# C:\Windows\System32\services.exe



## ce2756 (Jul 5, 2012)

*Tech Support Guy System Info Utility version 1.0.0.2*
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 4
RAM: 3946 Mb
Graphics Card: ATI Mobility Radeon HD 545v, 512 Mb
Hard Drives: C: Total - 183295 MB, Free - 91088 MB; D: Total - 273060 MB, Free - 272925 MB;
Motherboard: SAMSUNG ELECTRONICS CO., LTD., R540/R538/SA41/E452
Antivirus: AVG Anti-Virus Free Edition 2011, Updated and Enabled

I recently have discovered I have a 'trojan horse' on my system. AVG Picks it up during a scan and says the following:

Object name: C:\Windows\System32\services.exe
Detection name: Trojan horse. Generic_c.MMI 
Object type: File
SDK type: Core
Result: Object is white-listed (critical/system file that should not be removed)

On advise from another forum I downloaded and ran "spybot - search and destroy" 
It does NOT pick up that it is there

As per the forum rules the following logs are below:

*HijackThis*
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:07:26 PM, on 5/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\Cam\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.telstra.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=111442&babsrc=HP_ss&mntrId=243283f8000000000000e839df1f1b84
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telstra BigPond Home Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = det.nsw.edu.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe" -tsr
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MYOB AccountRight Server 2011.1 - Unknown owner - C:\Program Files (x86)\MYOB\AccountRight\2011.1\AU\Huxley.Server.WindowsService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rezip - Unknown owner - C:\Windows\SysWOW64\Rezip.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Sierra Wireless Card Detection Service (SwiCardDetectSvc) - Sierra Wireless, Inc. - C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10727 bytes

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Cam at 21:10:05 on 2012-07-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3946.1891 [GMT 10:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\SysWOW64\Rezip.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.telstra.com/
uStart Page = hxxp://search.babylon.com/?affID=111442&babsrc=HP_ss&mntrId=243283f8000000000000e839df1f1b84
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uWindow Title = Telstra BigPond Home Internet Explorer
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = det.nsw.edu.au:8080
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BigPondWirelessBroadbandCM] "C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe" -tsr
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3575541E-347F-42AD-A691-8A0AC0E9451A} : DhcpNameServer = 192.168.5.1
TCP: Interfaces\{3D047575-B010-471B-A102-33767F13C89E} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3D047575-B010-471B-A102-33767F13C89E}\24967605F6E646140313030353 : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{3D047575-B010-471B-A102-33767F13C89E}\24967605F6E64643831303 : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{3D047575-B010-471B-A102-33767F13C89E}\24967605F6E646736373533314 : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{3D047575-B010-471B-A102-33767F13C89E}\753594F5445445 : DhcpNameServer = 172.25.240.15
TCP: Interfaces\{3D047575-B010-471B-A102-33767F13C89E}\D456279647F6E6F54416E6B637F5132393 : DhcpNameServer = 10.20.0.1
TCP: Interfaces\{4BBEFF5A-B099-42F1-A911-72DB20B62904} : DhcpNameServer = 10.143.147.147 10.143.147.148
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BigPondWirelessBroadbandCM] "C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe" -tsr
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\hs9b1i5c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - prefs.js: network.proxy.ftp - proxy.det.nsw.edu.au
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - proxy.det.nsw.edu.au
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.det.nsw.edu.au
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.det.nsw.edu.au
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\Windows\system32\Drivers\SABI.sys --> C:\Windows\system32\Drivers\SABI.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-6-13 5161080]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 193288]
R2 Rezip;Rezip;C:\Windows\SysWOW64\Rezip.exe [2010-6-10 311296]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2010-9-2 308080]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-2 135664]
S2 MYOB AccountRight Server 2011.1;MYOB AccountRight Server 2011.1;"C:\Program Files (x86)\MYOB\AccountRight\2011.1\AU\Huxley.Server.WindowsService.exe" --> C:\Program Files (x86)\MYOB\AccountRight\2011.1\AU\Huxley.Server.WindowsService.exe [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-2 135664]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\Windows\system32\DRIVERS\ZTEusbnet.sys --> C:\Windows\system32\DRIVERS\ZTEusbnet.sys [?]
.
=============== Created Last 30 ================
.
2012-07-05 09:59:35 -------- dc----w- C:\Program Files (x86)\GFI Software
2012-07-05 09:59:25 -------- dc----w- C:\Users\Cam\AppData\Roaming\GFI Software
2012-07-04 14:50:41 -------- dc----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-04 14:50:41 -------- dc----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-04 00:59:59 -------- dcsh--w- C:\Windows\System32\%APPDATA%
2012-07-04 00:55:10 -------- dc----w- C:\Users\Cam\AppData\Local\User
2012-07-04 00:55:10 -------- dc----w- C:\ProgramData\B7E858860000234300011D33B4EB2367
2012-07-04 00:55:02 -------- dc----w- C:\Users\Cam\AppData\Roaming\Igcaul
2012-07-04 00:55:02 -------- dc----w- C:\Users\Cam\AppData\Roaming\Bayrn
2012-07-04 00:55:02 -------- dc----w- C:\Users\Cam\AppData\Roaming\Awik
2012-06-22 08:57:21 770384 -c--a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-22 08:57:21 421200 -c--a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-21 02:56:59 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 02:56:39 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 02:56:19 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 02:56:19 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-14 05:07:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-14 05:07:59 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-14 05:07:10 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-14 05:07:09 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-14 05:07:09 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-14 05:07:00 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-12 09:47:22 -------- dc----w- C:\Users\Cam\AppData\Roaming\EasyBurningSoftware
2012-06-12 09:47:22 -------- dc----w- C:\Users\Cam\AppData\Roaming\Easy Burning Software
2012-06-12 09:46:45 -------- dc----w- C:\Users\Cam\AppData\Local\Babylon
2012-06-12 09:46:44 -------- dc----w- C:\Users\Cam\AppData\Roaming\Babylon
2012-06-12 09:46:44 -------- dc----w- C:\ProgramData\Babylon
.
==================== Find3M ====================
.
2012-06-15 01:22:17 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-06-15 01:22:16 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-15 01:11:20 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-15 01:11:20 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-15 01:11:20 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-15 01:11:08 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-15 01:10:54 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-15 01:10:48 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-15 01:10:48 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-15 01:10:25 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-15 01:10:25 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-15 01:10:25 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-15 01:10:25 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-15 01:10:25 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-15 01:10:24 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-23 09:49:44 737280 -c--a-w- C:\Windows\iun6002.exe
2012-04-18 18:50:26 28480 -c--a-w- C:\Windows\System32\drivers\avgidsha.sys
.
============= FINISH: 21:10:35.30 ===============

The 3rd is attached as requested.

I've read on some sites that C:\Windows\System32\services.exe needs to be replaced my a non-corrupt version but I realy don't know what to do.

Thanks in advance for the help


----------



## ce2756 (Jul 5, 2012)

Today (6/7/12) I have run some further scans and programs:

I have run: 

Trojan Remover - Picked up something was there but wouldn't remove it 
CC Cleaner - No response

I have also checked it's not infected with the DNS Changer Malware the media (here in Australia) is reporting. It came back negative but suggested to contact my ISP as they may be forwarding it. I haven't done that

On suggesiton from a colleague I've downloaded Avast. It's much better than AVG and will be keeping it. It also picks up there is a problem with the file in the original post. It also is giving me constant warnings that C:/Windows/Installer is finding a problem - I'm not trying to install anything .....


----------



## ce2756 (Jul 5, 2012)

Not sure if this forum thread is still active. But below is a revised HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:41:44 PM, on 10/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\Cam\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.telstra.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=111442&babsrc=HP_ss&mntrId=243283f8000000000000e839df1f1b84
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telstra BigPond Home Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = det.nsw.edu.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe" -tsr
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MYOB AccountRight Server 2011.1 - Unknown owner - C:\Program Files (x86)\MYOB\AccountRight\2011.1\AU\Huxley.Server.WindowsService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rezip - Unknown owner - C:\Windows\SysWOW64\Rezip.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Sierra Wireless Card Detection Service (SwiCardDetectSvc) - Sierra Wireless, Inc. - C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10908 bytes


----------



## dvk01 (Dec 14, 2002)

Delete any existing version of ComboFix you have sitting on your desktop
*Please read and follow all these instructions very carefully*​* Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.  *

Download ComboFix from *Here*to your Desktop.
*As you download it rename it to username123.exe*

***Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer***
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


*Very Important!* *Temporarily disable* your *anti-virus* and *anti-malware* real-time protection and any *script blocking components of them or your firewall*_* before* _performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results" or stop combofix running at all_
Click on *THIS LINK * to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re enable the protection again after combofix has finished*
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running 
Double click on *renamed combofix.exe* & follow the prompts.​If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you. 
Please post the *"C:\ComboFix.txt" * for further review

*****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze *****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read  HERE  why we disable autoruns

*Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version. *

Please tell us if it has cured the problems or if there are any outstanding issues


----------



## ce2756 (Jul 5, 2012)

Thank you thank you thank you! 
This has fixed it! I've run both AVG and Avast multiple times and it is coming back clean!
My log for combofix is below should anything be of concern:

