21 replies to this topic

[SweetieLydia]

Alright, I was brought here from the ''Pre-HJT Post Instructions''. The main reason I came here is because after running the Malware Bytes scan and getting rid of the files in my Quarantine, my computer has started to run slower(Also, there seems to be some files that don't open like they used to, one of them being my control panel?). During the scan my computer did freeze. I am wondering if by deleting the things in my Quarantine, I might have deleted something important. I am not knowledgable at all with computers so every step of help would be greatly appreciated! I downloaded HijackThis, and here are my logs.

HijackThis Log:

Scan saved at 4:34:27 PM, on 29/04/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19190)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Windows\system32\conime.exe
C:\Program Files\PremierOpinion\pmropn.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\aMSN\bin\wish.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Amy\Desktop\Mozilla Firefox\firefox.exe
C:\Program Files\Alcohol Soft\Alcohol 120\AxShlExHlper.exe
C:\Program Files\Alcohol Soft\Alcohol 120\AxShlExHlper.exe
C:\Program Files\Alcohol Soft\Alcohol 120\AxShlExHlper.exe
C:\Program Files\Alcohol Soft\Alcohol 120\AxShlExHlper.exe
C:\Program Files\Alcohol Soft\Alcohol 120\AxShlExHlper.exe
C:\Program Files\Alcohol Soft\Alcohol 120\AxShlExHlper.exe
C:\Program Files\Alcohol Soft\Alcohol 120\AxShlExHlper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Users\Amy\Desktop\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe

O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 2687 bytes


Malware Bytes Log:

2012/04/29 14:38:29 -0400 AMY-PC Amy MESSAGE Starting protection
2012/04/29 14:38:36 -0400 AMY-PC Amy MESSAGE Protection started successfully
2012/04/29 14:38:39 -0400 AMY-PC Amy MESSAGE Starting IP protection
2012/04/29 14:38:51 -0400 AMY-PC Amy MESSAGE IP Protection started successfully
2012/04/29 14:38:59 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent QUARANTINE
2012/04/29 14:39:00 -0400 AMY-PC Amy ERROR Quarantine failed: DeleteFile failed with error code 5
2012/04/29 14:39:24 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:39:50 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:40:15 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:40:40 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:41:05 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:41:25 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:41:30 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:41:36 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:41:55 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:42:05 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:42:20 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:42:45 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:43:10 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:43:35 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:44:00 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:44:25 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:44:50 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:45:15 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:45:40 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:46:05 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:46:31 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:46:56 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:47:21 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:47:46 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:48:11 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:48:36 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:49:01 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:49:26 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:49:51 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:50:16 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:50:41 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:51:06 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:51:26 -0400 AMY-PC Amy MESSAGE Executing scheduled update: Daily
2012/04/29 14:51:30 -0400 AMY-PC Amy MESSAGE Database already up-to-date
2012/04/29 14:51:31 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:51:32 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 54353, Process: svchost.exe)
2012/04/29 14:51:56 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:52:21 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:52:47 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:53:12 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:53:37 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:54:02 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:54:27 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:54:52 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:55:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:55:42 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:56:07 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:56:32 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:56:57 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:57:22 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:57:47 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:58:12 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:58:37 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:59:02 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:59:28 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 14:59:53 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:00:18 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:00:43 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:01:08 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:01:33 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:01:58 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:02:23 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:02:48 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:03:13 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:03:38 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:04:03 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:04:28 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:04:53 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:05:18 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:05:40 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 53607, Process: svchost.exe)
2012/04/29 15:05:43 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:06:08 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:06:34 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:06:59 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:07:24 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:07:49 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:08:14 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:08:39 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:09:03 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 64366, Process: svchost.exe)
2012/04/29 15:09:04 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:09:11 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 64366, Process: svchost.exe)
2012/04/29 15:09:11 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 64366, Process: svchost.exe)
2012/04/29 15:09:19 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 63646, Process: svchost.exe)
2012/04/29 15:09:27 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 63646, Process: svchost.exe)
2012/04/29 15:09:27 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 63646, Process: svchost.exe)
2012/04/29 15:09:29 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:09:35 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 59661, Process: svchost.exe)
2012/04/29 15:09:44 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 59661, Process: svchost.exe)
2012/04/29 15:09:52 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 56629, Process: svchost.exe)
2012/04/29 15:09:54 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:10:00 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 56629, Process: svchost.exe)
2012/04/29 15:10:19 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:10:44 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:11:09 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:11:34 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:11:59 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:12:24 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:12:49 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:13:14 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:13:39 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:14:05 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:14:30 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:14:55 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:15:20 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:15:45 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:16:10 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:22:38 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent QUARANTINE
2012/04/29 15:22:40 -0400 AMY-PC Amy ERROR Quarantine failed: DeleteFile failed with error code 5
2012/04/29 15:22:50 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:22:51 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:23:01 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:23:18 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:24:25 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:24:31 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:24:49 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:25:44 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:25:54 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:25:54 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:26:02 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:26:13 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:27:45 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:27:52 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:27:54 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:29:21 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:30:15 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:30:16 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:30:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:31:36 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:31:36 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:31:37 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:31:53 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:31:54 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:40:43 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:40:44 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:41:13 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:41:13 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:41:15 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:41:16 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:41:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:41:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:41:18 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:41:19 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:41:20 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:41:21 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:41:22 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:41:23 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:41:28 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:41:29 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:41:31 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:41:35 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:41:36 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:41:39 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:41:40 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:41:49 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:41:51 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:41:55 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:41:59 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:42:01 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:44:07 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:44:24 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:07 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:08 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:09 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:10 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:11 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:14 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:15 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:16 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:18 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:25 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:27 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:35 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:36 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:37 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:38 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:39 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:41 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:42 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:43 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:44 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:45 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:46 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:47 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:47 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:49 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:49 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:50 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:52 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:45:53 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:46:23 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:46:24 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:47:52 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:48:03 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:48:03 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:48:04 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:48:11 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY
2012/04/29 15:48:13 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:48:14 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:48:14 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:48:15 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:48:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:48:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:48:22 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:48:23 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:48:24 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:48:24 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:48:25 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:48:26 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:48:26 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:48:27 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:52:54 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:52:59 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:53:06 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:57:52 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:57:56 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 15:58:04 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:00:29 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:00:33 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:00:40 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:00:50 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:00:53 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:01:02 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:01:13 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:01:16 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:01:25 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:10:05 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:10:09 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:10:15 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:15:53 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:15:57 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:16:05 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:16:28 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:16:31 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:16:38 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:16:46 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:16:48 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:16:56 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:21:52 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:21:56 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:22:04 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:22:12 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:22:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:22:23 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:22:33 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:22:35 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:22:42 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:32:04 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:32:08 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
2012/04/29 16:32:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

[Elise]

Hello and

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
    
  • DDS.pif
• Double click on the DDS icon, allow it to run.
  
