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-12 15:58 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-12 15:58 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-12 15:58 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 16:56 - 2011-09-27 17:51 - 00000000 ____D C:\Users\All Users\AVG2012
2012-04-23 16:53 - 2009-07-13 19:20 - 00000000 ___AD C:\Windows\System32\sysprep
2012-04-21 11:14 - 2011-12-31 08:02 - 00000000 ____D C:\Users\Mitch\Documents\Images
2012-04-21 06:34 - 2011-01-29 12:11 - 00000000 ____D C:\Program Files\DivX
2012-04-21 06:34 - 2011-01-29 12:05 - 00000000 ____D C:\Program Files (x86)\DivX
2012-04-21 06:34 - 2011-01-29 12:04 - 00000000 ____D C:\Users\All Users\DivX
2012-04-21 06:26 - 2011-03-31 11:09 - 00000000 ____D C:\Program Files (x86)\InstaCodecs
2012-04-19 21:42 - 2012-06-12 15:59 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-19 21:42 - 2012-06-12 15:59 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-19 21:42 - 2012-06-12 15:59 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-19 21:42 - 2012-06-12 15:59 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-19 21:42 - 2012-06-12 15:59 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-19 21:42 - 2012-06-12 15:59 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-19 21:42 - 2012-06-12 15:59 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-19 21:42 - 2012-06-12 15:59 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-19 21:00 - 2012-06-12 15:59 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-19 21:00 - 2012-06-12 15:59 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-19 20:57 - 2012-06-12 15:59 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-19 20:57 - 2012-06-12 15:59 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-19 20:57 - 2012-06-12 15:59 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-19 20:56 - 2012-06-12 15:59 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-19 20:56 - 2012-06-12 15:59 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-19 20:56 - 2012-06-12 15:59 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-19 19:45 - 2012-06-12 15:59 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-19 19:16 - 2012-06-12 15:59 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-19 02:50 - 2012-04-19 02:50 - 00028480 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
2012-04-16 21:31 - 2012-06-12 15:59 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-16 20:34 - 2012-06-12 15:59 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-07 04:31 - 2012-06-12 15:58 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-12 15:58 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-05 06:27 - 2012-04-05 06:27 - 00016432 ____A C:\Users\Mitch\Documents\Workout.ods
2012-04-04 18:41 - 2011-12-31 11:18 - 00000000 ____D C:\Users\Mitch\AppData\Roaming\calibre
2012-04-04 18:36 - 2011-02-01 07:37 - 00000000 ____D C:\Users\Mitch\Documents\Business
2012-04-04 17:09 - 2012-04-04 17:09 - 00000000 ____D C:\Users\Mitch\AppData\Local\Conexant
2012-04-04 17:09 - 2012-04-04 17:09 - 00000000 ____D C:\Users\All Users\Conexant
2012-04-04 13:56 - 2012-06-15 19:28 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 04:20 - 2012-01-25 04:53 - 00000000 ____D C:\Users\Mitch\Desktop\Shameless
ZeroAccess:
C:\Windows\Installer\{626cd329-29cf-3db4-cbcc-f7ac18480fe1}
C:\Windows\Installer\{626cd329-29cf-3db4-cbcc-f7ac18480fe1}\@
C:\Windows\Installer\{626cd329-29cf-3db4-cbcc-f7ac18480fe1}\L
C:\Windows\Installer\{626cd329-29cf-3db4-cbcc-f7ac18480fe1}\U
C:\Windows\Installer\{626cd329-29cf-3db4-cbcc-f7ac18480fe1}\U\[email protected]
C:\Windows\Installer\{626cd329-29cf-3db4-cbcc-f7ac18480fe1}\U\[email protected]
C:\Windows\Installer\{626cd329-29cf-3db4-cbcc-f7ac18480fe1}\U\[email protected]
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ====================== 
Percentage of memory in use: 20%
Total physical RAM: 2939.98 MB
Available physical RAM: 2346.18 MB
Total Pagefile: 2938.18 MB
Available Pagefile: 2334.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: (TI106034W0C) (Fixed) (Total:221.24 GB) (Free:59.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.24 GB) (Free:0 GB) UDF
4 Drive f: () (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B 
Disk 1 Online 1930 MB 0 B 
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 221 GB 1501 MB
Partition 3 Primary 10 GB 222 GB
======================================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden 
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI106034W0C NTFS Partition 221 GB Healthy 
======================================================================================================
Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No
There is no volume associated with this partition.
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1930 MB 16 KB
======================================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 1930 MB Healthy 
======================================================================================================
==========================================================
TDL4: custom:26000022 <===== ATTENTION!

==========================================================
Last Boot: 2012-06-27 22:58
======================= End Of Log ==========================


----------



## kevinf80 (Mar 21, 2006)

OK, do the following:

Boot to System Recovery Environment and run FRST as you did to get the log.

Type the following in the edit box after "Search:".

*services.exe*

It then should look like:










Click Search button and post the log (Search.txt) it makes to your reply.
To do a search:

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to BartPe and run FRST.
Type the following in the edit box after "Search:".

*services.exe*

It then should look like:










Click *Search* button and post the log (Search.txt) it makes to your reply.

Kevin


----------



## MTeague (Jun 21, 2012)

Here is the results of the search in FRST64:

Farbar Recovery Scan Tool Version: 25-06-2012
Ran by SYSTEM at 2012-06-28 15:04:14
Running from F:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======


----------



## kevinf80 (Mar 21, 2006)

Thanks for the log, do the following:

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as *fixlist.txt*


```
start
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{626cd329-29cf-3db4-cbcc-f7ac18480fe1}
C:\Windows\System32\%APPDATA%
TDL4: custom:26000022 <===== ATTENTION!
end
```
Now please enter System Recovery Options as you did to get the log.

Run *FRST64 or FRST* and press the *Fix* button just *once* and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next,

Boot to normal windows and do the following:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

*Link 1*
*Link 2*


 Ensure that Combofix is saved directly to the Desktop * <--- Very important*

 Disable all security programs as they will have a negative effect on Combofix, instructions available *Here* if required. Be aware the list may not have all programs listed, if you need more help please ask.

 Close any open browsers and any other programs you might have running

 Double click the







icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 Instructions for running Combofix available *Here* if required.

 If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

*******Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze* ******

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read *Here* why disabling autoruns is recommended.

*EXTRA NOTES*

 If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
 *If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal*
 If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the logs in next reply please...

Kevin


----------



## MTeague (Jun 21, 2012)

Ok, before I post the logs, a couple of issues.
1. I disabled the resident shield on AVG before starting combofix, and yet I still got the warning that it was running, before I hit ok on the warning, I right-clicked on the AVG icon and selected disable protection (until reboot). It is still showing as active in the combofix log. I have no idea why.
2. Now, the computer we are trying to fix will not run several programs, including notepad and internet explorer. When I try to open explorer, this is the error I get:
C:\Program files (x86)\internet explorer\iexplore.exe
Illegal operation attempted on a registry key that has been marked for deletion

The message I get for Notepad is very similar, simply identifying the notepad program rather than IE.

Have I messed it up for good?