ComboFix 12-07-10.01 - Cam 11/07/2012 11:52:30.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3946.2589 [GMT 10:00]
Running from: c:\users\Cam\Desktop\username123.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\FullRemove.exe
c:\users\Cam\AppData\Local\aci.exe
c:\users\Cam\AppData\Roaming\.#
c:\windows\Installer\{ce4b07e2-64a8-d30b-cc84-4b88da4019e9}\@
c:\windows\Installer\{ce4b07e2-64a8-d30b-cc84-4b88da4019e9}\U\[email protected]
c:\windows\Installer\{ce4b07e2-64a8-d30b-cc84-4b88da4019e9}\U\[email protected]
c:\windows\Installer\{ce4b07e2-64a8-d30b-cc84-4b88da4019e9}\U\trzBFA1.tmp
c:\windows\Installer\{ce4b07e2-64a8-d30b-cc84-4b88da4019e9}\U\trzC57B.tmp
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-11 to 2012-07-11 )))))))))))))))))))))))))))))))
.
.
2012-07-11 01:58 . 2012-07-11 01:58 -------- dc----w- c:\users\Default\AppData\Local\temp
2012-07-06 03:39 . 2012-07-03 16:21 25232 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-06 03:39 . 2012-07-03 16:21 355856 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-06 03:38 . 2012-07-03 16:21 54072 -c--a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-06 03:38 . 2012-07-03 16:21 958400 -c--a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-06 03:38 . 2012-07-03 16:21 59728 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-06 03:38 . 2012-07-03 16:21 71064 -c--a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-06 03:38 . 2012-07-03 16:21 285328 -c--a-w- c:\windows\system32\aswBoot.exe
2012-07-06 03:38 . 2012-07-03 16:21 41224 -c--a-w- c:\windows\avastSS.scr
2012-07-06 03:38 . 2012-07-03 16:21 227648 -c--a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-06 03:38 . 2012-07-06 03:38 -------- dc----w- c:\programdata\AVAST Software
2012-07-06 03:38 . 2012-07-06 03:38 -------- dc----w- c:\program files\AVAST Software
2012-07-05 09:59 . 2012-07-05 09:59 -------- dc----w- c:\program files (x86)\GFI Software
2012-07-05 09:59 . 2012-07-05 09:59 -------- dc----w- c:\users\Cam\AppData\Roaming\GFI Software
2012-07-04 14:50 . 2012-07-06 03:13 -------- dc----w- c:\programdata\Spybot - Search & Destroy
2012-07-04 14:50 . 2012-07-05 20:12 -------- dc----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-04 00:59 . 2012-07-05 20:12 -------- dcsh--w- c:\windows\system32\%APPDATA%
2012-07-04 00:55 . 2012-07-04 02:20 -------- dc----w- c:\programdata\B7E858860000234300011D33B4EB2367
2012-07-04 00:55 . 2012-07-04 02:19 -------- dc----w- c:\users\Cam\AppData\Local\User
2012-07-04 00:55 . 2012-07-04 02:26 -------- dc----w- c:\users\Cam\AppData\Roaming\Awik
2012-07-04 00:55 . 2012-07-04 02:24 -------- dc----w- c:\users\Cam\AppData\Roaming\Igcaul
2012-07-04 00:55 . 2012-07-04 00:55 -------- dc----w- c:\users\Cam\AppData\Roaming\Bayrn
2012-06-22 08:57 . 2012-06-22 08:57 770384 -c--a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-22 08:57 . 2012-06-22 08:57 421200 -c--a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-21 02:56 . 2012-06-21 02:57 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 02:56 . 2012-06-21 02:57 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 02:56 . 2012-06-21 02:57 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 02:56 . 2012-06-21 02:57 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 02:56 . 2012-06-21 02:57 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 02:56 . 2012-06-21 02:57 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 02:56 . 2012-06-21 02:57 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 02:56 . 2012-06-21 02:57 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 02:56 . 2012-06-21 02:57 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-14 05:07 . 2012-06-15 01:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-14 05:07 . 2012-06-15 01:22 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-14 05:07 . 2012-06-15 01:21 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 05:07 . 2012-06-15 01:21 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 05:07 . 2012-06-15 01:21 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 05:07 . 2012-06-15 01:11 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 09:47 . 2012-06-12 09:50 -------- dc----w- c:\users\Cam\AppData\Roaming\EasyBurningSoftware
2012-06-12 09:47 . 2012-06-12 09:47 -------- dc----w- c:\users\Cam\AppData\Roaming\Easy Burning Software
2012-06-12 09:46 . 2012-06-12 09:46 -------- dc----w- c:\users\Cam\AppData\Local\Babylon
2012-06-12 09:46 . 2012-06-12 09:46 -------- dc----w- c:\users\Cam\AppData\Roaming\Babylon
2012-06-12 09:46 . 2012-06-12 09:46 -------- dc----w- c:\programdata\Babylon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-18 18:50 . 2012-04-18 18:50 28480 -c--a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BigPondWirelessBroadbandCM"="c:\program files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe" [2011-04-19 6606232]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-02 135664]
R2 MYOB AccountRight Server 2011.1;MYOB AccountRight Server 2011.1;c:\program files (x86)\MYOB\AccountRight\2011.1\AU\Huxley.Server.WindowsService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-02 135664]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-07-16 9216]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-22 113120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-09 22528]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-04 1255736]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2010-07-16 135168]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-18 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-30 36944]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-21 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-18 383808]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-03-31 13824]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-05 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-13 193288]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2010-09-02 308080]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-05 6789632]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-05 221184]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-04-29 340520]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-04-29 39464]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-01 136192]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-02 10:50]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-02 10:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 -c--a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=111442&babsrc=HP_ss&mntrId=243283f8000000000000e839df1f1b84
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = det.nsw.edu.au:8080
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.5.1
FF - ProfilePath - c:\users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\hs9b1i5c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - prefs.js: network.proxy.ftp - proxy.det.nsw.edu.au
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - proxy.det.nsw.edu.au
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.det.nsw.edu.au
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.det.nsw.edu.au
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
.
**************************************************************************
.
Completion time: 2012-07-11 12:10:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-11 02:10
.
Pre-Run: 88,678,805,504 bytes free
Post-Run: 88,583,979,008 bytes free
.
- - End Of File - - DD8E1F52CC2664E3908F34DE6CA4F65A

Your help is much appreciate


----------



## dvk01 (Dec 14, 2002)

did you knowingly install babylon translator as it frequently gets installed by this malware

Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press *SAVE * and choose desktop in the list of selections in that window & press save)

*Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished *

Close any open browsers 
Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .

*Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum *


----------



## ce2756 (Jul 5, 2012)

Thankyou I most certainly did not babylon translator.

I did what you asked and the report is below:

ComboFix 12-07-11.03 - Cam 12/07/2012 17:35:18.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3946.2483 [GMT 10:00]
Running from: c:\users\Cam\Desktop\ComboFix.exe
Command switches used :: c:\users\Cam\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\B7E858860000234300011D33B4EB2367
c:\programdata\B7E858860000234300011D33B4EB2367\B7E858860000234300011D33B4EB2367
c:\users\Cam\AppData\Local\User
c:\users\Cam\AppData\Roaming\Awik
c:\users\Cam\AppData\Roaming\Bayrn
c:\users\Cam\AppData\Roaming\Bayrn\ipci.hix
c:\users\Cam\AppData\Roaming\Igcaul
.
.
((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))
.
.
2012-07-12 07:40 . 2012-07-12 07:40 -------- dc----w- c:\users\Default\AppData\Local\temp
2012-07-06 03:39 . 2012-07-03 16:21 25232 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-06 03:39 . 2012-07-03 16:21 355856 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-06 03:38 . 2012-07-03 16:21 54072 -c--a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-06 03:38 . 2012-07-03 16:21 958400 -c--a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-06 03:38 . 2012-07-03 16:21 59728 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-06 03:38 . 2012-07-03 16:21 71064 -c--a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-06 03:38 . 2012-07-03 16:21 285328 -c--a-w- c:\windows\system32\aswBoot.exe
2012-07-06 03:38 . 2012-07-03 16:21 41224 -c--a-w- c:\windows\avastSS.scr
2012-07-06 03:38 . 2012-07-03 16:21 227648 -c--a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-06 03:38 . 2012-07-06 03:38 -------- dc----w- c:\programdata\AVAST Software
2012-07-06 03:38 . 2012-07-06 03:38 -------- dc----w- c:\program files\AVAST Software
2012-07-05 09:59 . 2012-07-05 09:59 -------- dc----w- c:\program files (x86)\GFI Software
2012-07-05 09:59 . 2012-07-05 09:59 -------- dc----w- c:\users\Cam\AppData\Roaming\GFI Software
2012-07-04 14:50 . 2012-07-11 09:49 -------- dc----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-04 14:50 . 2012-07-11 09:49 -------- dc----w- c:\programdata\Spybot - Search & Destroy
2012-07-04 00:59 . 2012-07-05 20:12 -------- dcsh--w- c:\windows\system32\%APPDATA%
2012-06-22 08:57 . 2012-06-22 08:57 770384 -c--a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-22 08:57 . 2012-06-22 08:57 421200 -c--a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-21 02:56 . 2012-06-21 02:57 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 02:56 . 2012-06-21 02:57 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 02:56 . 2012-06-21 02:57 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 02:56 . 2012-06-21 02:57 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 02:56 . 2012-06-21 02:57 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 02:56 . 2012-06-21 02:57 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 02:56 . 2012-06-21 02:57 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 02:56 . 2012-06-21 02:57 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 02:56 . 2012-06-21 02:57 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-14 05:07 . 2012-06-15 01:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-14 05:07 . 2012-06-15 01:22 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-14 05:07 . 2012-06-15 01:21 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 05:07 . 2012-06-15 01:21 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 05:07 . 2012-06-15 01:21 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 05:07 . 2012-06-15 01:11 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 09:47 . 2012-06-12 09:50 -------- dc----w- c:\users\Cam\AppData\Roaming\EasyBurningSoftware
2012-06-12 09:47 . 2012-06-12 09:47 -------- dc----w- c:\users\Cam\AppData\Roaming\Easy Burning Software
2012-06-12 09:46 . 2012-06-12 09:46 -------- dc----w- c:\users\Cam\AppData\Local\Babylon
2012-06-12 09:46 . 2012-06-12 09:46 -------- dc----w- c:\users\Cam\AppData\Roaming\Babylon
2012-06-12 09:46 . 2012-06-12 09:46 -------- dc----w- c:\programdata\Babylon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-18 18:50 . 2012-04-18 18:50 28480 -c--a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((( [email protected]_02.05.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-07-11 01:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-12 07:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-11 01:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-12 07:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-11 01:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-12 07:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-10 11:37 . 2012-07-11 06:10 40900 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-11 02:17 42644 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-02 10:10 . 2012-07-11 02:17 14522 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-623523310-632740671-589437365-1001_UserData.bin
- 2011-05-02 10:17 . 2012-07-11 02:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-02 10:17 . 2012-07-12 07:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-19 05:06 . 2012-07-11 02:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-19 05:06 . 2012-07-12 07:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-11 12:52 . 2012-07-11 12:52 25600 c:\windows\Installer\2048602.msi
+ 2011-08-10 11:36 . 2012-07-11 02:15 4354 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-05-02 10:07 . 2012-07-11 01:58 2554 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2011-05-02 10:07 . 2012-07-11 03:32 2554 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-07-11 01:59 . 2012-07-11 01:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-11 06:02 . 2012-07-11 06:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-11 01:59 . 2012-07-11 01:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-11 06:02 . 2012-07-11 06:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-02 19:24 . 2012-07-12 00:47 265050 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-07-11 09:57 665008 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-11 02:03 665008 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-11 02:03 125712 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-11 09:57 125712 c:\windows\system32\perfc009.dat
- 2011-05-02 11:03 . 2012-07-11 01:59 147456 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-02 11:03 . 2012-07-11 07:20 147456 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-11 07:20 720896  c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-11 01:59 720896 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:01 . 2012-07-11 03:32 449844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-11 01:58 449844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-04 08:37 . 2012-07-11 03:32 449844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-623523310-632740671-589437365-1001-8192.dat
- 2011-05-04 08:37 . 2012-07-10 23:38 449844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-623523310-632740671-589437365-1001-8192.dat
- 2011-05-02 11:03 . 2012-07-11 01:59 3457024 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-02 11:03 . 2012-07-11 07:20 3457024 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BigPondWirelessBroadbandCM"="c:\program files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe" [2011-04-19 6606232]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-02 135664]
R2 MYOB AccountRight Server 2011.1;MYOB AccountRight Server 2011.1;c:\program files (x86)\MYOB\AccountRight\2011.1\AU\Huxley.Server.WindowsService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-02 135664]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-07-16 9216]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-22 113120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-09 22528]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-04 1255736]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2010-07-16 135168]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-18 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-30 36944]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-21 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-18 383808]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-03-31 13824]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-05 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-13 193288]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2010-09-02 308080]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-05 6789632]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-05 221184]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-04-29 340520]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-04-29 39464]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-01 136192]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-02 10:50]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-02 10:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 -c--a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=111442&babsrc=HP_ss&mntrId=243283f8000000000000e839df1f1b84
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = det.nsw.edu.au:8080
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\hs9b1i5c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - prefs.js: network.proxy.ftp - proxy.det.nsw.edu.au
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - proxy.det.nsw.edu.au
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.det.nsw.edu.au
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.det.nsw.edu.au
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-12 17:42:19
ComboFix-quarantined-files.txt 2012-07-12 07:42
ComboFix2.txt 2012-07-11 02:11
.
Pre-Run: 87,687,229,440 bytes free
Post-Run: 87,683,182,592 bytes free
.
- - End Of File - - 0DBDF3C14EB579BEBF57086EBD839166