• A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  
• Notepad will open with the results.
  
• Follow the instructions that pop up for posting the results.
  
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

[SweetieLydia]

Ok I did the scan with DDS. They said it should take about 3 minutes, but it took longer, about 10-15mins. (is that normal?) My AVG Anti-Virus wouldn't open at all. It seems to be running on my computer but I can't open it so I couldn't disable it but it seems like the scan was successful nonetheless. They said I should zip up the ''Attach.txt'' file but I am a bit unsure on how to do so. If you need that log posted as well, let me know and I will. Here are the logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19190
Run by Amy at 5:03:55 on 2012-04-30
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2814.1040 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\PremierOpinion\pmservice.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uSearch Bar =
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
mURLSearchHooks: H - No File
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Astroburn Toolbar: {efeed92a-a33d-4873-ba8f-32baa631e54d} - c:\program files\astroburn toolbar\ABToolbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [msnmsgr] "c:\program files\windows live\messenger\msn.exe.exe" /background
uRun: [fsm]
uRun: [AdobeBridge]
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [Akamai NetSession Interface] "c:\users\amy\appdata\local\akamai\netsession_win.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Gestionnaire Antidote.exe] c:\program files\druide\antidote\Gestionnaire Antidote.exe
uRun: [PlayNC Launcher]
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [Gestionnaire Antidote.exe] c:\progra~1\druide\antidote\Gestionnaire Antidote.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Save video on Savevid.com - c:\program files\savevid\redirect.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ca.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{550F16E0-85B5-4A81-A09D-D5A9D0FC9F3F} : DhcpNameServer = 192.168.175.2 142.166.86.18 142.166.86.19
TCP: Interfaces\{6FFC239B-7E66-4926-B155-8787E1E66132} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R? AVG Security Toolbar Service;AVG Security Toolbar Service
R? gupdate1ca58b169fd7b60;Google Update Service (gupdate1ca58b169fd7b60)
R? gupdatem;Google Update Service (gupdatem)
R? SkypeUpdate;Skype Updater
R? SwitchBoard;SwitchBoard
R? wlcrasvc;Windows Live Mesh remote connections service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
R? XDva393;XDva393
S? Akamai;Akamai NetSession Interface
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSEH;AVGIDSEH
S? AVGIDSFilter;AVGIDSFilter
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgwd;AVG WatchDog
S? BHDrvx86;Symantec Heuristics Driver
S? ccHP;Symantec Hash Provider
S? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
S? Com4QLBEx;Com4QLBEx
S? FontCache;Windows Font Cache Service
S? IDSVix86;IDSVix86
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? Norton Internet Security;Norton Internet Security
S? NVHDA;Service for NVIDIA High Definition Audio Driver
S? PremierOpinion;PremierOpinion
S? Recovery Service for Windows;Recovery Service for Windows
S? StarWindServiceAE;StarWind AE Service
S? SymEFA;Symantec Extended File Attributes
S? SYMNDISV;Symantec Network Filter Driver
S? vToolbarUpdater10.2.0;vToolbarUpdater10.2.0
.
=============== Created Last 30 ================
.
2012-04-29 19:52:40 -------- d-----w- c:\program files\Trend Micro
2012-04-29 18:34:13 -------- d-----w- c:\users\amy\appdata\roaming\Malwarebytes
2012-04-26 19:15:30 -------- d-----w- c:\users\amy\appdata\roaming\yess
2012-04-23 12:59:34 -------- d-----w- c:\users\amy\appdata\local\assembly
2012-04-23 12:58:42 -------- d-----w- c:\program files\NCSoft
2012-04-20 07:29:12 -------- d-----w- c:\program files\World of Warcraft Beta
2012-04-17 16:48:05 -------- d-----w- c:\users\amy\appdata\roaming\Digiarty
2012-04-17 16:47:48 -------- d-----w- c:\program files\Digiarty
2012-04-17 16:37:48 -------- d-----w- c:\users\amy\appdata\roaming\Apowersoft
2012-04-17 16:26:16 -------- d-----w- c:\users\amy\appdata\roaming\NCH Software
2012-04-13 12:42:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-13 06:00:51 -------- d-----w- c:\programdata\Battle.net
2012-04-03 22:08:51 15712 ----a-w- c:\program files\common files\windows live\.cache\5807e0d01cd11e604\MeshBetaRemover.exe
2012-04-03 22:07:59 89944 ----a-w- c:\program files\common files\windows live\.cache\38f096b01cd11e603\DSETUP.dll
2012-04-03 22:07:59 537432 ----a-w- c:\program files\common files\windows live\.cache\38f096b01cd11e603\DXSETUP.exe
2012-04-03 22:07:59 1801048 ----a-w- c:\program files\common files\windows live\.cache\38f096b01cd11e603\dsetup32.dll
2012-04-03 22:07:44 94040 ----a-w- c:\program files\common files\windows live\.cache\2e4061f01cd11e602\DSETUP.dll
2012-04-03 22:07:44 525656 ----a-w- c:\program files\common files\windows live\.cache\2e4061f01cd11e602\DXSETUP.exe
2012-04-03 22:07:44 1691480 ----a-w- c:\program files\common files\windows live\.cache\2e4061f01cd11e602\dsetup32.dll
2012-04-02 08:02:12 230752 ----a-w- c:\windows\patchw32.dll
2012-04-02 07:39:55 -------- d-----w- c:\program files\Outspark
2012-04-02 06:03:06 -------- d-----w- c:\users\amy\appdata\local\PMB Files
2012-04-02 06:02:47 -------- d-----w- c:\programdata\PMB Files
2012-04-02 06:01:52 -------- d-----w- c:\program files\Pando Networks
.
==================== Find3M ====================
.
2012-04-19 19:28:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-09 20:03:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-08 22:50:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-02-02 18:57:40 808440 ----a-w- c:\windows\system32\CDDBUI.dll
2012-02-02 18:57:40 796152 ----a-w- c:\windows\system32\CDDBControl.dll
2012-02-02 18:57:40 169464 ----a-w- c:\windows\system32\CddbLangRU.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST9250320AS rev.HP07 -> Harddisk0\DR0 -> \Device\Ide\IdePort3 P3T0L0-5
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85BFEEC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0xb6c6e872; SUB DWORD [EBP-0x4], 0xb6c6e12e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x81E7A912] -> \Device\Harddisk0\DR0[0x8662A838]
3 CLASSPNP[0x82CCB8B3] -> ntkrnlpa!IofCallDriver[0x81E7A912] -> [0x85B94F08]
5 acpi[0x807266BC] -> ntkrnlpa!IofCallDriver[0x81E7A912] -> [0x851E5B98]
[0x86C78E48] -> IRP_MJ_CREATE -> 0x85BFEEC5
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x6c; }
detected disk devices:
\Device\Ide\IdeDeviceP3T0L0-5 -> \??\IDE#DiskST9250320AS_____________________________HP07____#5&8eb2ae7&0&1.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x85BFEAEA
\Driver\atapi -> 0x85b3d1e8
user & kernel MBR OK
sectors 488397166 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 5:23:13.43 ===============

[Elise]

Hi again,
It looks like you have Norton AV remnants on your computer. Lets get rid of those first.