Anyway, here are the logs:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-06-2012
Ran by SYSTEM at 2012-06-28 16:38:58 Run:1
Running from F:\
==============================================
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{626cd329-29cf-3db4-cbcc-f7ac18480fe1} moved successfully.
C:\Windows\System32\%APPDATA% moved successfully.
The operation completed successfully.
The operation completed successfully.
==== End of Fixlog ====

ComboFix 12-06-28.03 - Mitch 06/28/2012 16:51:31.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.2051 [GMT -6:00]
Running from: c:\users\Mitch\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\DailyFitnessCenter_53EI
c:\users\Mitch\AppData\Roaming\vso_ts_preview.xml
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\svchost.exe
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))
.
.
2012-06-28 17:53 . 2012-06-28 17:54 -------- d-----w- C:\FRST
2012-06-23 02:14 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 02:14 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 02:14 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 02:14 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 02:13 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 02:13 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 02:13 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 00:27 . 2012-06-23 04:07 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-21 03:46 . 2012-06-02 21:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 03:46 . 2012-06-02 21:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-16 20:28 . 2012-06-16 20:28 -------- d-----w- c:\windows\Sun
2012-06-16 03:28 . 2012-06-16 03:28 -------- d-----w- c:\users\Mitch\AppData\Roaming\Malwarebytes
2012-06-16 03:28 . 2012-06-16 03:28 -------- d-----w- c:\programdata\Malwarebytes
2012-06-16 03:28 . 2012-06-16 03:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-16 03:28 . 2012-04-04 21:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 23:58 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 23:58 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-12 23:58 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-12 23:58 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 23:58 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-12 23:58 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 23:58 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 23:58 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-12 23:58 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-12 23:58 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 02:40 . 2012-04-21 12:57 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 02:40 . 2011-06-29 14:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 10:50 . 2012-04-19 10:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-22 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"B Register c:\program files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]
"B Register c:\program files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]
"B Register c:\program files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]
"B Register c:\program files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]
.
c:\users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-4-19 1199104]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 232992]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-31 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-05 75816]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 02:40]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-957343538-1582870690-1857239576-1002Core.job
- c:\users\Mitch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-28 19:14]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-957343538-1582870690-1857239576-1002UA.job
- c:\users\Mitch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-28 19:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{de6c5f41-7812-41c4-8a87-30f0bfbe0a3e} - c:\program files (x86)\DailyFitnessCenter_53\bar\1.bin\53SrcAs.dll
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-06-28 17:08:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-28 23:08
.
Pre-Run: 67,762,651,136 bytes free
Post-Run: 69,424,754,688 bytes free
.
- - End Of File - - 476DB0AE71CE5DDED5A5044FF46B1748


----------



## kevinf80 (Mar 21, 2006)

If you read the extra notes in the Combofix instructions you`ll see that I did warn of illegal registry key operations and what to do.

Combofix is still indicating that you have a nasty Rootkit infection, please read the following before we go any further:

IMPORTANT NOTE: One or more of the identified infections was related to a rootkit component. *Rootkits* and *Backdoor Trojans* are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read *"How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?"*

Although we MIGHT be able to remove the rootkit, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that IF the rootkit can be removed the computer will then be secure.

In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

 *"When should I re-format? How should I reinstall?"*
 *"Help: I Got Hacked. Now What Do I Do?"*
 *"Where to draw the line? When to recommend a format and reinstall?"*

Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful.

If you wish to proceed continue as follows :-

*Please read carefully and follow these steps.*

Download *TDSSKiller* and save it to your Desktop.

Doubleclick on







to run the application.

The "Ready to scan" window will open, Click on* "Change parameters"*










Place a checkmark next to Verify *Driver Digital Signature* and *Detect TDLFS file system*, (Leave "Service & Drivers" and "Boot Sectors" ticked. Click OK.










Select "Start Scan"










If an infected file is detected, the default action will be *Cure*, click on *Continue.*










If a suspicious file is detected, the default action will be *Skip*, click on *Continue.*










It may ask you to reboot the computer to complete the process. Click on *Reboot Now*.










If no reboot is require, click on *Report*. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*". Please copy and paste the contents of that file here.

Kevin


----------



## MTeague (Jun 21, 2012)

I apologize, didn't read the last sentence of those instructions. Here is my plan, I am going to spend a little time getting some of the information off of my computer that I don't have copies of elsewhere, scanning them for bugs, and then I want to go ahead with a complete wipe/reformat.

Possible problem: I do not have a windows disk, my computer didn't come with it. I do have another pc that uses windows 7, but it didn't come with a disk either. So, what do I need to do?


----------



## kevinf80 (Mar 21, 2006)

If you have no Installation CD then your options are not good, the rootkit indicated is hidden on partition 3, but does not show as active, Run TDSSKiller, post its log and lets see where we`re at...