----------



## dvk01 (Dec 14, 2002)

OK lets see how much of babylon MBAM can get rid of
then we can remove any other left overs with Combofix afterwards

Please download Malwarebytes' Anti-Malware to your desktop
from  HERE  orHERE

Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

Update Malwarebytes' Anti-Malware. Launch Malwarebytes' Anti-Malware. Then click Finish.

If an update is found, it will download and install the latest version. Press Update to make sure the latest database is loaded. 
Once the program has loaded, select Perform full scan, then click Scan. 
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. 
Please include this log in your next reply.

It might ask you to reboot to finish cleaning. Please do so. ( Press YES on the alert) 
If you receive an (Error Loading xxxxxxxxxx .dll) error on reboot please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it continues on every boot


----------



## ce2756 (Jul 5, 2012)

It found 2 problems which were removed. Log below:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.12.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Cam :: CAM-PC [administrator]

Protection: Enabled

12/07/2012 7:55:29 PM
mbam-log-2012-07-12 (20-41-44).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 335686
Time elapsed: 45 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Qoobox\Quarantine\C\Windows\Installer\{ce4b07e2-64a8-d30b-cc84-4b88da4019e9}\U\[email protected] (Rootkit.0Access) -> No action taken.

(end)


----------



## dvk01 (Dec 14, 2002)

Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press *SAVE * and choose desktop in the list of selections in that window & press save)

*Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished *

Close any open browsers 
Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .

*Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum *


----------



## ce2756 (Jul 5, 2012)

ComboFix 12-07-13.01 - Cam 13/07/2012 19:33:22.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3946.2113 [GMT 10:00]
Running from: c:\users\Cam\Desktop\ComboFix.exe
Command switches used :: c:\users\Cam\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Babylon
c:\users\Cam\AppData\Local\Babylon
c:\users\Cam\AppData\Local\Babylon\Setup\bab033.tbinst.dat
c:\users\Cam\AppData\Local\Babylon\Setup\bab091.norecovericon.dat
c:\users\Cam\AppData\Local\Babylon\Setup\Babylon.dat
c:\users\Cam\AppData\Local\Babylon\Setup\BExternal.dll
c:\users\Cam\AppData\Local\Babylon\Setup\HtmlScreens\blueStar.png
c:\users\Cam\AppData\Local\Babylon\Setup\HtmlScreens\eula.html
c:\users\Cam\AppData\Local\Babylon\Setup\HtmlScreens\globe.png
c:\users\Cam\AppData\Local\Babylon\Setup\HtmlScreens\options.js
c:\users\Cam\AppData\Local\Babylon\Setup\HtmlScreens\page0.html
c:\users\Cam\AppData\Local\Babylon\Setup\HtmlScreens\page2.css
c:\users\Cam\AppData\Local\Babylon\Setup\HtmlScreens\page2.html
c:\users\Cam\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css
c:\users\Cam\AppData\Local\Babylon\Setup\HtmlScreens\page3.css
c:\users\Cam\AppData\Local\Babylon\Setup\HtmlScreens\page3.html
c:\users\Cam\AppData\Local\Babylon\Setup\HtmlScreens\page3Lrg.css
c:\users\Cam\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif
c:\users\Cam\AppData\Local\Babylon\Setup\HtmlScreens\progress.png
c:\users\Cam\AppData\Local\Babylon\Setup\HtmlScreens\setup.js
c:\users\Cam\AppData\Local\Babylon\Setup\HtmlScreens\title.png
c:\users\Cam\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg
c:\users\Cam\AppData\Local\Babylon\Setup\IECookieLow.dll
c:\users\Cam\AppData\Local\Babylon\Setup\Setup.exe
c:\users\Cam\AppData\Local\Babylon\Setup\SetupStrings.dat
c:\users\Cam\AppData\Local\Babylon\Setup\sqlite3.dll
c:\users\Cam\AppData\Roaming\Babylon
c:\users\Cam\AppData\Roaming\Babylon\log_file.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))
.
.
2012-07-13 09:38 . 2012-07-13 09:38 -------- dc----w- c:\users\Default\AppData\Local\temp
2012-07-12 09:50 . 2012-07-12 09:50 -------- dc----w- c:\users\Cam\AppData\Roaming\Malwarebytes
2012-07-12 09:50 . 2012-07-12 09:50 -------- dc----w- c:\programdata\Malwarebytes
2012-07-12 09:50 . 2011-07-07 21:55 41272 -c--a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-07-12 09:49 . 2012-07-12 09:52 -------- dc----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-12 09:49 . 2012-07-03 03:46 24904 -c--a-w- c:\windows\system32\drivers\mbam.sys
2012-07-06 03:39 . 2012-07-03 16:21 25232 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-06 03:39 . 2012-07-03 16:21 355856 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-06 03:38 . 2012-07-03 16:21 54072 -c--a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-06 03:38 . 2012-07-03 16:21 958400 -c--a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-06 03:38 . 2012-07-03 16:21 59728 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-06 03:38 . 2012-07-03 16:21 71064 -c--a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-06 03:38 . 2012-07-03 16:21 285328 -c--a-w- c:\windows\system32\aswBoot.exe
2012-07-06 03:38 . 2012-07-03 16:21 41224 -c--a-w- c:\windows\avastSS.scr
2012-07-06 03:38 . 2012-07-03 16:21 227648 -c--a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-06 03:38 . 2012-07-06 03:38 -------- dc----w- c:\programdata\AVAST Software
2012-07-06 03:38 . 2012-07-06 03:38 -------- dc----w- c:\program files\AVAST Software
2012-07-05 09:59 . 2012-07-05 09:59 -------- dc----w- c:\program files (x86)\GFI Software
2012-07-05 09:59 . 2012-07-05 09:59 -------- dc----w- c:\users\Cam\AppData\Roaming\GFI Software
2012-07-04 14:50 . 2012-07-11 09:49 -------- dc----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-04 14:50 . 2012-07-11 09:49 -------- dc----w- c:\programdata\Spybot - Search & Destroy
2012-07-04 00:59 . 2012-07-05 20:12 -------- dcsh--w- c:\windows\system32\%APPDATA%
2012-06-22 08:57 . 2012-06-22 08:57 770384 -c--a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-22 08:57 . 2012-06-22 08:57 421200 -c--a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-21 02:56 . 2012-06-21 02:57 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 02:56 . 2012-06-21 02:57 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 02:56 . 2012-06-21 02:57 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 02:56 . 2012-06-21 02:57 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 02:56 . 2012-06-21 02:57 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 02:56 . 2012-06-21 02:57 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 02:56 . 2012-06-21 02:57 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 02:56 . 2012-06-21 02:57 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 02:56 . 2012-06-21 02:57 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-14 05:07 . 2012-06-15 01:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-14 05:07 . 2012-06-15 01:22 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-14 05:07 . 2012-06-15 01:21 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 05:07 . 2012-06-15 01:21 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 05:07 . 2012-06-15 01:21 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 05:07 . 2012-06-15 01:11 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-18 18:50 . 2012-04-18 18:50 28480 -c--a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((( [email protected]_02.05.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-07-11 01:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-13 07:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-11 01:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-13 07:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-11 01:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-13 07:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-10 11:37 . 2012-07-11 06:10 40900 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-12 10:49 42928 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-02 10:10 . 2012-07-12 10:49 14796 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-623523310-632740671-589437365-1001_UserData.bin
- 2011-05-02 10:17 . 2012-07-11 02:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-02 10:17 . 2012-07-13 09:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-19 05:06 . 2012-07-13 09:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-19 05:06 . 2012-07-11 02:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-11 12:52 . 2012-07-11 12:52 25600 c:\windows\Installer\2048602.msi
+ 2011-08-10 11:36 . 2012-07-11 02:15 4354 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-05-02 10:07 . 2012-07-11 01:58 2554 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2011-05-02 10:07 . 2012-07-12 10:45 2554 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-07-11 01:59 . 2012-07-11 01:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-12 10:47 . 2012-07-12 10:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-12 10:47 . 2012-07-12 10:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-11 01:59 . 2012-07-11 01:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-02 19:24 . 2012-07-12 00:47 265050 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-11 02:03 665008 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-12 10:52 665008 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-12 10:52 125712 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-11 02:03 125712 c:\windows\system32\perfc009.dat
+ 2011-05-02 11:03 . 2012-07-13 07:31 147456 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-02 11:03 . 2012-07-11 01:59 147456 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-11 01:59 720896 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-13 07:31 720896 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:01 . 2012-07-12 10:45 449844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-11 01:58 449844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-04 08:37 . 2012-07-12 10:45 449844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-623523310-632740671-589437365-1001-8192.dat
- 2011-05-04 08:37 . 2012-07-10 23:38 449844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-623523310-632740671-589437365-1001-8192.dat
- 2011-05-02 11:03 . 2012-07-11 01:59 3457024 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-02 11:03 . 2012-07-13 07:31 3457024 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BigPondWirelessBroadbandCM"="c:\program files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe" [2011-04-19 6606232]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-02 135664]
R2 MYOB AccountRight Server 2011.1;MYOB AccountRight Server 2011.1;c:\program files (x86)\MYOB\AccountRight\2011.1\AU\Huxley.Server.WindowsService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-02 135664]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-07-16 9216]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-22 113120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-09 22528]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-04 1255736]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2010-07-16 135168]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-18 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-30 36944]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-21 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-18 383808]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-03-31 13824]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-05 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-13 193288]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2010-09-02 308080]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-05 6789632]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-05 221184]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-04-29 340520]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-04-29 39464]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-01 136192]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-02 10:50]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-02 10:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 -c--a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = det.nsw.edu.au:8080
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\hs9b1i5c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - prefs.js: network.proxy.ftp - proxy.det.nsw.edu.au
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - proxy.det.nsw.edu.au
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.det.nsw.edu.au
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.det.nsw.edu.au
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-13 19:40:46
ComboFix-quarantined-files.txt 2012-07-13 09:40
ComboFix2.txt 2012-07-12 07:42
ComboFix3.txt 2012-07-11 02:11
.
Pre-Run: 91,827,638,272 bytes free
Post-Run: 91,572,199,424 bytes free
.
- - End Of File - - 9A56738A9998B0BEE172B8A5D75B9A59