Please click HERE and follow the instructions in STEP 2 to download and run the norton removal tool.


DDS shows rootkit activity so lets see if we can confirm that.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• If TDSSKiller does not run, try renaming it.
  
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  
• Click the Start Scan button.
  
• Do not use the computer during the scan
  
• If the scan completes with nothing found, click Close to exit.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  
• Copy and paste the contents of that file in your next reply.

[SweetieLydia]

Before I continue, on the Norton site, I had to make a new account. I have no idea whether the one on my computer right now was registered on a Norton account since this is a laptop my sister has given to me about 2 years ago. I signed up and it said there is no product or services. Should I continue the removal process of Norton, if I am unable to get my Product Key?

[Elise]

Yes, you can just continue the removal, as you don't need to reinstall it afterwards (AVG is already on the machine, which is enough).

[SweetieLydia]

08:54:40.0541 5304 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
08:54:41.0415 5304 ============================================================
08:54:41.0415 5304 Current date / time: 2012/04/30 08:54:41.0415
08:54:41.0415 5304 SystemInfo:
08:54:41.0415 5304
08:54:41.0415 5304 OS Version: 6.0.6002 ServicePack: 2.0
08:54:41.0415 5304 Product type: Workstation
08:54:41.0415 5304 ComputerName: AMY-PC
08:54:41.0415 5304 UserName: Amy
08:54:41.0415 5304 Windows directory: C:\Windows
08:54:41.0415 5304 System windows directory: C:\Windows
08:54:41.0415 5304 Processor architecture: Intel x86
08:54:41.0415 5304 Number of processors: 2
08:54:41.0415 5304 Page size: 0x1000
08:54:41.0415 5304 Boot type: Normal boot
08:54:41.0415 5304 ============================================================
08:54:50.0151 5304 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:54:50.0182 5304 ============================================================
08:54:50.0182 5304 \Device\Harddisk0\DR0:
08:54:50.0197 5304 MBR partitions:
08:54:50.0197 5304 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BC55000
08:54:50.0197 5304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BC55800, BlocksNum 0x156E800
08:54:50.0197 5304 ============================================================
08:54:50.0775 5304 C: <-> \Device\Harddisk0\DR0\Partition0
08:54:51.0414 5304 D: <-> \Device\Harddisk0\DR0\Partition1
08:54:51.0414 5304 ============================================================
08:54:51.0414 5304 Initialize success
08:54:51.0414 5304 ============================================================
08:55:32.0317 4900 ============================================================
08:55:32.0317 4900 Scan started
08:55:32.0317 4900 Mode: Manual;
08:55:32.0317 4900 ============================================================
08:55:36.0389 4900 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
08:55:36.0405 4900 ACPI - ok
08:55:36.0561 4900 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
08:55:36.0654 4900 adp94xx - ok
08:55:36.0779 4900 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
08:55:36.0826 4900 adpahci - ok
08:55:36.0841 4900 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
08:55:36.0841 4900 adpu160m - ok
08:55:36.0857 4900 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
08:55:36.0857 4900 adpu320 - ok
08:55:36.0904 4900 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
08:55:36.0904 4900 AeLookupSvc - ok
08:55:37.0044 4900 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
08:55:37.0091 4900 AFD - ok
08:55:37.0278 4900 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
08:55:37.0325 4900 agp440 - ok
08:55:37.0356 4900 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
08:55:37.0356 4900 aic78xx - ok
08:55:39.0946 4900 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files\common files\akamai/netsession_win_6c825ce.dll
08:55:39.0946 4900 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
08:55:39.0961 4900 Akamai ( HiddenFile.Multi.Generic ) - warning
08:55:39.0961 4900 Akamai - detected HiddenFile.Multi.Generic (1)
08:55:40.0383 4900 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
08:55:40.0383 4900 ALG - ok
08:55:40.0476 4900 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
08:55:40.0554 4900 aliide - ok
08:55:40.0897 4900 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
08:55:40.0913 4900 amdagp - ok
08:55:41.0116 4900 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
08:55:41.0116 4900 amdide - ok
08:55:41.0163 4900 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
08:55:41.0178 4900 AmdK7 - ok
08:55:41.0350 4900 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
08:55:41.0397 4900 AmdK8 - ok
08:55:41.0459 4900 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
08:55:41.0459 4900 Appinfo - ok
08:55:43.0503 4900 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:55:43.0518 4900 Apple Mobile Device - ok
08:55:43.0893 4900 arc (df9daabdc58cb616af5396088d402482) C:\Windows\system32\drivers\arc.sys
08:55:43.0893 4900 Suspicious file (Forged): C:\Windows\system32\drivers\arc.sys. Real md5: df9daabdc58cb616af5396088d402482, Fake md5: 5d2888182fb46632511acee92fdad522
08:55:43.0893 4900 arc ( Rootkit.Win32.TDSS.tdl3 ) - infected
08:55:43.0893 4900 arc - detected Rootkit.Win32.TDSS.tdl3 (0)
08:55:44.0111 4900 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
08:55:44.0127 4900 arcsas - ok
08:55:44.0142 4900 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
08:55:44.0158 4900 AsyncMac - ok
08:55:44.0205 4900 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
08:55:44.0220 4900 atapi - ok
08:55:44.0891 4900 athr (02d34ac487df3da4e3f01874e61eb619) C:\Windows\system32\DRIVERS\athr.sys
08:55:44.0938 4900 athr - ok
08:55:44.0969 4900 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
08:55:44.0969 4900 AudioEndpointBuilder - ok
08:55:44.0985 4900 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
08:55:44.0985 4900 Audiosrv - ok
08:55:45.0546 4900 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
08:55:45.0655 4900 AVG Security Toolbar Service - ok
08:55:48.0931 4900 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
08:55:49.0321 4900 AVGIDSAgent - ok
08:55:50.0039 4900 AVGIDSDriver (1c8d965bbcaa9ee5defdb54743437086) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
08:55:50.0055 4900 AVGIDSDriver - ok
08:55:50.0226 4900 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
08:55:50.0226 4900 AVGIDSEH - ok
08:55:50.0429 4900 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
08:55:50.0445 4900 AVGIDSFilter - ok
08:55:50.0554 4900 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
08:55:50.0569 4900 AVGIDSShim - ok
08:55:50.0632 4900 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
08:55:50.0632 4900 Avgldx86 - ok
08:55:50.0913 4900 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
08:55:50.0913 4900 Avgmfx86 - ok
08:55:50.0959 4900 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
08:55:50.0975 4900 Avgrkx86 - ok
08:55:51.0396 4900 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
08:55:51.0661 4900 Avgtdix - ok
08:55:52.0254 4900 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files\AVG\AVG10\avgwdsvc.exe
08:55:52.0254 4900 avgwd - ok
08:55:53.0081 4900 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
08:55:53.0284 4900 Beep - ok
08:55:53.0923 4900 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