----------



## MTeague (Jun 21, 2012)

10:27:46.0306 2404 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
10:27:46.0837 2404 ============================================================
10:27:46.0837 2404 Current date / time: 2012/06/29 10:27:46.0837
10:27:46.0837 2404 SystemInfo:
10:27:46.0837 2404 
10:27:46.0837 2404 OS Version: 6.1.7601 ServicePack: 1.0
10:27:46.0837 2404 Product type: Workstation
10:27:46.0837 2404 ComputerName: MITCH-PC
10:27:46.0837 2404 UserName: Mitch
10:27:46.0837 2404 Windows directory: C:\windows
10:27:46.0837 2404 System windows directory: C:\windows
10:27:46.0837 2404 Running under WOW64
10:27:46.0837 2404 Processor architecture: Intel x64
10:27:46.0837 2404 Number of processors: 1
10:27:46.0837 2404 Page size: 0x1000
10:27:46.0837 2404 Boot type: Normal boot
10:27:46.0837 2404 ============================================================
10:27:47.0648 2404 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:27:47.0648 2404 ============================================================
10:27:47.0648 2404 \Device\Harddisk0\DR0:
10:27:47.0648 2404 MBR partitions:
10:27:47.0648 2404 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BA79000
10:27:47.0648 2404 ============================================================
10:27:47.0679 2404 C: <-> \Device\Harddisk0\DR0\Partition0
10:27:47.0679 2404 ============================================================
10:27:47.0679 2404 Initialize success
10:27:47.0679 2404 ============================================================
10:28:17.0023 4524 ============================================================
10:28:17.0023 4524 Scan started
10:28:17.0023 4524 Mode: Manual; SigCheck; TDLFS; 
10:28:17.0023 4524 ============================================================
10:28:18.0676 4524 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
10:28:18.0863 4524 !SASCORE - ok
10:28:19.0097 4524 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
10:28:19.0253 4524 1394ohci - ok
10:28:19.0316 4524 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
10:28:19.0331 4524 ACPI - ok
10:28:19.0378 4524 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
10:28:19.0487 4524 AcpiPmi - ok
10:28:19.0628 4524 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:28:19.0643 4524 AdobeFlashPlayerUpdateSvc - ok
10:28:19.0721 4524 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
10:28:19.0753 4524 adp94xx - ok
10:28:19.0846 4524 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
10:28:19.0862 4524 adpahci - ok
10:28:19.0909 4524 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
10:28:19.0924 4524 adpu320 - ok
10:28:20.0018 4524 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
10:28:20.0158 4524 AeLookupSvc - ok
10:28:20.0236 4524 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
10:28:20.0330 4524 AFD - ok
10:28:20.0377 4524 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
10:28:20.0392 4524 agp440 - ok
10:28:20.0423 4524 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
10:28:20.0455 4524 ALG - ok
10:28:20.0501 4524 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
10:28:20.0517 4524 aliide - ok
10:28:20.0533 4524 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
10:28:20.0548 4524 amdide - ok
10:28:20.0595 4524 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
10:28:20.0657 4524 AmdK8 - ok
10:28:20.0689 4524 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
10:28:20.0735 4524 AmdPPM - ok
10:28:20.0798 4524 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
10:28:20.0813 4524 amdsata - ok
10:28:20.0845 4524 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
10:28:20.0876 4524 amdsbs - ok
10:28:20.0891 4524 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
10:28:20.0907 4524 amdxata - ok
10:28:20.0954 4524 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
10:28:21.0188 4524 AppID - ok
10:28:21.0219 4524 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
10:28:21.0297 4524 AppIDSvc - ok
10:28:21.0359 4524 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
10:28:21.0437 4524 Appinfo - ok
10:28:21.0515 4524 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
10:28:21.0531 4524 arc - ok
10:28:21.0547 4524 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
10:28:21.0578 4524 arcsas - ok
10:28:21.0593 4524 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
10:28:21.0671 4524 AsyncMac - ok
10:28:21.0703 4524 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
10:28:21.0718 4524 atapi - ok
10:28:21.0827 4524 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\windows\system32\DRIVERS\athrx.sys
10:28:21.0937 4524 athr - ok
10:28:22.0093 4524 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
10:28:22.0186 4524 AudioEndpointBuilder - ok
10:28:22.0186 4524 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
10:28:22.0233 4524 AudioSrv - ok
10:28:22.0561 4524 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
10:28:22.0810 4524 AVGIDSAgent - ok
10:28:22.0966 4524 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys
10:28:23.0013 4524 AVGIDSDriver - ok
10:28:23.0044 4524 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys
10:28:23.0060 4524 AVGIDSFilter - ok
10:28:23.0122 4524 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys
10:28:23.0138 4524 AVGIDSHA - ok
10:28:23.0200 4524 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys
10:28:23.0231 4524 Avgldx64 - ok
10:28:23.0294 4524 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys
10:28:23.0294 4524 Avgmfx64 - ok
10:28:23.0341 4524 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys
10:28:23.0341 4524 Avgrkx64 - ok
10:28:23.0403 4524 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys
10:28:23.0450 4524 Avgtdia - ok
10:28:23.0559 4524 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
10:28:23.0575 4524 avgwd - ok
10:28:23.0653 4524 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
10:28:23.0793 4524 AxInstSV - ok
10:28:23.0855 4524 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
10:28:23.0933 4524 b06bdrv - ok
10:28:23.0996 4524 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
10:28:24.0074 4524 b57nd60a - ok
10:28:24.0167 4524 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
10:28:24.0230 4524 BDESVC - ok
10:28:24.0261 4524 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
10:28:24.0308 4524 Beep - ok
10:28:24.0417 4524 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
10:28:24.0495 4524 BFE - ok
10:28:24.0557 4524 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
10:28:24.0682 4524 BITS - ok
10:28:24.0729 4524 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
10:28:24.0776 4524 blbdrive - ok
10:28:24.0807 4524 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
10:28:24.0885 4524 bowser - ok
10:28:24.0901 4524 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
10:28:24.0947 4524 BrFiltLo - ok
10:28:24.0994 4524 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
10:28:25.0041 4524 BrFiltUp - ok
10:28:25.0072 4524 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
10:28:25.0135 4524 BridgeMP - ok
10:28:25.0181 4524 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
10:28:25.0228 4524 Browser - ok
10:28:25.0259 4524 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
10:28:25.0322 4524 Brserid - ok
10:28:25.0353 4524 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
10:28:25.0400 4524 BrSerWdm - ok
10:28:25.0431 4524 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
10:28:25.0462 4524 BrUsbMdm - ok
10:28:25.0493 4524 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
10:28:25.0540 4524 BrUsbSer - ok
10:28:25.0556 4524 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
10:28:25.0603 4524 BTHMODEM - ok
10:28:25.0649 4524 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
10:28:25.0727 4524 bthserv - ok
10:28:25.0759 4524 catchme - ok
10:28:25.0790 4524 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
10:28:25.0852 4524 cdfs - ok
10:28:25.0915 4524 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
10:28:25.0961 4524 cdrom - ok
10:28:26.0024 4524 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
10:28:26.0117 4524 CertPropSvc - ok
10:28:26.0164 4524 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
10:28:26.0211 4524 circlass - ok
10:28:26.0258 4524 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
10:28:26.0289 4524 CLFS - ok
10:28:26.0336 4524 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:28:26.0351 4524 clr_optimization_v2.0.50727_32 - ok
10:28:26.0429 4524 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:28:26.0445 4524 clr_optimization_v2.0.50727_64 - ok
10:28:26.0507 4524 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:28:26.0523 4524 clr_optimization_v4.0.30319_32 - ok
10:28:26.0570 4524 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:28:26.0585 4524 clr_optimization_v4.0.30319_64 - ok
10:28:26.0679 4524 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
10:28:26.0710 4524 CmBatt - ok
10:28:26.0757 4524 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
10:28:26.0773 4524 cmdide - ok
10:28:26.0835 4524 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
10:28:26.0913 4524 CNG - ok
10:28:26.0975 4524 CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\windows\system32\drivers\CHDRT64.sys
10:28:27.0022 4524 CnxtHdAudService - ok
10:28:27.0069 4524 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
10:28:27.0085 4524 Compbatt - ok
10:28:27.0116 4524 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
10:28:27.0163 4524 CompositeBus - ok
10:28:27.0225 4524 COMSysApp - ok
10:28:27.0241 4524 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
10:28:27.0256 4524 crcdisk - ok
10:28:27.0319 4524 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
10:28:27.0350 4524 CryptSvc - ok
10:28:27.0412 4524 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
10:28:27.0506 4524 DcomLaunch - ok
10:28:27.0553 4524 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
10:28:27.0631 4524 defragsvc - ok
10:28:27.0709 4524 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
10:28:27.0771 4524 DfsC - ok
10:28:27.0833 4524 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
10:28:27.0911 4524 Dhcp - ok
10:28:27.0958 4524 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
10:28:28.0036 4524 discache - ok
10:28:28.0083 4524 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
10:28:28.0099 4524 Disk - ok
10:28:28.0145 4524 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
10:28:28.0208 4524 Dnscache - ok
10:28:28.0270 4524 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
10:28:28.0348 4524 dot3svc - ok
10:28:28.0411 4524 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
10:28:28.0473 4524 DPS - ok
10:28:28.0504 4524 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
10:28:28.0551 4524 drmkaud - ok
10:28:28.0645 4524 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
10:28:28.0691 4524 DXGKrnl - ok
10:28:28.0723 4524 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
10:28:28.0785 4524 EapHost - ok
10:28:28.0941 4524 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
10:28:29.0066 4524 ebdrv - ok
10:28:29.0191 4524 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
10:28:29.0269 4524 EFS - ok
10:28:29.0378 4524 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
10:28:29.0456 4524 ehRecvr - ok
10:28:29.0503 4524 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
10:28:29.0518 4524 ehSched - ok
10:28:29.0596 4524 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