----------



## dvk01 (Dec 14, 2002)

how is it now 
are you having any more problems or is everything OK now


----------



## ce2756 (Jul 5, 2012)

Everything seems to be ok, Firefox has a 'lag' almost but otherwise everything seems to be back to normal
THANKS!!! I'm very grateful for your help! Cheers


----------



## dvk01 (Dec 14, 2002)

firefox is causing all sorts of problems for many users recently and I couldn't say whether you still might have some minor problems remaining or whether it is firefox itself being a pest

My firefox is much slower & more laggy than the previous version was 
it seems that rvery update to firefox brings in more overheads & bugginess

*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click *START* then * RUN*
* Now type *Combofix /Uninstall * in the runbox and click *OK*. Note the *space *between the *X* and the */U*, it needs to be there.









This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here* http://www.thespykiller.co.uk/index.php?page=3 *for info on how to tighten your security settings and how to help prevent future attacks.

and scan here* http://secunia.com/vulnerability_scanning/online/* for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. * If windows update doesn't work, please come back & tell us*


----------



## dvk01 (Dec 14, 2002)

you might find firefox won't be so laggy if you turn off the proxy that you are using

you appear to be running it through your university/school/employer network. if you don't have to use the proxy for connection then 


In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.


----------



## ce2756 (Jul 5, 2012)

Cheers Derek, 

Have used your run command to uninstall Combixfix. 

Thanks for the tip re: the proxy. Still didn't realise it was still 'active' as per say 

I have downloaded the scanner as per say. And am scanning as we speak.

It's funny you mention java as a malware problem all this seemed to occur after Java kept telling me it needed to update, so I did ....


----------



## ce2756 (Jul 5, 2012)

The Secunia program identifies that Windows needs to update. When I click on update it opens the system update but all 8 items fail (see screen shot). Windows help suggests to do the following:

*To change or restart the Background Intelligent Transfer Service (BITS)*


 Click to open Administrative Tools.
 Double-click Services.







If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
 Right-click the Background Intelligent Transfer Service (BITS) service, and then click Properties.
 On the General tab, next to Startup type, make sure that Automatic (Delayed Start) is selected.
 Next to Service status, check to see if the service is started. If it's not, click Start.

BUT Background Intelligent .... isn't in the list? So it won't let me update?


----------



## dvk01 (Dec 14, 2002)

try this 
Run the fixit on http://support.microsoft.com/kb/971058 Run it in agressive mode & let us know if Windows update works then


----------



## ce2756 (Jul 5, 2012)

I get the error message in the screen shot


----------



## dvk01 (Dec 14, 2002)

d9d you downlo0ad the fixit to run it on your computer or did you run it on the website 

make sure you save it to the computer & right click it & run as admin 

see if that works


----------



## ce2756 (Jul 5, 2012)

It downloaded. Deleted and downloaded again, no better. Deleted and decided to try from I.E. as it gives you the option to download or run. No good either. Regardless of double clicking or right click and run as admin


----------



## dvk01 (Dec 14, 2002)

looks like you are going to need to reinstall windows then with this one

we can try this first & see if it finds another rootkit that hasn't yet shown up

Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

post back with its log

By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
Logs have names like: UtilityName.Version_Date_Time_log.txt.
E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt


----------



## ce2756 (Jul 5, 2012)

It told me it found nothing, but the log is below as requested:

22:28:06.0603 5584 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
22:28:08.0605 5584 ============================================================
22:28:08.0606 5584 Current date / time: 2012/07/13 22:28:08.0605
22:28:08.0606 5584 SystemInfo:
22:28:08.0606 5584 
22:28:08.0606 5584 OS Version: 6.1.7601 ServicePack: 1.0
22:28:08.0606 5584 Product type: Workstation
22:28:08.0606 5584 ComputerName: CAM-PC
22:28:08.0606 5584 UserName: Cam
22:28:08.0606 5584 Windows directory: C:\Windows
22:28:08.0606 5584 System windows directory: C:\Windows
22:28:08.0606 5584 Running under WOW64
22:28:08.0606 5584 Processor architecture: Intel x64
22:28:08.0606 5584 Number of processors: 4
22:28:08.0606 5584 Page size: 0x1000
22:28:08.0606 5584 Boot type: Normal boot
22:28:08.0606 5584 ============================================================
22:28:09.0375 5584 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:28:09.0381 5584 ============================================================
22:28:09.0381 5584 \Device\Harddisk0\DR0:
22:28:09.0381 5584 MBR partitions:
22:28:09.0381 5584 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
22:28:09.0381 5584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x16600000
22:28:09.0408 5584 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x18E33000, BlocksNum 0x21552800
22:28:09.0408 5584 ============================================================
22:28:09.0455 5584 C: <-> \Device\Harddisk0\DR0\Partition1
22:28:09.0494 5584 D: <-> \Device\Harddisk0\DR0\Partition2
22:28:09.0495 5584 ============================================================
22:28:09.0495 5584 Initialize success
22:28:09.0495 5584 ============================================================
22:28:13.0507 4356 ============================================================
22:28:13.0507 4356 Scan started
22:28:13.0507 4356 Mode: Manual; 
22:28:13.0507 4356 ============================================================
22:28:14.0993 4356 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:28:14.0998 4356 1394ohci - ok
22:28:15.0074 4356 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:28:15.0078 4356 ACPI - ok
22:28:15.0122 4356 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:28:15.0124 4356 AcpiPmi - ok
22:28:15.0264 4356 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:28:15.0266 4356 AdobeARMservice - ok
22:28:15.0411 4356 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:28:15.0414 4356 AdobeFlashPlayerUpdateSvc - ok
22:28:15.0477 4356 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:28:15.0488 4356 adp94xx - ok
22:28:15.0514 4356 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:28:15.0520 4356 adpahci - ok
22:28:15.0543 4356 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:28:15.0546 4356 adpu320 - ok
22:28:15.0580 4356 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:28:15.0581 4356 AeLookupSvc - ok
22:28:15.0657 4356 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:28:15.0662 4356 AFD - ok
22:28:15.0735 4356 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:28:15.0737 4356 agp440 - ok
22:28:15.0767 4356 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:28:15.0769 4356 ALG - ok
22:28:15.0816 4356 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:28:15.0819 4356 aliide - ok
22:28:15.0867 4356 AMD External Events Utility (0642a7b1c4b119ae2aaf1aa61cf69668) C:\Windows\system32\atiesrxx.exe
22:28:15.0870 4356 AMD External Events Utility - ok
22:28:15.0902 4356 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:28:15.0903 4356 amdide - ok
22:28:15.0943 4356 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:28:15.0945 4356 AmdK8 - ok
22:28:16.0303 4356 amdkmdag (c6c0f73a038ff38ebbd9c16f79f8d3e3) C:\Windows\system32\DRIVERS\atikmdag.sys
22:28:16.0400 4356 amdkmdag - ok
22:28:16.0580 4356 amdkmdap (4647d713cff04fae4f862b3144725bc1) C:\Windows\system32\DRIVERS\atikmpag.sys
22:28:16.0604 4356 amdkmdap - ok
22:28:16.0648 4356 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:28:16.0650 4356 AmdPPM - ok
22:28:16.0700 4356 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:28:16.0703 4356 amdsata - ok
22:28:16.0741 4356 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:28:16.0745 4356 amdsbs - ok
22:28:16.0767 4356 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:28:16.0769 4356 amdxata - ok
22:28:16.0830 4356 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:28:16.0831 4356 AppID - ok
22:28:16.0868 4356 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:28:16.0870 4356 AppIDSvc - ok
22:28:16.0946 4356 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:28:16.0948 4356 Appinfo - ok
22:28:17.0084 4356 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:28:17.0086 4356 Apple Mobile Device - ok
22:28:17.0137 4356 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:28:17.0140 4356 arc - ok
22:28:17.0181 4356 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:28:17.0184 4356 arcsas - ok
22:28:17.0325 4356 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:28:17.0327 4356 aspnet_state - ok
22:28:17.0364 4356 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
22:28:17.0366 4356 aswFsBlk - ok
22:28:17.0384 4356 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
22:28:17.0386 4356 aswMonFlt - ok
22:28:17.0398 4356 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys
22:28:17.0400 4356 aswRdr - ok
22:28:17.0449 4356 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
22:28:17.0464 4356 aswSnx - ok
22:28:17.0496 4356 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
22:28:17.0503 4356 aswSP - ok
22:28:17.0521 4356 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys
22:28:17.0523 4356 aswTdi - ok
22:28:17.0575 4356 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:28:17.0576 4356 AsyncMac - ok
22:28:17.0646 4356 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:28:17.0648 4356 atapi - ok
22:28:17.0717 4356 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
22:28:17.0721 4356 AtiHdmiService - ok
22:28:18.0024 4356 atikmdag (c6c0f73a038ff38ebbd9c16f79f8d3e3) C:\Windows\system32\DRIVERS\atikmdag.sys
22:28:18.0056 4356 atikmdag - ok
22:28:18.0196 4356 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:28:18.0204 4356 AudioEndpointBuilder - ok
22:28:18.0211 4356 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:28:18.0215 4356 AudioSrv - ok
22:28:18.0280 4356 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:28:18.0281 4356 avast! Antivirus - ok
22:28:18.0716 4356 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
22:28:18.0790 4356 AVGIDSAgent - ok
22:28:18.0948 4356 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
22:28:18.0952 4356 AVGIDSDriver - ok
22:28:18.0995 4356 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
22:28:18.0997 4356 AVGIDSFilter - ok
22:28:19.0031 4356 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
22:28:19.0034 4356 AVGIDSHA - ok
22:28:19.0111 4356 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
22:28:19.0117 4356 Avgldx64 - ok
22:28:19.0162 4356 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
22:28:19.0164 4356 Avgmfx64 - ok
22:28:19.0201 4356 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
22:28:19.0204 4356 Avgrkx64 - ok
22:28:19.0252 4356 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
22:28:19.0260 4356 Avgtdia - ok
22:28:19.0404 4356 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
22:28:19.0408 4356 avgwd - ok
22:28:19.0476 4356 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:28:19.0479 4356 AxInstSV - ok
22:28:19.0535 4356 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:28:19.0546 4356 b06bdrv - ok
22:28:19.0580 4356 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:28:19.0587 4356 b57nd60a - ok
22:28:19.0731 4356 BCM43XX (96cc359d243b3c947db036e941ea213d) C:\Windows\system32\DRIVERS\bcmwl664.sys
22:28:19.0777 4356 BCM43XX - ok
22:28:19.0908 4356 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:28:19.0911 4356 BDESVC - ok
22:28:19.0939 4356 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:28:19.0941 4356 Beep - ok
22:28:20.0024 4356 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:28:20.0033 4356 BFE - ok
22:28:20.0082 4356 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:28:20.0085 4356 blbdrive - ok
22:28:20.0226 4356 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:28:20.0232 4356 Bonjour Service - ok
22:28:20.0280 4356 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:28:20.0283 4356 bowser - ok
22:28:20.0298 4356 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:28:20.0300 4356 BrFiltLo - ok
22:28:20.0318 4356 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:28:20.0320 4356 BrFiltUp - ok
22:28:20.0352 4356 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:28:20.0355 4356 BridgeMP - ok
22:28:20.0409 4356 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:28:20.0411 4356 Browser - ok
22:28:20.0427 4356 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:28:20.0433 4356 Brserid - ok
22:28:20.0450 4356 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:28:20.0453 4356 BrSerWdm - ok
22:28:20.0455 4356 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:28:20.0457 4356 BrUsbMdm - ok
22:28:20.0459 4356 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:28:20.0461 4356 BrUsbSer - ok
22:28:20.0539 4356 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
22:28:20.0557 4356 BthEnum - ok
22:28:20.0635 4356 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:28:20.0637 4356 BTHMODEM - ok
22:28:20.0673 4356 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
22:28:20.0676 4356 BthPan - ok
22:28:20.0739 4356 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
22:28:20.0747 4356 BTHPORT - ok
22:28:20.0787 4356 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:28:20.0789 4356 bthserv - ok
22:28:20.0856 4356 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
22:28:20.0858 4356 BTHUSB - ok
22:28:20.0920 4356 btwampfl (ee215ac3c16f00667d0fc391d018c8fd) C:\Windows\system32\drivers\btwampfl.sys
22:28:20.0927 4356 btwampfl - ok
22:28:20.0974 4356 btwaudio (ebc9e33c13cdd6c51c1134eae46466a1) C:\Windows\system32\drivers\btwaudio.sys
22:28:20.0978 4356 btwaudio - ok
22:28:21.0029 4356 btwavdt (43fb7fa896d87aa5a9f3e743d7e2303f) C:\Windows\system32\DRIVERS\btwavdt.sys
22:28:21.0034 4356 btwavdt - ok
22:28:21.0209 4356 btwdins (0d86d2c7659588db97bdb1ae74d95875) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:28:21.0222 4356 btwdins - ok
22:28:21.0248 4356 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
22:28:21.0251 4356 btwl2cap - ok
22:28:21.0272 4356 btwrchid  (1aed551a8cb2f2343eda09109eef4807) C:\Windows\system32\DRIVERS\btwrchid.sys
22:28:21.0275 4356 btwrchid - ok
22:28:21.0315 4356 catchme - ok
22:28:21.0339 4356 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:28:21.0342 4356 cdfs - ok
22:28:21.0407 4356 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:28:21.0410 4356 cdrom - ok
22:28:21.0471 4356 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:28:21.0473 4356 CertPropSvc - ok
22:28:21.0498 4356 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:28:21.0500 4356 circlass - ok
22:28:21.0542 4356 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:28:21.0547 4356 CLFS - ok
22:28:21.0632 4356 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:28:21.0635 4356 clr_optimization_v2.0.50727_32 - ok
22:28:21.0670 4356 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:28:21.0672 4356 clr_optimization_v2.0.50727_64 - ok
22:28:21.0757 4356 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:28:21.0760 4356 clr_optimization_v4.0.30319_32 - ok
22:28:21.0819 4356 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:28:21.0823 4356 clr_optimization_v4.0.30319_64 - ok
22:28:21.0855 4356 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:28:21.0857 4356 CmBatt - ok
22:28:21.0901 4356 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:28:21.0903 4356 cmdide - ok
22:28:21.0968 4356 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:28:21.0974 4356 CNG - ok
22:28:22.0025 4356 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:28:22.0027 4356 Compbatt - ok
22:28:22.0081 4356 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:28:22.0083 4356 CompositeBus - ok
22:28:22.0094 4356 COMSysApp - ok
22:28:22.0114 4356 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:28:22.0116 4356 crcdisk - ok
22:28:22.0181 4356 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
22:28:22.0185 4356 CryptSvc - ok
22:28:22.0252 4356 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:28:22.0262 4356 DcomLaunch - ok
22:28:22.0302 4356 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:28:22.0308 4356 defragsvc - ok
22:28:22.0374 4356 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:28:22.0377 4356 DfsC - ok
22:28:22.0444 4356 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:28:22.0450 4356 Dhcp - ok
22:28:22.0478 4356 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:28:22.0479 4356 discache - ok
22:28:22.0522 4356 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:28:22.0524 4356 Disk - ok
22:28:22.0593 4356 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:28:22.0598 4356 Dnscache - ok
22:28:22.0660 4356 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:28:22.0665 4356 dot3svc - ok
22:28:22.0738 4356 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:28:22.0743 4356 DPS - ok
22:28:22.0793 4356 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:28:22.0795 4356 drmkaud - ok
22:28:22.0919 4356 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:28:22.0933 4356 DXGKrnl - ok
22:28:22.0981 4356 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:28:22.0985 4356 EapHost - ok
22:28:23.0120 4356 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:28:23.0170 4356 ebdrv - ok
22:28:23.0220 4356 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:28:23.0223 4356 EFS - ok
22:28:23.0326 4356 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:28:23.0336 4356 ehRecvr - ok
22:28:23.0367 4356 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:28:23.0370 4356 ehSched - ok
22:28:23.0451 4356 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:28:23.0463 4356 elxstor - ok
22:28:23.0507 4356 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:28:23.0509 4356 ErrDev - ok
22:28:23.0542 4356 ETD (438021c3f32f30e227d0f5dfd118b7b1) C:\Windows\system32\DRIVERS\ETD.sys
22:28:23.0546 4356 ETD - ok
22:28:23.0588 4356 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:28:23.0595 4356 EventSystem - ok
22:28:23.0635 4356 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:28:23.0639 4356 exfat - ok
22:28:23.0663 4356 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:28:23.0667 4356 fastfat - ok
22:28:23.0752 4356 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:28:23.0764 4356 Fax - ok
22:28:23.0774 4356 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:28:23.0777 4356 fdc - ok
22:28:23.0815 4356 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:28:23.0818 4356 fdPHost - ok
22:28:23.0829 4356 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:28:23.0832 4356 FDResPub - ok
22:28:23.0872 4356 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:28:23.0875 4356 FileInfo - ok
22:28:23.0888 4356 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:28:23.0890 4356 Filetrace - ok
22:28:23.0906 4356 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:28:23.0908 4356 flpydisk - ok
22:28:23.0964 4356 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:28:23.0969 4356 FltMgr - ok
22:28:24.0076 4356 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:28:24.0094 4356 FontCache - ok
22:28:24.0173 4356 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:28:24.0176 4356 FontCache3.0.0.0 - ok
22:28:24.0212 4356 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:28:24.0214 4356 FsDepends - ok
22:28:24.0250 4356 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:28:24.0252 4356 Fs_Rec - ok
22:28:24.0309 4356 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:28:24.0312 4356 fvevol - ok
22:28:24.0345 4356 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:28:24.0348 4356 gagp30kx - ok
22:28:24.0390 4356 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:28:24.0392 4356 GEARAspiWDM - ok
22:28:24.0484 4356 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:28:24.0498 4356 gpsvc - ok