08:55:54.0095 4900 BFE - ok
08:55:55.0000 4900 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
08:55:55.0187 4900 BITS - ok
08:55:55.0296 4900 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
08:55:55.0296 4900 blbdrive - ok
08:55:55.0920 4900 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
08:55:55.0983 4900 Bonjour Service - ok
08:55:56.0076 4900 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
08:55:56.0201 4900 bowser - ok
08:55:56.0373 4900 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
08:55:56.0373 4900 BrFiltLo - ok
08:55:56.0404 4900 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
08:55:56.0404 4900 BrFiltUp - ok
08:55:56.0513 4900 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
08:55:56.0513 4900 Browser - ok
08:55:56.0560 4900 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
08:55:56.0575 4900 Brserid - ok
08:55:56.0622 4900 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
08:55:56.0622 4900 BrSerWdm - ok
08:55:56.0638 4900 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
08:55:56.0653 4900 BrUsbMdm - ok
08:55:56.0669 4900 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
08:55:56.0669 4900 BrUsbSer - ok
08:55:56.0731 4900 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
08:55:56.0825 4900 BTHMODEM - ok
08:55:56.0950 4900 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
08:55:56.0950 4900 cdfs - ok
08:55:56.0997 4900 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
08:55:56.0997 4900 cdrom - ok
08:55:57.0012 4900 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
08:55:57.0012 4900 CertPropSvc - ok
08:55:57.0043 4900 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
08:55:57.0043 4900 circlass - ok
08:55:57.0090 4900 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
08:55:57.0184 4900 CLFS - ok
08:55:57.0262 4900 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:55:57.0262 4900 clr_optimization_v2.0.50727_32 - ok
08:55:58.0042 4900 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:55:58.0167 4900 clr_optimization_v4.0.30319_32 - ok
08:55:58.0213 4900 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
08:55:58.0245 4900 CmBatt - ok
08:55:58.0276 4900 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
08:55:58.0276 4900 cmdide - ok
08:55:58.0494 4900 CnxtHdAudService (1adf6f4852e7d7e2e8ac481bdb970586) C:\Windows\system32\drivers\CHDRT32.sys
08:55:58.0588 4900 CnxtHdAudService - ok
08:55:58.0822 4900 Com4QLBEx (7795f8cebc284a426b53f541e538695f) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
08:55:58.0822 4900 Com4QLBEx - ok
08:55:58.0869 4900 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
08:55:58.0869 4900 Compbatt - ok
08:55:58.0884 4900 COMSysApp - ok
08:55:58.0884 4900 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
08:55:58.0900 4900 crcdisk - ok
08:55:58.0931 4900 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
08:55:58.0931 4900 Crusoe - ok
08:55:59.0103 4900 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
08:55:59.0103 4900 CryptSvc - ok
08:55:59.0181 4900 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
08:55:59.0181 4900 DcomLaunch - ok
08:55:59.0274 4900 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
08:55:59.0274 4900 DfsC - ok
08:55:59.0586 4900 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
08:55:59.0805 4900 DFSR - ok
08:56:00.0132 4900 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
08:56:00.0132 4900 Dhcp - ok
08:56:00.0241 4900 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
08:56:00.0273 4900 disk - ok
08:56:00.0366 4900 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
08:56:00.0366 4900 Dnscache - ok
08:56:00.0413 4900 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
08:56:00.0413 4900 dot3svc - ok
08:56:00.0475 4900 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
08:56:00.0475 4900 DPS - ok
08:56:00.0585 4900 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
08:56:00.0600 4900 drmkaud - ok
08:56:00.0678 4900 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
08:56:01.0006 4900 DXGKrnl - ok
08:56:01.0131 4900 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
08:56:01.0131 4900 E1G60 - ok
08:56:01.0162 4900 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
08:56:01.0162 4900 EapHost - ok
08:56:01.0645 4900 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
08:56:01.0755 4900 Ecache - ok
08:56:02.0051 4900 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
08:56:02.0160 4900 ehRecvr - ok
08:56:02.0347 4900 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
08:56:02.0363 4900 ehSched - ok
08:56:02.0488 4900 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
08:56:02.0488 4900 ehstart - ok
08:56:02.0597 4900 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
08:56:02.0675 4900 elxstor - ok
08:56:02.0862 4900 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
08:56:02.0862 4900 EMDMgmt - ok
08:56:02.0893 4900 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
08:56:02.0909 4900 ErrDev - ok
08:56:03.0003 4900 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
08:56:03.0003 4900 EventSystem - ok
08:56:03.0783 4900 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
08:56:03.0985 4900 exfat - ok
08:56:04.0719 4900 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
08:56:04.0937 4900 fastfat - ok
08:56:05.0171 4900 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
08:56:05.0171 4900 fdc - ok
08:56:05.0327 4900 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
08:56:05.0374 4900 fdPHost - ok
08:56:05.0623 4900 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
08:56:05.0623 4900 FDResPub - ok
08:56:06.0216 4900 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
08:56:06.0279 4900 FileInfo - ok
08:56:06.0653 4900 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
08:56:06.0715 4900 Filetrace - ok
08:56:09.0165 4900 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:56:09.0258 4900 FLEXnet Licensing Service - ok
08:56:09.0274 4900 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
08:56:09.0289 4900 flpydisk - ok
08:56:09.0399 4900 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
08:56:09.0508 4900 FltMgr - ok
08:56:10.0662 4900 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
08:56:10.0803 4900 FontCache - ok
08:56:10.0943 4900 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:56:10.0959 4900 FontCache3.0.0.0 - ok
08:56:11.0099 4900 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
08:56:11.0099 4900 Fs_Rec - ok
08:56:11.0255 4900 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
08:56:11.0255 4900 gagp30kx - ok
08:56:11.0817 4900 GameConsoleService (6858c318e8daa40e747e6fb9b214e104) C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
08:56:11.0817 4900 GameConsoleService - ok
08:56:11.0926 4900 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:56:11.0988 4900 GEARAspiWDM - ok
08:56:12.0175 4900 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
08:56:12.0253 4900 gpsvc - ok
08:56:12.0909 4900 gupdate1ca58b169fd7b60 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
08:56:12.0924 4900 gupdate1ca58b169fd7b60 - ok
08:56:13.0080 4900 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
08:56:13.0080 4900 gupdatem - ok
08:56:13.0205 4900 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
08:56:13.0314 4900 gusvc - ok
08:56:13.0361 4900 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
08:56:13.0439 4900 HdAudAddService - ok
08:56:13.0501 4900 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:56:13.0595 4900 HDAudBus - ok