10:28:29.0627 4524 elxstor - ok
10:28:29.0674 4524 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
10:28:29.0721 4524 ErrDev - ok
10:28:29.0783 4524 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
10:28:29.0861 4524 EventSystem - ok
10:28:29.0908 4524 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
10:28:29.0971 4524 exfat - ok
10:28:30.0002 4524 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
10:28:30.0080 4524 fastfat - ok
10:28:30.0158 4524 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
10:28:30.0251 4524 Fax - ok
10:28:30.0298 4524 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
10:28:30.0345 4524 fdc - ok
10:28:30.0392 4524 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
10:28:30.0454 4524 fdPHost - ok
10:28:30.0485 4524 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
10:28:30.0548 4524 FDResPub - ok
10:28:30.0579 4524 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
10:28:30.0595 4524 FileInfo - ok
10:28:30.0610 4524 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
10:28:30.0688 4524 Filetrace - ok
10:28:30.0719 4524 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
10:28:30.0735 4524 flpydisk - ok
10:28:30.0797 4524 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
10:28:30.0813 4524 FltMgr - ok
10:28:30.0891 4524 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
10:28:30.0985 4524 FontCache - ok
10:28:31.0063 4524 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:28:31.0078 4524 FontCache3.0.0.0 - ok
10:28:31.0141 4524 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
10:28:31.0156 4524 FsDepends - ok
10:28:31.0172 4524 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
10:28:31.0187 4524 Fs_Rec - ok
10:28:31.0250 4524 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
10:28:31.0281 4524 fvevol - ok
10:28:31.0312 4524 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
10:28:31.0375 4524 FwLnk - ok
10:28:31.0406 4524 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
10:28:31.0421 4524 gagp30kx - ok
10:28:31.0484 4524 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
10:28:31.0562 4524 gpsvc - ok
10:28:31.0609 4524 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
10:28:31.0687 4524 hcw85cir - ok
10:28:31.0749 4524 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
10:28:31.0780 4524 HdAudAddService - ok
10:28:31.0811 4524 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
10:28:31.0858 4524 HDAudBus - ok
10:28:31.0889 4524 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
10:28:31.0936 4524 HidBatt - ok
10:28:31.0967 4524 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
10:28:31.0999 4524 HidBth - ok
10:28:32.0014 4524 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
10:28:32.0061 4524 HidIr - ok
10:28:32.0092 4524 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
10:28:32.0155 4524 hidserv - ok
10:28:32.0233 4524 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
10:28:32.0248 4524 HidUsb - ok
10:28:32.0295 4524 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
10:28:32.0357 4524 hkmsvc - ok
10:28:32.0404 4524 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
10:28:32.0467 4524 HomeGroupListener - ok
10:28:32.0513 4524 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
10:28:32.0560 4524 HomeGroupProvider - ok
10:28:32.0607 4524 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
10:28:32.0623 4524 HpSAMD - ok
10:28:32.0685 4524 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
10:28:32.0763 4524 HTTP - ok
10:28:32.0825 4524 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
10:28:32.0841 4524 hwpolicy - ok
10:28:32.0888 4524 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
10:28:32.0903 4524 i8042prt - ok
10:28:32.0981 4524 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\windows\system32\DRIVERS\iaStor.sys
10:28:32.0997 4524 iaStor - ok
10:28:33.0044 4524 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
10:28:33.0075 4524 iaStorV - ok
10:28:33.0184 4524 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:28:33.0247 4524 idsvc - ok
10:28:33.0746 4524 igfx (898ab5bfed7040d7ab07af01885eb944) C:\windows\system32\DRIVERS\igdkmd64.sys
10:28:34.0058 4524 igfx - ok
10:28:34.0183 4524 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
10:28:34.0198 4524 iirsp - ok
10:28:34.0276 4524 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
10:28:34.0370 4524 IKEEXT - ok
10:28:34.0417 4524 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
10:28:34.0432 4524 intelide - ok
10:28:34.0463 4524 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
10:28:34.0510 4524 intelppm - ok
10:28:34.0573 4524 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
10:28:34.0635 4524 IPBusEnum - ok
10:28:34.0666 4524 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
10:28:34.0729 4524 IpFilterDriver - ok
10:28:34.0807 4524 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
10:28:34.0885 4524 iphlpsvc - ok
10:28:34.0931 4524 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
10:28:34.0978 4524 IPMIDRV - ok
10:28:35.0041 4524 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
10:28:35.0087 4524 IPNAT - ok
10:28:35.0134 4524 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
10:28:35.0181 4524 IRENUM - ok
10:28:35.0228 4524 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
10:28:35.0243 4524 isapnp - ok
10:28:35.0275 4524 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
10:28:35.0290 4524 iScsiPrt - ok
10:28:35.0321 4524 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
10:28:35.0337 4524 kbdclass - ok
10:28:35.0368 4524 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
10:28:35.0415 4524 kbdhid - ok
10:28:35.0462 4524 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:28:35.0477 4524 KeyIso - ok
10:28:35.0493 4524 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
10:28:35.0509 4524 KSecDD - ok
10:28:35.0587 4524 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
10:28:35.0602 4524 KSecPkg - ok
10:28:35.0633 4524 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
10:28:35.0680 4524 ksthunk - ok
10:28:35.0758 4524 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
10:28:35.0821 4524 KtmRm - ok
10:28:35.0867 4524 L1C (48686c29856f46443952a831424f8d6f) C:\windows\system32\DRIVERS\L1C62x64.sys
10:28:35.0883 4524 L1C - ok
10:28:35.0945 4524 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
10:28:36.0023 4524 LanmanServer - ok
10:28:36.0086 4524 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
10:28:36.0148 4524 LanmanWorkstation - ok
10:28:36.0211 4524 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
10:28:36.0273 4524 lltdio - ok
10:28:36.0320 4524 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
10:28:36.0413 4524 lltdsvc - ok
10:28:36.0445 4524 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
10:28:36.0507 4524 lmhosts - ok
10:28:36.0554 4524 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
10:28:36.0585 4524 LSI_FC - ok
10:28:36.0601 4524 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
10:28:36.0616 4524 LSI_SAS - ok
10:28:36.0647 4524 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
10:28:36.0663 4524 LSI_SAS2 - ok
10:28:36.0679 4524 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
10:28:36.0694 4524 LSI_SCSI - ok
10:28:36.0710 4524 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
10:28:36.0772 4524 luafv - ok
10:28:36.0835 4524 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
10:28:36.0881 4524 Mcx2Svc - ok
10:28:36.0913 4524 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
10:28:36.0928 4524 megasas - ok
10:28:36.0959 4524 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
10:28:36.0991 4524 MegaSR - ok
10:28:37.0022 4524 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
10:28:37.0084 4524 MMCSS - ok
10:28:37.0115 4524 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
10:28:37.0178 4524 Modem - ok
10:28:37.0209 4524 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
10:28:37.0256 4524 monitor - ok
10:28:37.0318 4524 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
10:28:37.0334 4524 mouclass - ok
10:28:37.0365 4524 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
10:28:37.0396 4524 mouhid - ok
10:28:37.0427 4524 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
10:28:37.0443 4524 mountmgr - ok
10:28:37.0505 4524 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
10:28:37.0521 4524 mpio - ok
10:28:37.0537 4524 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
10:28:37.0583 4524 mpsdrv - ok
10:28:37.0708 4524 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
10:28:37.0802 4524 MpsSvc - ok
10:28:37.0864 4524 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
10:28:37.0911 4524 MRxDAV - ok
10:28:37.0958 4524 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
10:28:38.0020 4524 mrxsmb - ok
10:28:38.0067 4524 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
10:28:38.0114 4524 mrxsmb10 - ok
10:28:38.0161 4524 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
10:28:38.0176 4524 mrxsmb20 - ok
10:28:38.0223 4524 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
10:28:38.0223 4524 msahci - ok
10:28:38.0270 4524 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
10:28:38.0285 4524 msdsm - ok
10:28:38.0317 4524 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
10:28:38.0348 4524 MSDTC - ok
10:28:38.0395 4524 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
10:28:38.0473 4524 Msfs - ok
10:28:38.0504 4524 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
10:28:38.0551 4524 mshidkmdf - ok
10:28:38.0597 4524 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
10:28:38.0613 4524 msisadrv - ok
10:28:38.0644 4524 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
10:28:38.0707 4524 MSiSCSI - ok
10:28:38.0722 4524 msiserver - ok
10:28:38.0785 4524 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
10:28:38.0847 4524 MSKSSRV - ok
10:28:38.0878 4524 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
10:28:38.0941 4524 MSPCLOCK - ok
10:28:38.0972 4524 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
10:28:39.0034 4524 MSPQM - ok
10:28:39.0081 4524 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
10:28:39.0112 4524 MsRPC - ok
10:28:39.0159 4524 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
10:28:39.0175 4524 mssmbios - ok
10:28:39.0221 4524 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
10:28:39.0284 4524 MSTEE - ok
10:28:39.0315 4524 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
10:28:39.0346 4524 MTConfig - ok
10:28:39.0377 4524 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
10:28:39.0393 4524 Mup - ok
10:28:39.0455 4524 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
10:28:39.0533 4524 napagent - ok
10:28:39.0596 4524 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
10:28:39.0689 4524 NativeWifiP - ok
10:28:39.0783 4524 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
10:28:39.0830 4524 NDIS - ok
10:28:39.0877 4524 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
10:28:39.0908 4524 NdisCap - ok
10:28:39.0955 4524 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
10:28:39.0986 4524 NdisTapi - ok
10:28:40.0048 4524 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
10:28:40.0111 4524 Ndisuio - ok
10:28:40.0157 4524 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
10:28:40.0220 4524 NdisWan - ok
10:28:40.0267 4524 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
10:28:40.0313 4524 NDProxy - ok