22:28:24.0617 4356 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:28:24.0621 4356 gupdate - ok
22:28:24.0656 4356 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:28:24.0658 4356 gupdatem - ok
22:28:24.0733 4356 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:28:24.0738 4356 gusvc - ok
22:28:24.0772 4356 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:28:24.0774 4356 hcw85cir - ok
22:28:24.0842 4356 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:28:24.0849 4356 HdAudAddService - ok
22:28:24.0900 4356 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:28:24.0903 4356 HDAudBus - ok
22:28:24.0931 4356 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:28:24.0934 4356 HidBatt - ok
22:28:24.0959 4356 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:28:24.0962 4356 HidBth - ok
22:28:24.0988 4356 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:28:24.0991 4356 HidIr - ok
22:28:25.0011 4356 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:28:25.0015 4356 hidserv - ok
22:28:25.0085 4356 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
22:28:25.0088 4356 HidUsb - ok
22:28:25.0145 4356 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:28:25.0150 4356 hkmsvc - ok
22:28:25.0207 4356 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:28:25.0214 4356 HomeGroupListener - ok
22:28:25.0273 4356 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:28:25.0280 4356 HomeGroupProvider - ok
22:28:25.0347 4356 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:28:25.0350 4356 HpSAMD - ok
22:28:25.0441 4356 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:28:25.0452 4356 HTTP - ok
22:28:25.0510 4356 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:28:25.0512 4356 hwpolicy - ok
22:28:25.0590 4356 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:28:25.0593 4356 i8042prt - ok
22:28:25.0644 4356 iaStor (a5f72bb0d024e7e463344105be613ae4) C:\Windows\system32\DRIVERS\iaStor.sys
22:28:25.0650 4356 iaStor - ok
22:28:25.0716 4356 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:28:25.0725 4356 iaStorV - ok
22:28:25.0840 4356 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:28:25.0853 4356 idsvc - ok
22:28:26.0058 4356 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:28:26.0131 4356 igfx - ok
22:28:26.0238 4356 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:28:26.0241 4356 iirsp - ok
22:28:26.0333 4356 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:28:26.0348 4356 IKEEXT - ok
22:28:26.0395 4356 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
22:28:26.0398 4356 Impcd - ok
22:28:26.0527 4356 IntcAzAudAddService (0adf714079ae174a39d69036143e4c50) C:\Windows\system32\drivers\RTKVHD64.sys
22:28:26.0580 4356 IntcAzAudAddService - ok
22:28:26.0722 4356 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:28:26.0724 4356 intelide - ok
22:28:26.0757 4356 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:28:26.0759 4356 intelppm - ok
22:28:26.0805 4356 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:28:26.0808 4356 IPBusEnum - ok
22:28:26.0843 4356 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:28:26.0845 4356 IpFilterDriver - ok
22:28:26.0902 4356 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:28:26.0911 4356 iphlpsvc - ok
22:28:26.0971 4356 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:28:26.0979 4356 IPMIDRV - ok
22:28:27.0021 4356 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:28:27.0024 4356 IPNAT - ok
22:28:27.0149 4356 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
22:28:27.0163 4356 iPod Service - ok
22:28:27.0205 4356 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:28:27.0207 4356 IRENUM - ok
22:28:27.0249 4356 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:28:27.0251 4356 isapnp - ok
22:28:27.0293 4356 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:28:27.0297 4356 iScsiPrt - ok
22:28:27.0320 4356 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:28:27.0322 4356 kbdclass - ok
22:28:27.0354 4356 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:28:27.0356 4356 kbdhid - ok
22:28:27.0386 4356 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:28:27.0388 4356 KeyIso - ok
22:28:27.0400 4356 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:28:27.0403 4356 KSecDD - ok
22:28:27.0418 4356 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:28:27.0421 4356 KSecPkg - ok
22:28:27.0449 4356 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:28:27.0451 4356 ksthunk - ok
22:28:27.0492 4356 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:28:27.0498 4356 KtmRm - ok
22:28:27.0550 4356 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
22:28:27.0557 4356 LanmanServer - ok
22:28:27.0601 4356 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:28:27.0607 4356 LanmanWorkstation - ok
22:28:27.0632 4356 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:28:27.0634 4356 lltdio - ok
22:28:27.0673 4356 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:28:27.0680 4356 lltdsvc - ok
22:28:27.0692 4356 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:28:27.0696 4356 lmhosts - ok
22:28:27.0739 4356 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:28:27.0742 4356 LSI_FC - ok
22:28:27.0766 4356 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:28:27.0769 4356 LSI_SAS - ok
22:28:27.0788 4356 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:28:27.0790 4356 LSI_SAS2 - ok
22:28:27.0810 4356 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:28:27.0813 4356 LSI_SCSI - ok
22:28:27.0838 4356 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:28:27.0841 4356 luafv - ok
22:28:27.0907 4356 massfilter (f093ef8279734393b0a134fb55c5657d) C:\Windows\system32\drivers\massfilter.sys
22:28:27.0910 4356 massfilter - ok
22:28:27.0963 4356 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
22:28:27.0966 4356 MBAMProtector - ok
22:28:28.0046 4356 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:28:28.0057 4356 MBAMService - ok
22:28:28.0121 4356 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:28:28.0126 4356 Mcx2Svc - ok
22:28:28.0140 4356 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:28:28.0143 4356 megasas - ok
22:28:28.0180 4356 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:28:28.0188 4356 MegaSR - ok
22:28:28.0235 4356 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:28:28.0238 4356 MMCSS - ok
22:28:28.0266 4356 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:28:28.0269 4356 Modem - ok
22:28:28.0295 4356 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:28:28.0296 4356 monitor - ok
22:28:28.0359 4356 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
22:28:28.0361 4356 mouclass - ok
22:28:28.0402 4356 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:28:28.0405 4356 mouhid - ok
22:28:28.0445 4356 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:28:28.0447 4356 mountmgr - ok
22:28:28.0570 4356 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:28:28.0571 4356 MozillaMaintenance - ok
22:28:28.0611 4356 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:28:28.0615 4356 mpio - ok
22:28:28.0650 4356 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:28:28.0653 4356 mpsdrv - ok
22:28:28.0790 4356 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:28:28.0806 4356 MpsSvc - ok
22:28:28.0865 4356 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:28:28.0868 4356 MRxDAV - ok
22:28:28.0919 4356 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:28:28.0923 4356 mrxsmb - ok
22:28:28.0975 4356 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:28:28.0981 4356 mrxsmb10 - ok
22:28:29.0028 4356 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:28:29.0031 4356 mrxsmb20 - ok
22:28:29.0072 4356 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:28:29.0075 4356 msahci - ok
22:28:29.0118 4356 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:28:29.0122 4356 msdsm - ok
22:28:29.0168 4356 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:28:29.0173 4356 MSDTC - ok
22:28:29.0205 4356 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:28:29.0207 4356 Msfs - ok
22:28:29.0235 4356 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:28:29.0236 4356 mshidkmdf - ok
22:28:29.0280 4356 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:28:29.0282 4356 msisadrv - ok
22:28:29.0311 4356 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:28:29.0315 4356 MSiSCSI - ok
22:28:29.0319 4356 msiserver - ok
22:28:29.0347 4356 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:28:29.0349 4356 MSKSSRV - ok
22:28:29.0398 4356 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:28:29.0400 4356 MSPCLOCK - ok
22:28:29.0417 4356 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:28:29.0419 4356 MSPQM - ok
22:28:29.0471 4356 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:28:29.0478 4356 MsRPC - ok
22:28:29.0518 4356 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:28:29.0519 4356 mssmbios - ok
22:28:29.0546 4356 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:28:29.0548 4356 MSTEE - ok
22:28:29.0570 4356 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:28:29.0572 4356 MTConfig - ok
22:28:29.0608 4356 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:28:29.0611 4356 Mup - ok
22:28:29.0679 4356 MYOB AccountRight Server 2011.1 - ok
22:28:29.0747 4356 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:28:29.0761 4356 napagent - ok
22:28:29.0816 4356 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:28:29.0820 4356 NativeWifiP - ok
22:28:29.0939 4356 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:28:29.0951 4356 NDIS - ok
22:28:29.0978 4356 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:28:29.0980 4356 NdisCap - ok
22:28:30.0022 4356 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:28:30.0024 4356 NdisTapi - ok
22:28:30.0062 4356 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:28:30.0064 4356 Ndisuio - ok
22:28:30.0114 4356 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:28:30.0118 4356 NdisWan - ok
22:28:30.0165 4356 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:28:30.0167 4356 NDProxy - ok
22:28:30.0220 4356 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
22:28:30.0223 4356 Netaapl - ok
22:28:30.0253 4356 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:28:30.0255 4356 NetBIOS - ok
22:28:30.0311 4356 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:28:30.0315 4356 NetBT - ok
22:28:30.0354 4356 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:28:30.0357 4356 Netlogon - ok
22:28:30.0416 4356 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:28:30.0423 4356 Netman - ok
22:28:30.0533 4356 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:28:30.0537 4356 NetMsmqActivator - ok
22:28:30.0545 4356 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:28:30.0548 4356 NetPipeActivator - ok
22:28:30.0592 4356 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:28:30.0600 4356 netprofm - ok
22:28:30.0611 4356 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:28:30.0613 4356 NetTcpActivator - ok
22:28:30.0617 4356 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:28:30.0619 4356 NetTcpPortSharing - ok
22:28:30.0675 4356 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:28:30.0678 4356 nfrd960 - ok
22:28:30.0740 4356 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:28:30.0747 4356 NlaSvc - ok
22:28:30.0773 4356 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:28:30.0776 4356 Npfs - ok
22:28:30.0802 4356 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:28:30.0805 4356 nsi - ok
22:28:30.0814 4356 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:28:30.0816 4356 nsiproxy - ok
22:28:30.0929 4356 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:28:30.0946 4356 Ntfs - ok
22:28:31.0062 4356 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:28:31.0064 4356 Null - ok
22:28:31.0124 4356 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:28:31.0129 4356 nvraid - ok
22:28:31.0163 4356 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:28:31.0169 4356 nvstor - ok
22:28:31.0235 4356 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:28:31.0240 4356 nv_agp - ok
22:28:31.0372 4356 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:28:31.0378 4356 odserv - ok
22:28:31.0413 4356 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:28:31.0415 4356 ohci1394 - ok
22:28:31.0480 4356 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:28:31.0483 4356 ose - ok
22:28:31.0516 4356 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:28:31.0522 4356 p2pimsvc - ok
22:28:31.0554 4356 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:28:31.0560 4356 p2psvc - ok
22:28:31.0588 4356 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:28:31.0591 4356 Parport - ok
22:28:31.0623 4356 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:28:31.0624 4356 partmgr - ok
22:28:31.0647 4356 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:28:31.0651 4356 PcaSvc - ok
22:28:31.0701 4356 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:28:31.0704 4356 pci - ok
22:28:31.0739 4356 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:28:31.0740 4356 pciide - ok
22:28:31.0779 4356 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:28:31.0783 4356 pcmcia - ok
22:28:31.0799 4356 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:28:31.0800 4356 pcw - ok
22:28:31.0836 4356 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:28:31.0844 4356 PEAUTH - ok
22:28:31.0922 4356 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:28:31.0925 4356 PerfHost - ok
22:28:32.0036 4356 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:28:32.0054 4356 pla - ok
22:28:32.0115 4356 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:28:32.0123 4356 PlugPlay - ok
22:28:32.0147 4356 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:28:32.0151 4356 PNRPAutoReg - ok
22:28:32.0184 4356 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:28:32.0189 4356 PNRPsvc - ok
22:28:32.0254 4356 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:28:32.0262 4356 PolicyAgent - ok
22:28:32.0300 4356 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:28:32.0307 4356 Power - ok
22:28:32.0374 4356 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:28:32.0377 4356 PptpMiniport - ok
22:28:32.0403 4356 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:28:32.0406 4356 Processor - ok
22:28:32.0460 4356 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
22:28:32.0467 4356 ProfSvc - ok
22:28:32.0522 4356 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:28:32.0524 4356 ProtectedStorage - ok
22:28:32.0572 4356 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:28:32.0573 4356 Psched - ok
22:28:32.0674 4356 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
22:28:32.0687 4356 PSI - ok
22:28:32.0786 4356 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:28:32.0811 4356 ql2300 - ok
22:28:32.0844 4356 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:28:32.0847 4356 ql40xx - ok
22:28:32.0882 4356 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:28:32.0887 4356 QWAVE - ok
22:28:32.0898 4356 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:28:32.0901 4356 QWAVEdrv - ok
22:28:32.0918 4356 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:28:32.0919 4356 RasAcd - ok
22:28:32.0944 4356 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:28:32.0946 4356 RasAgileVpn - ok
22:28:32.0961 4356 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:28:32.0966 4356 RasAuto - ok
22:28:33.0008 4356 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:28:33.0011 4356 Rasl2tp - ok
22:28:33.0090 4356 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:28:33.0096 4356 RasMan - ok
22:28:33.0117 4356 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:28:33.0119 4356 RasPppoe - ok
22:28:33.0139 4356 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:28:33.0142 4356 RasSstp - ok
22:28:33.0194 4356 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:28:33.0198 4356 rdbss - ok
22:28:33.0220 4356 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:28:33.0222 4356 rdpbus - ok
22:28:33.0247 4356 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:28:33.0249 4356 RDPCDD - ok
22:28:33.0266 4356 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:28:33.0268 4356 RDPENCDD - ok