08:56:13.0611 4900 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
08:56:13.0611 4900 HidBth - ok
08:56:13.0642 4900 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
08:56:13.0642 4900 HidIr - ok
08:56:13.0673 4900 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
08:56:13.0673 4900 hidserv - ok
08:56:13.0735 4900 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
08:56:13.0735 4900 HidUsb - ok
08:56:13.0923 4900 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
08:56:13.0923 4900 hkmsvc - ok
08:56:14.0547 4900 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
08:56:14.0547 4900 HP Health Check Service - ok
08:56:14.0640 4900 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
08:56:14.0640 4900 HpCISSs - ok
08:56:14.0812 4900 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
08:56:14.0827 4900 HpqKbFiltr - ok
08:56:14.0952 4900 hpqwmiex (1665c7121a026df10c903db9bc5e9d43) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
08:56:14.0968 4900 hpqwmiex - ok
08:56:15.0342 4900 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
08:56:15.0514 4900 HSF_DPV - ok
08:56:15.0529 4900 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
08:56:15.0545 4900 HSXHWAZL - ok
08:56:15.0717 4900 HTTP (4d6eb87dcabfd66221822f49cfd79077) C:\Windows\system32\drivers\HTTP.sys
08:56:15.0810 4900 HTTP - ok
08:56:15.0841 4900 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
08:56:15.0841 4900 i2omp - ok
08:56:15.0951 4900 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
08:56:16.0060 4900 i8042prt - ok
08:56:16.0200 4900 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
08:56:16.0325 4900 iaStorV - ok
08:56:16.0809 4900 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
08:56:16.0887 4900 IDriverT - ok
08:56:17.0557 4900 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:56:17.0713 4900 idsvc - ok
08:56:17.0760 4900 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
08:56:17.0760 4900 iirsp - ok
08:56:17.0807 4900 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
08:56:17.0916 4900 IKEEXT - ok
08:56:17.0932 4900 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
08:56:17.0947 4900 intelide - ok
08:56:17.0963 4900 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
08:56:17.0979 4900 intelppm - ok
08:56:18.0025 4900 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
08:56:18.0025 4900 IPBusEnum - ok
08:56:18.0072 4900 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:56:18.0088 4900 IpFilterDriver - ok
08:56:18.0400 4900 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
08:56:18.0415 4900 iphlpsvc - ok
08:56:18.0447 4900 IpInIp - ok
08:56:18.0634 4900 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
08:56:18.0759 4900 IPMIDRV - ok
08:56:18.0790 4900 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
08:56:18.0790 4900 IPNAT - ok
08:56:19.0133 4900 iPod Service (6e27978a4755f4789f912f5f49392f7c) C:\Program Files\iPod\bin\iPodService.exe
08:56:19.0320 4900 iPod Service - ok
08:56:19.0336 4900 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
08:56:19.0351 4900 IRENUM - ok
08:56:19.0414 4900 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
08:56:19.0570 4900 isapnp - ok
08:56:19.0601 4900 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
08:56:19.0601 4900 iScsiPrt - ok
08:56:19.0617 4900 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
08:56:19.0632 4900 iteatapi - ok
08:56:19.0648 4900 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
08:56:19.0663 4900 iteraid - ok
08:56:19.0679 4900 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
08:56:19.0679 4900 kbdclass - ok
08:56:19.0710 4900 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
08:56:19.0710 4900 kbdhid - ok
08:56:19.0851 4900 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
08:56:19.0866 4900 KeyIso - ok
08:56:19.0913 4900 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
08:56:19.0929 4900 KSecDD - ok
08:56:19.0975 4900 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
08:56:19.0991 4900 KtmRm - ok
08:56:20.0209 4900 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
08:56:20.0209 4900 LanmanServer - ok
08:56:20.0381 4900 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
08:56:20.0428 4900 LanmanWorkstation - ok
08:56:21.0239 4900 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
08:56:21.0255 4900 LightScribeService - ok
08:56:21.0364 4900 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
08:56:21.0395 4900 lltdio - ok
08:56:21.0879 4900 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
08:56:21.0941 4900 lltdsvc - ok
08:56:22.0035 4900 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
08:56:22.0128 4900 lmhosts - ok
08:56:22.0206 4900 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
08:56:22.0393 4900 LSI_FC - ok
08:56:22.0409 4900 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
08:56:22.0425 4900 LSI_SAS - ok
08:56:22.0440 4900 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
08:56:22.0440 4900 LSI_SCSI - ok
08:56:22.0456 4900 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
08:56:22.0471 4900 luafv - ok
08:56:22.0534 4900 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
08:56:22.0549 4900 MBAMProtector - ok
08:56:22.0768 4900 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
08:56:22.0908 4900 MBAMService - ok
08:56:22.0955 4900 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
08:56:22.0971 4900 Mcx2Svc - ok
08:56:23.0080 4900 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
08:56:23.0080 4900 mdmxsdk - ok
08:56:23.0205 4900 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
08:56:23.0220 4900 megasas - ok
08:56:23.0797 4900 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
08:56:24.0016 4900 MegaSR - ok
08:56:24.0078 4900 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
08:56:24.0172 4900 MMCSS - ok
08:56:24.0250 4900 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
08:56:24.0265 4900 Modem - ok
08:56:24.0312 4900 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
08:56:24.0328 4900 monitor - ok
08:56:24.0421 4900 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
08:56:24.0546 4900 mouclass - ok
08:56:24.0593 4900 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
08:56:24.0593 4900 mouhid - ok
08:56:24.0640 4900 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
08:56:24.0655 4900 MountMgr - ok
08:56:24.0765 4900 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
08:56:24.0889 4900 mpio - ok
08:56:24.0905 4900 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
08:56:24.0921 4900 mpsdrv - ok
08:56:24.0983 4900 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
08:56:25.0186 4900 MpsSvc - ok
08:56:25.0201 4900 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
08:56:25.0201 4900 Mraid35x - ok
08:56:25.0279 4900 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
08:56:25.0295 4900 MRxDAV - ok
08:56:25.0373 4900 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:56:25.0373 4900 mrxsmb - ok
08:56:25.0482 4900 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:56:25.0513 4900 mrxsmb10 - ok
08:56:25.0576 4900 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:56:25.0685 4900 mrxsmb20 - ok
08:56:25.0716 4900 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys
08:56:25.0716 4900 msahci - ok
08:56:25.0732 4900 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
08:56:25.0747 4900 msdsm - ok
08:56:25.0779 4900 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
08:56:25.0888 4900 MSDTC - ok
08:56:25.0935 4900 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