10:28:40.0345 4524 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
10:28:40.0407 4524 NetBIOS - ok
10:28:40.0454 4524 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
10:28:40.0501 4524 NetBT - ok
10:28:40.0563 4524 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:28:40.0579 4524 Netlogon - ok
10:28:40.0641 4524 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
10:28:40.0703 4524 Netman - ok
10:28:40.0766 4524 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
10:28:40.0844 4524 netprofm - ok
10:28:40.0906 4524 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:28:40.0922 4524 NetTcpPortSharing - ok
10:28:40.0953 4524 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
10:28:40.0969 4524 nfrd960 - ok
10:28:41.0031 4524 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
10:28:41.0109 4524 NlaSvc - ok
10:28:41.0140 4524 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
10:28:41.0187 4524 Npfs - ok
10:28:41.0218 4524 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
10:28:41.0281 4524 nsi - ok
10:28:41.0312 4524 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
10:28:41.0359 4524 nsiproxy - ok
10:28:41.0468 4524 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
10:28:41.0530 4524 Ntfs - ok
10:28:41.0655 4524 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
10:28:41.0717 4524 Null - ok
10:28:41.0764 4524 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
10:28:41.0780 4524 nvraid - ok
10:28:41.0795 4524 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
10:28:41.0811 4524 nvstor - ok
10:28:41.0842 4524 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
10:28:41.0858 4524 nv_agp - ok
10:28:41.0905 4524 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
10:28:41.0920 4524 ohci1394 - ok
10:28:41.0967 4524 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
10:28:42.0045 4524 p2pimsvc - ok
10:28:42.0092 4524 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
10:28:42.0170 4524 p2psvc - ok
10:28:42.0217 4524 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
10:28:42.0232 4524 Parport - ok
10:28:42.0263 4524 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
10:28:42.0279 4524 partmgr - ok
10:28:42.0310 4524 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
10:28:42.0357 4524 PcaSvc - ok
10:28:42.0419 4524 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
10:28:42.0435 4524 pci - ok
10:28:42.0451 4524 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
10:28:42.0466 4524 pciide - ok
10:28:42.0513 4524 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
10:28:42.0529 4524 pcmcia - ok
10:28:42.0560 4524 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
10:28:42.0575 4524 pcw - ok
10:28:42.0638 4524 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
10:28:42.0716 4524 PEAUTH - ok
10:28:42.0809 4524 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
10:28:42.0856 4524 PerfHost - ok
10:28:43.0012 4524 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
10:28:43.0090 4524 pla - ok
10:28:43.0153 4524 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
10:28:43.0246 4524 PlugPlay - ok
10:28:43.0277 4524 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
10:28:43.0324 4524 PNRPAutoReg - ok
10:28:43.0371 4524 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
10:28:43.0387 4524 PNRPsvc - ok
10:28:43.0433 4524 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
10:28:43.0527 4524 PolicyAgent - ok
10:28:43.0574 4524 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
10:28:43.0636 4524 Power - ok
10:28:43.0714 4524 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
10:28:43.0777 4524 PptpMiniport - ok
10:28:43.0823 4524 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
10:28:43.0855 4524 Processor - ok
10:28:43.0901 4524 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
10:28:43.0964 4524 ProfSvc - ok
10:28:43.0995 4524 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:28:44.0011 4524 ProtectedStorage - ok
10:28:44.0089 4524 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
10:28:44.0151 4524 Psched - ok
10:28:44.0245 4524 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
10:28:44.0307 4524 ql2300 - ok
10:28:44.0401 4524 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
10:28:44.0416 4524 ql40xx - ok
10:28:44.0463 4524 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
10:28:44.0494 4524 QWAVE - ok
10:28:44.0510 4524 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
10:28:44.0557 4524 QWAVEdrv - ok
10:28:44.0588 4524 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
10:28:44.0650 4524 RasAcd - ok
10:28:44.0682 4524 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
10:28:44.0744 4524 RasAgileVpn - ok
10:28:44.0775 4524 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
10:28:44.0853 4524 RasAuto - ok
10:28:44.0900 4524 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
10:28:44.0962 4524 Rasl2tp - ok
10:28:45.0009 4524 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
10:28:45.0056 4524 RasMan - ok
10:28:45.0103 4524 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
10:28:45.0165 4524 RasPppoe - ok
10:28:45.0196 4524 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
10:28:45.0259 4524 RasSstp - ok
10:28:45.0321 4524 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
10:28:45.0384 4524 rdbss - ok
10:28:45.0430 4524 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
10:28:45.0477 4524 rdpbus - ok
10:28:45.0664 4524 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
10:28:46.0070 4524 RDPCDD - ok
10:28:46.0117 4524 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
10:28:46.0179 4524 RDPENCDD - ok
10:28:46.0210 4524 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
10:28:46.0257 4524 RDPREFMP - ok
10:28:46.0304 4524 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
10:28:46.0335 4524 RDPWD - ok
10:28:46.0398 4524 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
10:28:46.0429 4524 rdyboost - ok
10:28:46.0476 4524 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
10:28:46.0538 4524 RemoteAccess - ok
10:28:46.0585 4524 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
10:28:46.0647 4524 RemoteRegistry - ok
10:28:46.0678 4524 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
10:28:46.0741 4524 RpcEptMapper - ok
10:28:46.0756 4524 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
10:28:46.0803 4524 RpcLocator - ok
10:28:46.0866 4524 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
10:28:46.0912 4524 RpcSs - ok
10:28:46.0944 4524 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
10:28:47.0022 4524 rspndr - ok
10:28:47.0068 4524 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\windows\system32\Drivers\RtsUStor.sys
10:28:47.0084 4524 RSUSBSTOR - ok
10:28:47.0115 4524 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:28:47.0146 4524 SamSs - ok
10:28:47.0240 4524 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
10:28:47.0256 4524 SASDIFSV - ok
10:28:47.0287 4524 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
10:28:47.0302 4524 SASKUTIL - ok
10:28:47.0334 4524 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
10:28:47.0349 4524 sbp2port - ok
10:28:47.0380 4524 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
10:28:47.0458 4524 SCardSvr - ok
10:28:47.0505 4524 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
10:28:47.0568 4524 scfilter - ok
10:28:47.0646 4524 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
10:28:47.0755 4524 Schedule - ok
10:28:47.0802 4524 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
10:28:47.0833 4524 SCPolicySvc - ok
10:28:47.0880 4524 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
10:28:47.0926 4524 SDRSVC - ok
10:28:48.0004 4524 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
10:28:48.0051 4524 secdrv - ok
10:28:48.0098 4524 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
10:28:48.0160 4524 seclogon - ok
10:28:48.0192 4524 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
10:28:48.0254 4524 SENS - ok
10:28:48.0285 4524 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
10:28:48.0316 4524 SensrSvc - ok
10:28:48.0348 4524 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
10:28:48.0394 4524 Serenum - ok
10:28:48.0441 4524 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
10:28:48.0457 4524 Serial - ok
10:28:48.0488 4524 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
10:28:48.0535 4524 sermouse - ok
10:28:48.0628 4524 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
10:28:48.0691 4524 SessionEnv - ok
10:28:48.0738 4524 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
10:28:48.0800 4524 sffdisk - ok
10:28:48.0816 4524 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
10:28:48.0862 4524 sffp_mmc - ok
10:28:48.0894 4524 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
10:28:48.0925 4524 sffp_sd - ok
10:28:48.0987 4524 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
10:28:49.0003 4524 sfloppy - ok
10:28:49.0065 4524 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
10:28:49.0143 4524 SharedAccess - ok
10:28:49.0206 4524 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
10:28:49.0284 4524 ShellHWDetection - ok
10:28:49.0299 4524 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
10:28:49.0330 4524 SiSRaid2 - ok
10:28:49.0362 4524 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
10:28:49.0377 4524 SiSRaid4 - ok
10:28:49.0408 4524 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
10:28:49.0471 4524 Smb - ok
10:28:49.0549 4524 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
10:28:49.0580 4524 SNMPTRAP - ok
10:28:49.0627 4524 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
10:28:49.0642 4524 spldr - ok
10:28:49.0705 4524 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
10:28:49.0767 4524 Spooler - ok
10:28:49.0970 4524 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
10:28:50.0126 4524 sppsvc - ok
10:28:50.0251 4524 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
10:28:50.0329 4524 sppuinotify - ok
10:28:50.0485 4524 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
10:28:50.0563 4524 srv - ok
10:28:50.0610 4524 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
10:28:50.0656 4524 srv2 - ok
10:28:50.0688 4524 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
10:28:50.0719 4524 srvnet - ok
10:28:50.0750 4524 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
10:28:50.0812 4524 SSDPSRV - ok
10:28:50.0828 4524 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
10:28:50.0875 4524 SstpSvc - ok
10:28:50.0922 4524 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
10:28:50.0937 4524 stexstor - ok
10:28:51.0015 4524 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
10:28:51.0093 4524 stisvc - ok
10:28:51.0156 4524 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
10:28:51.0171 4524 swenum - ok
10:28:51.0218 4524 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
10:28:51.0296 4524 swprv - ok
10:28:51.0358 4524 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
10:28:51.0390 4524 SynTP - ok
10:28:51.0499 4524 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
10:28:51.0577 4524 SysMain - ok
10:28:51.0733 4524 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
10:28:51.0764 4524 TabletInputService - ok
10:28:51.0811 4524 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
10:28:51.0889 4524 TapiSrv - ok
10:28:51.0920 4524 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
10:28:51.0967 4524 TBS - ok
10:28:52.0107 4524 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