22:28:33.0278 4356 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:28:33.0279 4356 RDPREFMP - ok
22:28:33.0323 4356 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
22:28:33.0326 4356 RDPWD - ok
22:28:33.0385 4356 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:28:33.0388 4356 rdyboost - ok
22:28:33.0430 4356 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:28:33.0434 4356 RemoteAccess - ok
22:28:33.0485 4356 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:28:33.0489 4356 RemoteRegistry - ok
22:28:33.0624 4356 Rezip (f85ae59a52885f4b09aadafb23001a3b) C:\Windows\SysWOW64\Rezip.exe
22:28:33.0629 4356 Rezip - ok
22:28:33.0667 4356 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
22:28:33.0671 4356 RFCOMM - ok
22:28:33.0708 4356 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:28:33.0713 4356 RpcEptMapper - ok
22:28:33.0740 4356 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:28:33.0743 4356 RpcLocator - ok
22:28:33.0805 4356 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:28:33.0812 4356 RpcSs - ok
22:28:33.0838 4356 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:28:33.0840 4356 rspndr - ok
22:28:33.0857 4356 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:28:33.0863 4356 RTL8167 - ok
22:28:33.0904 4356 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\Windows\system32\Drivers\SABI.sys
22:28:33.0907 4356 SABI - ok
22:28:33.0943 4356 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:28:33.0947 4356 SamSs - ok
22:28:33.0996 4356 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:28:34.0000 4356 sbp2port - ok
22:28:34.0041 4356 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:28:34.0049 4356 SCardSvr - ok
22:28:34.0090 4356 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:28:34.0093 4356 scfilter - ok
22:28:34.0191 4356 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:28:34.0208 4356 Schedule - ok
22:28:34.0259 4356 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:28:34.0262 4356 SCPolicySvc - ok
22:28:34.0276 4356 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:28:34.0281 4356 SDRSVC - ok
22:28:34.0345 4356 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:28:34.0346 4356 secdrv - ok
22:28:34.0390 4356 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:28:34.0394 4356 seclogon - ok
22:28:34.0588 4356 Secunia PSI Agent (f70a51eb03ee7046784ef62efce9528e) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
22:28:34.0598 4356 Secunia PSI Agent - ok
22:28:34.0720 4356 Secunia Update Agent (ad56ceb08eeb517332355fde9e5939c8) C:\Program Files (x86)\Secunia\PSI\sua.exe
22:28:34.0896 4356 Secunia Update Agent - ok
22:28:34.0934 4356 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:28:34.0940 4356 SENS - ok
22:28:34.0979 4356 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:28:34.0985 4356 SensrSvc - ok
22:28:35.0031 4356 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:28:35.0033 4356 Serenum - ok
22:28:35.0071 4356 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:28:35.0074 4356 Serial - ok
22:28:35.0131 4356 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:28:35.0133 4356 sermouse - ok
22:28:35.0189 4356 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:28:35.0195 4356 SessionEnv - ok
22:28:35.0234 4356 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:28:35.0236 4356 sffdisk - ok
22:28:35.0246 4356 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:28:35.0249 4356 sffp_mmc - ok
22:28:35.0261 4356 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:28:35.0262 4356 sffp_sd - ok
22:28:35.0281 4356 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:28:35.0282 4356 sfloppy - ok
22:28:35.0339 4356 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:28:35.0344 4356 SharedAccess - ok
22:28:35.0398 4356 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:28:35.0405 4356 ShellHWDetection - ok
22:28:35.0436 4356 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:28:35.0438 4356 SiSRaid2 - ok
22:28:35.0469 4356 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:28:35.0472 4356 SiSRaid4 - ok
22:28:35.0492 4356 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:28:35.0495 4356 Smb - ok
22:28:35.0526 4356 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:28:35.0530 4356 SNMPTRAP - ok
22:28:35.0539 4356 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:28:35.0541 4356 spldr - ok
22:28:35.0615 4356 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:28:35.0625 4356 Spooler - ok
22:28:35.0862 4356 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:28:35.0898 4356 sppsvc - ok
22:28:35.0999 4356 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:28:36.0004 4356 sppuinotify - ok
22:28:36.0078 4356 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:28:36.0085 4356 srv - ok
22:28:36.0159 4356 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:28:36.0165 4356 srv2 - ok
22:28:36.0195 4356 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:28:36.0198 4356 srvnet - ok
22:28:36.0235 4356 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:28:36.0241 4356 SSDPSRV - ok
22:28:36.0261 4356 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:28:36.0266 4356 SstpSvc - ok
22:28:36.0289 4356 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:28:36.0291 4356 stexstor - ok
22:28:36.0356 4356 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:28:36.0366 4356 stisvc - ok
22:28:36.0422 4356 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:28:36.0423 4356 swenum - ok
22:28:36.0544 4356 SwiCardDetectSvc (7431a444eb5a5e76479e1bc75dbdd0a6) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
22:28:36.0549 4356 SwiCardDetectSvc - ok
22:28:36.0607 4356 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:28:36.0615 4356 swprv - ok
22:28:36.0756 4356 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:28:36.0776 4356 SysMain - ok
22:28:36.0888 4356 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:28:36.0901 4356 TabletInputService - ok
22:28:36.0926 4356 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:28:36.0932 4356 TapiSrv - ok
22:28:36.0961 4356 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:28:36.0964 4356 TBS - ok
22:28:37.0069 4356 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:28:37.0087 4356 Tcpip - ok
22:28:37.0305 4356 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:28:37.0316 4356 TCPIP6 - ok
22:28:37.0455 4356 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:28:37.0458 4356 tcpipreg - ok
22:28:37.0497 4356 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:28:37.0499 4356 TDPIPE - ok
22:28:37.0544 4356 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:28:37.0546 4356 TDTCP - ok
22:28:37.0616 4356 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:28:37.0620 4356 tdx - ok
22:28:37.0665 4356 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:28:37.0668 4356 TermDD - ok
22:28:37.0753 4356 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:28:37.0769 4356 TermService - ok
22:28:37.0801 4356 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:28:37.0805 4356 Themes - ok
22:28:37.0834 4356 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:28:37.0837 4356 THREADORDER - ok
22:28:37.0868 4356 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:28:37.0873 4356 TrkWks - ok
22:28:37.0944 4356 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:28:37.0947 4356 TrustedInstaller - ok
22:28:37.0993 4356 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:28:37.0995 4356 tssecsrv - ok
22:28:38.0023 4356 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:28:38.0026 4356 TsUsbFlt - ok
22:28:38.0079 4356 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:28:38.0081 4356 tunnel - ok
22:28:38.0125 4356 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
22:28:38.0128 4356 TurboB - ok
22:28:38.0152 4356 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:28:38.0154 4356 uagp35 - ok
22:28:38.0209 4356 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:28:38.0214 4356 udfs - ok
22:28:38.0251 4356 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:28:38.0256 4356 UI0Detect - ok
22:28:38.0294 4356 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:28:38.0297 4356 uliagpkx - ok
22:28:38.0361 4356 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:28:38.0363 4356 umbus - ok
22:28:38.0393 4356 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:28:38.0395 4356 UmPass - ok
22:28:38.0439 4356 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:28:38.0448 4356 upnphost - ok
22:28:38.0490 4356 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
22:28:38.0502 4356 USBAAPL64 - ok
22:28:38.0522 4356 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:28:38.0526 4356 usbccgp - ok
22:28:38.0582 4356 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:28:38.0584 4356 usbcir - ok
22:28:38.0630 4356 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
22:28:38.0633 4356 usbehci - ok
22:28:38.0681 4356 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:28:38.0688 4356 usbhub - ok
22:28:38.0742 4356 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:28:38.0745 4356 usbohci - ok
22:28:38.0775 4356 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:28:38.0778 4356 usbprint - ok
22:28:38.0814 4356 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:28:38.0817 4356 usbscan - ok
22:28:38.0834 4356 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:28:38.0838 4356 USBSTOR - ok
22:28:38.0862 4356 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:28:38.0865 4356 usbuhci - ok
22:28:38.0950 4356 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
22:28:38.0955 4356 usbvideo - ok
22:28:38.0981 4356 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:28:38.0984 4356 UxSms - ok
22:28:39.0032 4356 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:28:39.0034 4356 VaultSvc - ok
22:28:39.0097 4356 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:28:39.0099 4356 vdrvroot - ok
22:28:39.0161 4356 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:28:39.0175 4356 vds - ok
22:28:39.0201 4356 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:28:39.0203 4356 vga - ok
22:28:39.0222 4356 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:28:39.0224 4356 VgaSave - ok
22:28:39.0275 4356 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:28:39.0279 4356 vhdmp - ok
22:28:39.0309 4356 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:28:39.0311 4356 viaide - ok
22:28:39.0336 4356 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:28:39.0338 4356 volmgr - ok
22:28:39.0408 4356 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:28:39.0413 4356 volmgrx - ok
22:28:39.0438 4356 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:28:39.0442 4356 volsnap - ok
22:28:39.0475 4356 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:28:39.0479 4356 vsmraid - ok
22:28:39.0595 4356 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:28:39.0615 4356 VSS - ok
22:28:39.0722 4356 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:28:39.0724 4356 vwifibus - ok
22:28:39.0742 4356 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:28:39.0744 4356 vwififlt - ok
22:28:39.0794 4356 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:28:39.0802 4356 W32Time - ok
22:28:39.0817 4356 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:28:39.0820 4356 WacomPen - ok
22:28:39.0873 4356 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:28:39.0875 4356 WANARP - ok
22:28:39.0877 4356 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:28:39.0879 4356 Wanarpv6 - ok
22:28:39.0991 4356 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:28:40.0005 4356 WatAdminSvc - ok
22:28:40.0126 4356 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:28:40.0150 4356 wbengine - ok
22:28:40.0270 4356 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:28:40.0277 4356 WbioSrvc - ok
22:28:40.0339 4356 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:28:40.0349 4356 wcncsvc - ok
22:28:40.0368 4356 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:28:40.0372 4356 WcsPlugInService - ok
22:28:40.0411 4356 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:28:40.0413 4356 Wd - ok
22:28:40.0458 4356 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:28:40.0468 4356 Wdf01000 - ok
22:28:40.0484 4356 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:28:40.0489 4356 WdiServiceHost - ok
22:28:40.0492 4356 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:28:40.0497 4356 WdiSystemHost - ok
22:28:40.0544 4356 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:28:40.0552 4356 WebClient - ok
22:28:40.0596 4356 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:28:40.0602 4356 Wecsvc - ok
22:28:40.0633 4356 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:28:40.0638 4356 wercplsupport - ok
22:28:40.0792 4356 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:28:40.0799 4356 WerSvc - ok
22:28:40.0869 4356 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:28:40.0871 4356 WfpLwf - ok
22:28:40.0895 4356 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:28:40.0897 4356 WIMMount - ok
22:28:40.0960 4356 WinDefend - ok
22:28:40.0974 4356 WinHttpAutoProxySvc - ok
22:28:41.0041 4356 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:28:41.0044 4356 Winmgmt - ok
22:28:41.0192 4356 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:28:41.0218 4356 WinRM - ok
22:28:41.0381 4356 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:28:41.0383 4356 WinUsb - ok
22:28:41.0455 4356 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:28:41.0469 4356 Wlansvc - ok
22:28:41.0521 4356 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:28:41.0524 4356 WmiAcpi - ok
22:28:41.0584 4356 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:28:41.0587 4356 wmiApSrv - ok
22:28:41.0629 4356 WMPNetworkSvc - ok
22:28:41.0664 4356 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:28:41.0667 4356 WPCSvc - ok
22:28:41.0710 4356 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:28:41.0716 4356 WPDBusEnum - ok
22:28:41.0739 4356 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:28:41.0741 4356 ws2ifsl - ok
22:28:41.0825 4356 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
22:28:41.0831 4356 wscsvc - ok
22:28:41.0836 4356 WSearch - ok
22:28:42.0034 4356 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
22:28:42.0061 4356 wuauserv - ok
22:28:42.0188 4356 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:28:42.0192 4356 WudfPf - ok
22:28:42.0222 4356 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:28:42.0225 4356 WUDFRd - ok
22:28:42.0266 4356 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:28:42.0270 4356 wudfsvc - ok
22:28:42.0307 4356 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:28:42.0313 4356 WwanSvc - ok
22:28:42.0359 4356 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
22:28:42.0366 4356 yukonw7 - ok
22:28:42.0433 4356 ZTEusbmdm6k (9313fe79ff3240fa0a73fbe6015b6887) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
22:28:42.0436 4356 ZTEusbmdm6k - ok
22:28:42.0458 4356 ZTEusbnet (788e574905a3e3a08fc218cadedca71f) C:\Windows\system32\DRIVERS\ZTEusbnet.sys
22:28:42.0461 4356 ZTEusbnet - ok
22:28:42.0493 4356 ZTEusbnmea (9313fe79ff3240fa0a73fbe6015b6887) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
22:28:42.0496 4356 ZTEusbnmea - ok
22:28:42.0517 4356 ZTEusbser6k (9313fe79ff3240fa0a73fbe6015b6887) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
22:28:42.0520 4356 ZTEusbser6k - ok
22:28:42.0600 4356 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:28:42.0982 4356 \Device\Harddisk0\DR0 - ok
22:28:42.0987 4356 Boot (0x1200) (d98c50f173a7ddd9c96bc17b2ae3d2d5) \Device\Harddisk0\DR0\Partition0
22:28:42.0990 4356 \Device\Harddisk0\DR0\Partition0 - ok
22:28:43.0111 4356 Boot (0x1200) (653ebe98c6441851dc125ac17390c27c) \Device\Harddisk0\DR0\Partition1
22:28:43.0113 4356 \Device\Harddisk0\DR0\Partition1 - ok
22:28:43.0136 4356 Boot (0x1200) (18847c97a995e80279fd4e01b696f694) \Device\Harddisk0\DR0\Partition2
22:28:43.0137 4356 \Device\Harddisk0\DR0\Partition2 - ok
22:28:43.0138 4356 ============================================================
22:28:43.0138 4356 Scan finished
22:28:43.0138 4356 ============================================================
22:28:43.0209 4888 Detected object count: 0
22:28:43.0209 4888 Actual detected object count: 0