08:56:25.0935 4900 Msfs - ok
08:56:25.0950 4900 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
08:56:25.0966 4900 msisadrv - ok
08:56:25.0997 4900 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
08:56:26.0013 4900 MSiSCSI - ok
08:56:26.0013 4900 msiserver - ok
08:56:26.0044 4900 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
08:56:26.0059 4900 MSKSSRV - ok
08:56:26.0091 4900 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
08:56:26.0106 4900 MSPCLOCK - ok
08:56:26.0153 4900 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
08:56:26.0153 4900 MSPQM - ok
08:56:26.0278 4900 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
08:56:26.0293 4900 MsRPC - ok
08:56:26.0418 4900 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
08:56:26.0418 4900 mssmbios - ok
08:56:26.0637 4900 MSSQL$SONY_MEDIAMGR - ok
08:56:26.0746 4900 MSSQLServerADHelper (cb7524c21727404bd3140dca32deb7de) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
08:56:26.0808 4900 MSSQLServerADHelper - ok
08:56:26.0871 4900 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
08:56:26.0871 4900 MSTEE - ok
08:56:26.0902 4900 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
08:56:26.0902 4900 Mup - ok
08:56:27.0089 4900 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
08:56:27.0105 4900 napagent - ok
08:56:27.0323 4900 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
08:56:27.0417 4900 NativeWifiP - ok
08:56:27.0635 4900 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
08:56:27.0744 4900 NDIS - ok
08:56:27.0838 4900 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
08:56:27.0853 4900 NdisTapi - ok
08:56:27.0963 4900 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
08:56:27.0963 4900 Ndisuio - ok
08:56:28.0009 4900 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
08:56:28.0119 4900 NdisWan - ok
08:56:28.0212 4900 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
08:56:28.0212 4900 NDProxy - ok
08:56:28.0321 4900 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
08:56:28.0415 4900 NetBIOS - ok
08:56:28.0571 4900 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
08:56:28.0696 4900 netbt - ok
08:56:28.0789 4900 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
08:56:28.0789 4900 Netlogon - ok
08:56:29.0117 4900 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
08:56:29.0382 4900 Netman - ok
08:56:29.0491 4900 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
08:56:29.0491 4900 netprofm - ok
08:56:30.0084 4900 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:56:30.0100 4900 NetTcpPortSharing - ok
08:56:30.0724 4900 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
08:56:30.0849 4900 NETw3v32 - ok
08:56:31.0644 4900 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
08:56:31.0769 4900 nfrd960 - ok
08:56:31.0816 4900 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
08:56:31.0831 4900 NlaSvc - ok
08:56:31.0863 4900 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
08:56:31.0863 4900 Npfs - ok
08:56:31.0894 4900 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
08:56:31.0894 4900 nsi - ok
08:56:31.0925 4900 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
08:56:31.0925 4900 nsiproxy - ok
08:56:32.0143 4900 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
08:56:32.0424 4900 Ntfs - ok
08:56:32.0518 4900 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
08:56:32.0518 4900 ntrigdigi - ok
08:56:32.0549 4900 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
08:56:32.0565 4900 Null - ok
08:56:32.0908 4900 NVENETFD (ae78a7285df03a277415fc62f8ce8f24) C:\Windows\system32\DRIVERS\nvmfdx32.sys
08:56:33.0126 4900 NVENETFD - ok
08:56:33.0173 4900 NVHDA (b0dd52428bf564f5fc5ee331060be2a6) C:\Windows\system32\drivers\nvhda32v.sys
08:56:33.0173 4900 NVHDA - ok
08:56:35.0731 4900 nvlddmkm (9dac05d828e56801fd6ce5fdfced64af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:56:36.0496 4900 nvlddmkm - ok
08:56:37.0822 4900 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
08:56:37.0837 4900 nvraid - ok
08:56:37.0884 4900 nvsmu (0fb6bf3ab170fc5bd403d25e134eafde) C:\Windows\system32\DRIVERS\nvsmu.sys
08:56:37.0900 4900 nvsmu - ok
08:56:38.0134 4900 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
08:56:38.0165 4900 nvstor - ok
08:56:38.0524 4900 nvsvc (51e7f2c26b6ece61c5241f1f731eab2b) C:\Windows\system32\nvvsvc.exe
08:56:38.0664 4900 nvsvc - ok
08:56:38.0758 4900 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
08:56:38.0773 4900 nv_agp - ok
08:56:38.0773 4900 NwlnkFlt - ok
08:56:38.0789 4900 NwlnkFwd - ok
08:56:39.0444 4900 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:56:39.0959 4900 odserv - ok
08:56:40.0255 4900 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
08:56:40.0271 4900 ohci1394 - ok
08:56:40.0614 4900 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:56:40.0645 4900 ose - ok
08:56:41.0503 4900 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
08:56:41.0644 4900 p2pimsvc - ok
08:56:41.0659 4900 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
08:56:41.0675 4900 p2psvc - ok
08:56:41.0909 4900 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
08:56:41.0925 4900 Parport - ok
08:56:42.0034 4900 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
08:56:42.0049 4900 partmgr - ok
08:56:42.0096 4900 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
08:56:42.0096 4900 Parvdm - ok
08:56:42.0174 4900 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
08:56:42.0174 4900 PcaSvc - ok
08:56:42.0439 4900 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
08:56:42.0455 4900 pci - ok
08:56:42.0580 4900 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
08:56:42.0595 4900 pciide - ok
08:56:42.0798 4900 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
08:56:42.0829 4900 pcmcia - ok
08:56:43.0266 4900 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
08:56:43.0329 4900 PEAUTH - ok
08:56:44.0483 4900 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
08:56:44.0935 4900 pla - ok
08:56:46.0511 4900 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
08:56:46.0511 4900 PlugPlay - ok
08:56:46.0870 4900 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
08:56:46.0870 4900 PNRPAutoReg - ok
08:56:46.0901 4900 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
08:56:46.0917 4900 PNRPsvc - ok
08:56:47.0166 4900 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
08:56:47.0244 4900 PolicyAgent - ok
08:56:47.0400 4900 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
08:56:47.0416 4900 PptpMiniport - ok
08:56:47.0541 4900 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
08:56:47.0541 4900 Processor - ok
08:56:47.0697 4900 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
08:56:47.0712 4900 ProfSvc - ok
08:56:47.0790 4900 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
08:56:47.0806 4900 ProtectedStorage - ok
08:56:47.0899 4900 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
08:56:47.0915 4900 PSched - ok
08:56:48.0539 4900 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
08:56:48.0695 4900 ql2300 - ok
08:56:48.0851 4900 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
08:56:48.0913 4900 ql40xx - ok
08:56:49.0101 4900 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
08:56:49.0132 4900 QWAVE - ok
08:56:49.0210 4900 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
08:56:49.0210 4900 QWAVEdrv - ok
08:56:49.0257 4900 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
08:56:49.0303 4900 RasAcd - ok
08:56:49.0475 4900 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