10:28:52.0185 4524 Tcpip - ok
10:28:52.0372 4524 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
10:28:52.0419 4524 TCPIP6 - ok
10:28:52.0528 4524 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
10:28:52.0606 4524 tcpipreg - ok
10:28:52.0653 4524 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
10:28:52.0669 4524 tdcmdpst - ok
10:28:52.0700 4524 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
10:28:52.0731 4524 TDPIPE - ok
10:28:52.0762 4524 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
10:28:52.0794 4524 TDTCP - ok
10:28:52.0856 4524 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
10:28:52.0903 4524 tdx - ok
10:28:52.0950 4524 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
10:28:52.0965 4524 TermDD - ok
10:28:53.0012 4524 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
10:28:53.0090 4524 TermService - ok
10:28:53.0184 4524 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
10:28:53.0230 4524 Themes - ok
10:28:53.0277 4524 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
10:28:53.0324 4524 THREADORDER - ok
10:28:53.0418 4524 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
10:28:53.0449 4524 TMachInfo - ok
10:28:53.0496 4524 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\windows\system32\TODDSrv.exe
10:28:53.0511 4524 TODDSrv - ok
10:28:53.0589 4524 TosCoSrv (db9719688c08f42705feb3f6a0c98b91) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
10:28:53.0620 4524 TosCoSrv - ok
10:28:53.0698 4524 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
10:28:53.0714 4524 TOSHIBA HDD SSD Alert Service - ok
10:28:53.0730 4524 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
10:28:53.0808 4524 TrkWks - ok
10:28:53.0870 4524 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
10:28:53.0932 4524 TrustedInstaller - ok
10:28:53.0995 4524 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
10:28:54.0057 4524 tssecsrv - ok
10:28:54.0120 4524 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
10:28:54.0182 4524 TsUsbFlt - ok
10:28:54.0229 4524 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
10:28:54.0291 4524 tunnel - ok
10:28:54.0338 4524 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
10:28:54.0354 4524 TVALZ - ok
10:28:54.0400 4524 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
10:28:54.0416 4524 uagp35 - ok
10:28:54.0463 4524 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
10:28:54.0525 4524 udfs - ok
10:28:54.0588 4524 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
10:28:54.0619 4524 UI0Detect - ok
10:28:54.0666 4524 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
10:28:54.0681 4524 uliagpkx - ok
10:28:54.0712 4524 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
10:28:54.0759 4524 umbus - ok
10:28:54.0790 4524 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
10:28:54.0837 4524 UmPass - ok
10:28:54.0884 4524 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
10:28:54.0931 4524 upnphost - ok
10:28:55.0009 4524 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\drivers\usbccgp.sys
10:28:55.0040 4524 usbccgp - ok
10:28:55.0071 4524 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
10:28:55.0102 4524 usbcir - ok
10:28:55.0118 4524 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
10:28:55.0165 4524 usbehci - ok
10:28:55.0196 4524 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
10:28:55.0258 4524 usbhub - ok
10:28:55.0290 4524 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
10:28:55.0321 4524 usbohci - ok
10:28:55.0368 4524 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
10:28:55.0414 4524 usbprint - ok
10:28:55.0446 4524 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
10:28:55.0492 4524 USBSTOR - ok
10:28:55.0524 4524 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\DRIVERS\usbuhci.sys
10:28:55.0570 4524 usbuhci - ok
10:28:55.0633 4524 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
10:28:55.0664 4524 usbvideo - ok
10:28:55.0695 4524 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
10:28:55.0758 4524 UxSms - ok
10:28:55.0804 4524 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:28:55.0820 4524 VaultSvc - ok
10:28:55.0882 4524 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
10:28:55.0898 4524 vdrvroot - ok
10:28:55.0960 4524 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
10:28:56.0023 4524 vds - ok
10:28:56.0070 4524 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
10:28:56.0101 4524 vga - ok
10:28:56.0116 4524 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
10:28:56.0179 4524 VgaSave - ok
10:28:56.0241 4524 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
10:28:56.0257 4524 vhdmp - ok
10:28:56.0272 4524 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
10:28:56.0288 4524 viaide - ok
10:28:56.0304 4524 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
10:28:56.0319 4524 volmgr - ok
10:28:56.0382 4524 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
10:28:56.0413 4524 volmgrx - ok
10:28:56.0428 4524 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
10:28:56.0460 4524 volsnap - ok
10:28:56.0491 4524 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
10:28:56.0506 4524 vsmraid - ok
10:28:56.0616 4524 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
10:28:56.0740 4524 VSS - ok
10:28:56.0865 4524 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
10:28:56.0928 4524 vwifibus - ok
10:28:56.0959 4524 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
10:28:57.0006 4524 vwififlt - ok
10:28:57.0052 4524 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
10:28:57.0115 4524 W32Time - ok
10:28:57.0146 4524 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
10:28:57.0177 4524 WacomPen - ok
10:28:57.0224 4524 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
10:28:57.0286 4524 WANARP - ok
10:28:57.0318 4524 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
10:28:57.0364 4524 Wanarpv6 - ok
10:28:57.0458 4524 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
10:28:57.0520 4524 WatAdminSvc - ok
10:28:57.0614 4524 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
10:28:57.0692 4524 wbengine - ok
10:28:57.0801 4524 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
10:28:57.0848 4524 WbioSrvc - ok
10:28:57.0910 4524 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
10:28:57.0973 4524 wcncsvc - ok
10:28:58.0020 4524 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
10:28:58.0082 4524 WcsPlugInService - ok
10:28:58.0129 4524 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
10:28:58.0144 4524 Wd - ok
10:28:58.0191 4524 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
10:28:58.0238 4524 Wdf01000 - ok
10:28:58.0269 4524 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
10:28:58.0410 4524 WdiServiceHost - ok
10:28:58.0410 4524 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
10:28:58.0441 4524 WdiSystemHost - ok
10:28:58.0488 4524 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
10:28:58.0534 4524 WebClient - ok
10:28:58.0581 4524 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
10:28:58.0644 4524 Wecsvc - ok
10:28:58.0675 4524 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
10:28:58.0753 4524 wercplsupport - ok
10:28:58.0784 4524 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
10:28:58.0862 4524 WerSvc - ok
10:28:58.0924 4524 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
10:28:58.0971 4524 WfpLwf - ok
10:28:59.0002 4524 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
10:28:59.0018 4524 WIMMount - ok
10:28:59.0080 4524 WinDefend - ok
10:28:59.0096 4524 WinHttpAutoProxySvc - ok
10:28:59.0158 4524 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
10:28:59.0236 4524 Winmgmt - ok
10:28:59.0361 4524 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
10:28:59.0470 4524 WinRM - ok
10:28:59.0658 4524 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
10:28:59.0704 4524 Wlansvc - ok
10:28:59.0782 4524 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:28:59.0798 4524 wlcrasvc - ok
10:28:59.0938 4524 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:29:00.0016 4524 wlidsvc - ok
10:29:00.0141 4524 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
10:29:00.0188 4524 WmiAcpi - ok
10:29:00.0266 4524 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
10:29:00.0313 4524 wmiApSrv - ok
10:29:00.0360 4524 WMPNetworkSvc - ok
10:29:00.0391 4524 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
10:29:00.0422 4524 WPCSvc - ok
10:29:00.0469 4524 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
10:29:00.0516 4524 WPDBusEnum - ok
10:29:00.0547 4524 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
10:29:00.0625 4524 ws2ifsl - ok
10:29:00.0703 4524 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
10:29:00.0750 4524 wscsvc - ok
10:29:00.0765 4524 WSearch - ok
10:29:00.0921 4524 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
10:29:00.0999 4524 wuauserv - ok
10:29:01.0186 4524 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
10:29:01.0249 4524 WudfPf - ok
10:29:01.0296 4524 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
10:29:01.0342 4524 WUDFRd - ok
10:29:01.0389 4524 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
10:29:01.0436 4524 wudfsvc - ok
10:29:01.0467 4524 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
10:29:01.0514 4524 WwanSvc - ok
10:29:01.0576 4524 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
10:29:01.0639 4524 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
10:29:01.0639 4524 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
10:29:01.0732 4524 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:29:01.0732 4524 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:29:01.0764 4524 Boot (0x1200) (f0dd1e264c067963ab34e1dd5ea255a7) \Device\Harddisk0\DR0\Partition0
10:29:01.0764 4524 \Device\Harddisk0\DR0\Partition0 - ok
10:29:01.0779 4524 ============================================================
10:29:01.0779 4524 Scan finished
10:29:01.0779 4524 ============================================================
10:29:01.0795 3744 Detected object count: 2
10:29:01.0795 3744 Actual detected object count: 2
10:30:04.0834 3744 \Device\Harddisk0\DR0\# - copied to quarantine
10:30:04.0834 3744 \Device\Harddisk0\DR0 - copied to quarantine
10:30:04.0928 3744 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
10:30:04.0928 3744 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
10:30:04.0959 3744 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
10:30:04.0975 3744 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
10:30:04.0975 3744 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
10:30:04.0975 3744 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
10:30:04.0975 3744 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
10:30:04.0975 3744 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
10:30:04.0990 3744 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
10:30:04.0990 3744 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
10:30:04.0990 3744 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
10:30:04.0990 3744 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
10:30:05.0084 3744 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:30:05.0146 3744 \Device\Harddisk0\DR0 - ok
10:30:05.0458 3744 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 
10:30:05.0458 3744 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:30:05.0458 3744 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
10:30:46.0237 4592 Deinitialize success