----------



## dvk01 (Dec 14, 2002)

I think you will nee to reinstall windows or at least do a repair install

do you have your install dvd

it sounds like this malware rootkit has removed or damaged more vital system files than we first realised

you might just get away with opening an elevated command prompt 
that is go to start/programs /accerssories=> right click the command prompt entry & select run as admi, on the cmd winow that opens type 
sfc /scannow & press enter
that should replace any damaged & missing system files but if the malware has deleted or replaced the backups ( and it often does) then that won't work

then try the fixit

are you absolutely sure that bits service doesn't exist in teh services window ( if that has been removed completely by the malware then a reinstal/repair install l will be the only cure) 
this shows you how to do a repair install

http://www.sevenforums.com/tutorials/3413-repair-install.html


----------



## ce2756 (Jul 5, 2012)

The elevated command prompt came back with no result, and fix it is still giving me the error message. I'm 80% sure I don't have the install disc, is it common practice to come with new computers? I'll have a more thorough look in the morning. 

I am looking at upgrading to a new computer in a few months hopefully, obviously we can't be 100% sure that all the malware is gone, but as someone with lots of experience do you think the computer is still safe and ok to use? Should I decide to keep this computer, if I buy the most recent version of Windows and install will that fix it?

FYI I've attached the report of files that Windows wants to install.


----------



## dvk01 (Dec 14, 2002)

I don't consider it safe to continue using it without reinstalling

if you weren't given a disc when you purchased the computer, then if it is a big box brand, it is quite likely to have a recovery to factory settings on teh start menu somewhere or by pressing F8 or F12 to get to recovery options 

look under samsung support center in start menu


----------



## dvk01 (Dec 14, 2002)

buying a copy of W7 or borrowing a friend or neighbours copy & using your COA key that should be stuck to the back/underside of the computer will cure it properly & using the disc, you might just get away with a repair install, rather a than a full reinstall


----------



## ce2756 (Jul 5, 2012)

Thanks for the advice. 
I have backed up all my important documents, music etc to my external hardrive in preperation for restoring. My concern is that the malware could possibly be in one of the files on there ..... Avast has a removable media scan which picked nothing up. Is there any other scans etc you would recomend to ensure the hard drive is malware free? 

I'll have a good look when I get home for the disc, I'm sure it came with some discs just not sure which ones. If not I'll attempt to restore to factory settings as per your suggestion. 

Thanks


----------