08:56:49.0537 4900 RasAuto - ok
08:56:49.0615 4900 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:56:49.0662 4900 Rasl2tp - ok
08:56:49.0912 4900 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
08:56:49.0974 4900 RasMan - ok
08:56:50.0005 4900 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
08:56:50.0005 4900 RasPppoe - ok
08:56:50.0161 4900 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
08:56:50.0286 4900 RasSstp - ok
08:56:50.0692 4900 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
08:56:50.0895 4900 rdbss - ok
08:56:50.0926 4900 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:56:50.0941 4900 RDPCDD - ok
08:56:53.0032 4900 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
08:56:53.0110 4900 rdpdr - ok
08:56:53.0141 4900 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
08:56:53.0188 4900 RDPENCDD - ok
08:56:53.0578 4900 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
08:56:53.0656 4900 RDPWD - ok
08:56:54.0280 4900 Recovery Service for Windows (0d362785bef9bdf5a6e1f4628d06716d) C:\Program Files\SMINST\BLService.exe
08:56:54.0311 4900 Recovery Service for Windows - ok
08:56:54.0373 4900 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
08:56:54.0373 4900 RemoteAccess - ok
08:56:54.0483 4900 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
08:56:54.0498 4900 RemoteRegistry - ok
08:56:55.0122 4900 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files\CyberLink\Shared files\RichVideo.exe
08:56:55.0138 4900 RichVideo - ok
08:56:55.0309 4900 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
08:56:55.0372 4900 RpcLocator - ok
08:56:57.0727 4900 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
08:56:57.0743 4900 RpcSs - ok
08:56:58.0055 4900 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
08:56:58.0071 4900 rspndr - ok
08:56:58.0211 4900 RTSTOR (8dab5975b5c7923d61506a48e251dbad) C:\Windows\system32\drivers\RTSTOR.SYS
08:56:58.0211 4900 RTSTOR - ok
08:56:58.0336 4900 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
08:56:58.0383 4900 SamSs - ok
08:56:58.0554 4900 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
08:56:58.0632 4900 sbp2port - ok
08:56:58.0741 4900 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
08:56:58.0804 4900 SCardSvr - ok
08:56:59.0241 4900 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
08:56:59.0319 4900 Schedule - ok
08:56:59.0365 4900 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
08:56:59.0365 4900 SCPolicySvc - ok
08:56:59.0428 4900 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
08:56:59.0443 4900 sdbus - ok
08:56:59.0599 4900 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
08:56:59.0662 4900 SDRSVC - ok
08:56:59.0755 4900 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
08:56:59.0755 4900 secdrv - ok
08:56:59.0896 4900 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
08:56:59.0911 4900 seclogon - ok
08:56:59.0989 4900 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
08:57:00.0005 4900 SENS - ok
08:57:00.0052 4900 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
08:57:00.0052 4900 Serenum - ok
08:57:00.0192 4900 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
08:57:00.0208 4900 Serial - ok
08:57:00.0223 4900 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
08:57:00.0223 4900 sermouse - ok
08:57:00.0333 4900 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
08:57:00.0348 4900 SessionEnv - ok
08:57:00.0379 4900 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
08:57:00.0426 4900 sffdisk - ok
08:57:00.0520 4900 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
08:57:00.0582 4900 sffp_mmc - ok
08:57:00.0832 4900 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
08:57:00.0847 4900 sffp_sd - ok
08:57:00.0941 4900 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
08:57:00.0941 4900 sfloppy - ok
08:57:01.0113 4900 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
08:57:01.0128 4900 SharedAccess - ok
08:57:01.0222 4900 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
08:57:01.0331 4900 ShellHWDetection - ok
08:57:01.0471 4900 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
08:57:01.0487 4900 sisagp - ok
08:57:01.0518 4900 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
08:57:01.0518 4900 SiSRaid2 - ok
08:57:01.0549 4900 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
08:57:01.0565 4900 SiSRaid4 - ok
08:57:01.0877 4900 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
08:57:02.0064 4900 SkypeUpdate - ok
08:57:03.0889 4900 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
08:57:04.0217 4900 slsvc - ok
08:57:04.0810 4900 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
08:57:04.0810 4900 SLUINotify - ok
08:57:04.0981 4900 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
08:57:04.0981 4900 Smb - ok
08:57:05.0091 4900 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
08:57:05.0091 4900 SNMPTRAP - ok
08:57:05.0106 4900 SNP2UVC - ok
08:57:05.0262 4900 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
08:57:05.0262 4900 spldr - ok
08:57:05.0356 4900 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
08:57:05.0371 4900 Spooler - ok
08:57:05.0449 4900 sptd (8ea0fd60a5b047e0c734d51aace531c9) C:\Windows\System32\Drivers\sptd.sys
08:57:05.0465 4900 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 8ea0fd60a5b047e0c734d51aace531c9
08:57:05.0465 4900 sptd ( LockedFile.Multi.Generic ) - warning
08:57:05.0465 4900 sptd - detected LockedFile.Multi.Generic (1)
08:57:05.0793 4900 SQLAgent$SONY_MEDIAMGR - ok
08:57:06.0089 4900 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
08:57:06.0105 4900 srv - ok
08:57:06.0339 4900 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
08:57:06.0339 4900 srv2 - ok
08:57:06.0354 4900 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
08:57:06.0370 4900 srvnet - ok
08:57:06.0853 4900 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
08:57:07.0009 4900 SSDPSRV - ok
08:57:07.0212 4900 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
08:57:07.0212 4900 SstpSvc - ok
08:57:07.0540 4900 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
08:57:07.0555 4900 StarWindServiceAE - ok
08:57:07.0649 4900 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
08:57:07.0665 4900 stisvc - ok
08:57:07.0743 4900 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
08:57:07.0743 4900 swenum - ok
08:57:08.0320 4900 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
08:57:08.0429 4900 SwitchBoard - ok
08:57:08.0835 4900 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
08:57:08.0835 4900 swprv - ok
08:57:08.0850 4900 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
08:57:08.0866 4900 Symc8xx - ok
08:57:09.0037 4900 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
08:57:09.0037 4900 Sym_hi - ok
08:57:09.0178 4900 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
08:57:09.0178 4900 Sym_u3 - ok
08:57:09.0209 4900 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
08:57:09.0225 4900 SynTP - ok
08:57:09.0271 4900 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
08:57:09.0287 4900 SysMain - ok
08:57:09.0318 4900 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
08:57:09.0334 4900 TabletInputService - ok
08:57:09.0365 4900 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
08:57:09.0365 4900 TapiSrv - ok
08:57:09.0396 4900 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
08:57:09.0396 4900 TBS - ok
08:57:09.0989 4900 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
08:57:10.0036 4900 Tcpip - ok
08:57:10.0051 4900 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