----------



## kevinf80 (Mar 21, 2006)

Run the following online AV scan, it will be very thorough but will ensure there are no remnants....

*Run ESET Online Scan*

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
*ESET OnlineScan*
Click the







button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on







to download the ESET Smart Installer. *Save* it to your desktop.
Double click on the







icon on your desktop.

Check








Click the







button.
Accept any security warnings from your browser.
Check








*Leave the tick out of remove found threats*
Push the *Start* button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push








Push







, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the







button.
Push








You can refer to *this animation* by *neomage* if needed.
Frequently asked questions available *Here* *Please read them before running the scan.*

*Also be aware this scan can take several hours to complete depending on the size of your system.*

ESET log can be found here *"C:\Program Files\ESET\EsetOnlineScanner\log.txt".*

Kevin...:up:


----------



## MTeague (Jun 21, 2012)

C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan
C:\FRST\Quarantine\{626cd329-29cf-3db4-cbcc-f7ac18480fe1}\U\[email protected] Win64/Sirefef.AI trojan
C:\FRST\Quarantine\{626cd329-29cf-3db4-cbcc-f7ac18480fe1}\U\[email protected] Win64/Sirefef.AE trojan
C:\TDSSKiller_Quarantine\29.06.2012_10.27.46\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\29.06.2012_10.27.46\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\29.06.2012_10.27.46\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KS trojan
C:\TDSSKiller_Quarantine\29.06.2012_10.27.46\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\29.06.2012_10.27.46\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\29.06.2012_10.27.46\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan
C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Default\aaehglgllkfcmpmmfbdhbddcimdenbol\background.html Win32/BHO.OEI trojan
C:\Users\Mitch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\4c34fc0e-63fbc33e a variant of Java/Exploit.CVE-2011-3544.B trojan
C:\Users\Mitch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\63d48c42-7a69ba03 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\Mitch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\8c21a57-7eb802a7 multiple threats
C:\Users\Mitch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1b0b81d-5b83324d multiple threats
C:\Users\Mitch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\8f389dd-17300088 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\Mitch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5d149be1-6b4ce23c multiple threats
C:\Users\Mitch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1ae524e4-3e7622c0 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\Mitch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\64cd9fe8-70650e4a a variant of Java/Exploit.CVE-2011-3544.C trojan
C:\Users\Mitch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2d5a4e9-1166f541 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\Mitch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\402b2b-4ca4a293 multiple threats
C:\Users\Mitch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\43362130-47460446 a variant of Java/Exploit.CVE-2011-3544.B trojan
C:\Users\Mitch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\61c81345-56b7bd53 a variant of Java/Exploit.CVE-2011-3544.B trojan
C:\Users\Mitch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\45815038-52f7f701 Java/Exploit.Blacole trojan
C:\Users\Mitch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4e2557bd-186d94b9 a variant of Java/Exploit.CVE-2011-3544.C trojan
C:\Users\Mitch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\64a5ca89-5fe717f1 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\Mitch\Documents\software\cnet_RegpairSetup_exe.exe a variant of Win32/InstallCore.D application
C:\Windows\System32\config\systemprofile\AppData\Local\{626cd329-29cf-3db4-cbcc-f7ac18480fe1}\n Win64/Sirefef.W trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{626cd329-29cf-3db4-cbcc-f7ac18480fe1}\n Win64/Sirefef.W trojan


----------



## kevinf80 (Mar 21, 2006)

OK, run the following:

*Step 1*

Please download *OTM by OldTimer*.

*Alternative Mirror 1*
*Alternative Mirror 2*

Save it to your desktop.

Double click *OTM.exe* to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....

*Copy* the text from the code box belowbelow to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Files
ipconfig /flushdns /c
C:\FRST
C:\TDSSKiller_Quarantine
C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Default\aaehglgllkfcmpmmfbdhbddcimdenbol\background.html
C:\Users\Mitch\Documents\software\cnet_RegpairSetup_exe.exe
C:\Windows\System32\config\systemprofile\AppData\Local\{626cd329-29cf-3db4-cbcc-f7ac18480fe1}
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{626cd329-29cf-3db4-cbcc-f7ac18480fe1}
:Commands
[CreateRestorePoint]
[EmptyTemp]
```

 Return to OTMoveIt3, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red







button.
*Copy* everything in the Results window (under the green bar) to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close *OTM*
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*

If the machine reboots, the Results log can be found here:

*c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log*

Where mmddyyyy_hhmmss is the date of the tool run.

*Step 2*








Please download *Malwarebytes* Anti-Malware and save it to your desktop.
*Alernative D/L mirror*
*Alternative D/L mirror*

Double Click mbam-setup.exe to install the application.

 Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
 If an update is found, it will download and install the latest version.
 Once the program has loaded, select "Perform Quick Scan", then click Scan.
 The scan may take some time to finish,so please be patient.
 When the scan is complete, click OK, then Show Results to view the results.
 Make sure that everything is checked, and click Remove Selected.
 When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
 Please save the log to a location you will remember.
 The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
 Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Let me see those two logs in next reply....

Kevin...:up:


----------



## MTeague (Jun 21, 2012)

For OTM:

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mitch\Desktop\cmd.bat deleted successfully.
C:\Users\Mitch\Desktop\cmd.txt deleted successfully.
C:\FRST\Quarantine\{626cd329-29cf-3db4-cbcc-f7ac18480fe1}\U folder moved successfully.
C:\FRST\Quarantine\{626cd329-29cf-3db4-cbcc-f7ac18480fe1}\L folder moved successfully.
C:\FRST\Quarantine\{626cd329-29cf-3db4-cbcc-f7ac18480fe1} folder moved successfully.
C:\FRST\Quarantine\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
C:\FRST\Quarantine\%APPDATA%\Microsoft\Windows folder moved successfully.
C:\FRST\Quarantine\%APPDATA%\Microsoft\Internet Explorer\UserData\VHPQIONG folder moved successfully.
C:\FRST\Quarantine\%APPDATA%\Microsoft\Internet Explorer\UserData\UM2AQB9S folder moved successfully.
C:\FRST\Quarantine\%APPDATA%\Microsoft\Internet Explorer\UserData\D9JTUJIX folder moved successfully.
C:\FRST\Quarantine\%APPDATA%\Microsoft\Internet Explorer\UserData\AFJXUWQY folder moved successfully.
C:\FRST\Quarantine\%APPDATA%\Microsoft\Internet Explorer\UserData folder moved successfully.
C:\FRST\Quarantine\%APPDATA%\Microsoft\Internet Explorer folder moved successfully.
C:\FRST\Quarantine\%APPDATA%\Microsoft folder moved successfully.
C:\FRST\Quarantine\%APPDATA% folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
C:\TDSSKiller_Quarantine\29.06.2012_10.27.46\mbr0000\tdlfs0000 folder moved successfully.
C:\TDSSKiller_Quarantine\29.06.2012_10.27.46\mbr0000\mbr0000 folder moved successfully.
C:\TDSSKiller_Quarantine\29.06.2012_10.27.46\mbr0000 folder moved successfully.
C:\TDSSKiller_Quarantine\29.06.2012_10.27.46 folder moved successfully.
C:\TDSSKiller_Quarantine folder moved successfully.
C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Default\aaehglgllkfcmpmmfbdhbddcimdenbol\background.html moved successfully.
C:\Users\Mitch\Documents\software\cnet_RegpairSetup_exe.exe moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\{626cd329-29cf-3db4-cbcc-f7ac18480fe1}\U folder moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\{626cd329-29cf-3db4-cbcc-f7ac18480fe1}\L folder moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\{626cd329-29cf-3db4-cbcc-f7ac18480fe1} folder moved successfully.
File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{626cd329-29cf-3db4-cbcc-f7ac18480fe1} not found.
========== COMMANDS ==========
Restore point Set: OTM Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mitch
->Temp folder emptied: 851181 bytes
->Temporary Internet Files folder emptied: 274572976 bytes
->Java cache emptied: 13848515 bytes
->Google Chrome cache emptied: 32743087 bytes
->Flash cache emptied: 173046 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1760 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 204211224 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 678 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 343134374 bytes
RecycleBin emptied: 12619272858 bytes

Total Files Cleaned = 12,864.00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 06292012_150445
Files moved on Reboot...
C:\Users\Mitch\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...

For Malwarebytes:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.29.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Mitch :: MITCH-PC [administrator]
6/29/2012 3:23:52 PM
mbam-log-2012-06-29 (15-23-52).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209114
Time elapsed: 5 minute(s), 22 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)


----------



## kevinf80 (Mar 21, 2006)

Please re-run Malwarebytes again, check for updates first. Have a search around online, use your system freely, tell me how it responds etc..

Kevin


----------



## MTeague (Jun 21, 2012)

Ok,

I updated malwarebytes again and re-scanned it, it came up clean. I'm not getting warning messages from any system I have running, nor any error messages on any of my software.

I am satisfied that it is as good as it's gonna get!

I am not going to trust this machine with anything serious, but it seems to be working now.

Thanks for your help.


----------



## kevinf80 (Mar 21, 2006)

Run TDSSKiller one more time, when you come to this entry *Device\Harddisk0\DR0 - detected TDSS File System* Select *delete* It is an inert remnant of the rootkit, but best to move it.

I do not need to see the above log, if you remove it that is fine.

OK, we clean up now.

*Step 1*

Remove Combofix now that we're done with it

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")









 Please follow the prompts to uninstall Combofix.
 You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
The above procedure will delete the following:

 ComboFix and its associated files and folders.
 VundoFix backups, if present
 Reset the clock settings.
 Hide file extensions, if required.
 Hide System/Hidden files, if required.
 Reset System Restore.

*It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.*

*Step 2*

Remove ESET online scanner:


 Click Start, type *Uninstall a Program* into the Search programs and files box, and then press ENTER.
 Click to select *ESET Online Scanner* from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall *ESETonline Scanner*, only re-boot if prompted.

*Step 3*


Download *OTC* by OldTimer and save it to your *desktop.* *Alternative mirror*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose run as administrator
Then Click the big







button.
You will get a prompt saying "_Begining Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.
This will remove tools we have used and itself.

*Any tools/logs remaining on the Desktop can be deleted.*

*Step 4*

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any *Beta* updates.
If Java or Adobe as updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed.

*Step 5*

Download







TFC to your desktop, from either of the following links
*Link 1*
*Link 2*

 Save any open work. TFC will close all open application windows.
 Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select Run as Administartor
 If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, *including your Desktop*. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not *Re-boot it yourself to complete cleaning process* *<---- Very Important *

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. *Always remember to re-boot after a run, even if not prompted*

*Step 6*

Create a new restore point:

1. Right-click on Computer and go to Properties.
2. Next click on the System Protection link.
3. The System Properties dialog screen opens up and you will want to click on Create.
4. Type in a description for the restore point which will help you remember the point at which it was created. Click on create.
5. You should see the message "The restore point was created successfully

To remove all but the most recent restore point do the following:

1. Open Disk Cleanup by clicking the Start button







. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
2. If prompted, select the drive that you want to clean up, and then click OK.
3. In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
4. If prompted, select the drive that you want to clean up, and then click OK.
5. Click the More Options tab, under System Restore and Shadow Copies, click Clean up.
6. In the Disk Cleanup dialog box, click Delete.
7. Click Delete Files, and then click OK. Re-Boot your PC.

I would also definitely change all passwords etc to all accounts....

Kevin


----------



## MTeague (Jun 21, 2012)

The cleanup is done, thanks for your help


----------



## kevinf80 (Mar 21, 2006)

Anytime my friend, glad to help...

Here are some tips to reduce the potential for malware infection in the future:

*Make proper use of your antivirus and firewall*

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, *NEVER* turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use *WinPatrol* This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained *Here*

*Use a safer web browser*

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

*Firefox*,

*Opera*, and

*Chrome*.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial *HERE* which will help you to make IE *MUCH* safer.

These *browser add-ons* will help to make your browser safer:

*Web of Trust* warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for *Firefox* and *Internet Explorer*.

*Green* to go, 
*Yellow* for caution, and 
*Red* to stop.

Available for *Firefox* only. *NoScript* helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at *THIS* article.

Here a couple of links by two security experts that will give some excellent tips and advice.

*So how did I get infected in the first place by Tony Klein*

*How to prevent Malware by Miekiemoes*

Finally this link *HERE* will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

If no remaining issues hit the Mark Solved tab at the top of the thread,

Take care,

Kevin


----------