08:57:10.0067 4900 Tcpip6 - ok
08:57:10.0566 4900 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
08:57:10.0691 4900 tcpipreg - ok
08:57:10.0972 4900 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
08:57:10.0987 4900 TDPIPE - ok
08:57:11.0377 4900 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
08:57:11.0440 4900 TDTCP - ok
08:57:12.0033 4900 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
08:57:12.0469 4900 tdx - ok
08:57:12.0547 4900 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
08:57:12.0594 4900 TermDD - ok
08:57:13.0998 4900 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
08:57:13.0998 4900 TermService - ok
08:57:14.0591 4900 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
08:57:15.0043 4900 Themes - ok
08:57:15.0418 4900 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
08:57:15.0433 4900 THREADORDER - ok
08:57:16.0369 4900 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
08:57:16.0494 4900 TrkWks - ok
08:57:16.0728 4900 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
08:57:16.0728 4900 TrustedInstaller - ok
08:57:16.0822 4900 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:57:16.0822 4900 tssecsrv - ok
08:57:16.0947 4900 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
08:57:16.0947 4900 tunmp - ok
08:57:16.0978 4900 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
08:57:16.0978 4900 tunnel - ok
08:57:18.0538 4900 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
08:57:18.0616 4900 uagp35 - ok
08:57:19.0037 4900 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
08:57:19.0068 4900 udfs - ok
08:57:19.0224 4900 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
08:57:19.0240 4900 UI0Detect - ok
08:57:19.0396 4900 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
08:57:19.0396 4900 uliagpkx - ok
08:57:19.0583 4900 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
08:57:20.0035 4900 uliahci - ok
08:57:20.0082 4900 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
08:57:20.0098 4900 UlSata - ok
08:57:20.0145 4900 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
08:57:20.0238 4900 ulsata2 - ok
08:57:20.0815 4900 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
08:57:20.0862 4900 umbus - ok
08:57:21.0018 4900 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
08:57:21.0034 4900 upnphost - ok
08:57:21.0081 4900 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
08:57:21.0081 4900 USBAAPL - ok
08:57:21.0221 4900 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
08:57:21.0237 4900 usbaudio - ok
08:57:21.0315 4900 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
08:57:21.0315 4900 usbccgp - ok
08:57:21.0377 4900 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
08:57:21.0393 4900 usbcir - ok
08:57:21.0486 4900 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
08:57:21.0595 4900 usbehci - ok
08:57:21.0627 4900 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
08:57:21.0642 4900 usbhub - ok
08:57:21.0689 4900 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
08:57:21.0689 4900 usbohci - ok
08:57:21.0892 4900 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
08:57:21.0954 4900 usbprint - ok
08:57:22.0048 4900 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:57:22.0048 4900 USBSTOR - ok
08:57:22.0095 4900 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
08:57:22.0204 4900 usbuhci - ok
08:57:22.0251 4900 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
08:57:22.0251 4900 usbvideo - ok
08:57:22.0282 4900 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
08:57:22.0282 4900 UxSms - ok
08:57:22.0313 4900 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
08:57:22.0453 4900 vds - ok
08:57:22.0485 4900 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
08:57:22.0485 4900 vga - ok
08:57:22.0531 4900 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
08:57:22.0531 4900 VgaSave - ok
08:57:22.0563 4900 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
08:57:22.0563 4900 viaagp - ok
08:57:22.0594 4900 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
08:57:22.0594 4900 ViaC7 - ok
08:57:22.0641 4900 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
08:57:22.0734 4900 viaide - ok
08:57:22.0921 4900 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
08:57:22.0921 4900 volmgr - ok
08:57:23.0374 4900 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
08:57:23.0452 4900 volmgrx - ok
08:57:23.0935 4900 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
08:57:24.0201 4900 volsnap - ok
08:57:24.0372 4900 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
08:57:24.0388 4900 vsmraid - ok
08:57:24.0731 4900 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
08:57:24.0918 4900 VSS - ok
08:57:25.0542 4900 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
08:57:25.0605 4900 vToolbarUpdater10.2.0 - ok
08:57:26.0431 4900 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
08:57:26.0431 4900 W32Time - ok
08:57:26.0619 4900 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
08:57:26.0619 4900 WacomPen - ok
08:57:26.0790 4900 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
08:57:26.0868 4900 Wanarp - ok
08:57:26.0884 4900 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
08:57:26.0884 4900 Wanarpv6 - ok
08:57:27.0071 4900 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
08:57:27.0445 4900 wcncsvc - ok
08:57:27.0508 4900 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
08:57:27.0508 4900 WcsPlugInService - ok
08:57:27.0679 4900 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
08:57:27.0679 4900 Wd - ok
08:57:27.0820 4900 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
08:57:28.0007 4900 Wdf01000 - ok
08:57:28.0023 4900 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
08:57:28.0023 4900 WdiServiceHost - ok
08:57:28.0038 4900 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
08:57:28.0038 4900 WdiSystemHost - ok
08:57:28.0085 4900 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
08:57:28.0101 4900 WebClient - ok
08:57:28.0444 4900 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
08:57:28.0475 4900 Wecsvc - ok
08:57:28.0506 4900 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
08:57:28.0506 4900 wercplsupport - ok
08:57:28.0912 4900 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
08:57:28.0959 4900 WerSvc - ok
08:57:29.0130 4900 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
08:57:29.0161 4900 winachsf - ok
08:57:30.0082 4900 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
08:57:30.0097 4900 WinDefend - ok
08:57:30.0113 4900 WinHttpAutoProxySvc - ok
08:57:30.0316 4900 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
08:57:30.0316 4900 Winmgmt - ok
08:57:32.0313 4900 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
08:57:32.0531 4900 WinRM - ok
08:57:33.0139 4900 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
08:57:33.0186 4900 Wlansvc - ok
08:57:33.0685 4900 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:57:33.0701 4900 wlcrasvc - ok
08:57:34.0341 4900 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:57:34.0450 4900 wlidsvc - ok
08:57:34.0731 4900 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:57:34.0731 4900 WmiAcpi - ok
08:57:35.0308 4900 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
08:57:35.0417 4900 wmiApSrv - ok
08:57:36.0041 4900 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
08:57:36.0088 4900 WMPNetworkSvc - ok
08:57:36.0181 4900 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
08:57:36.0275 4900 WPCSvc - ok
08:57:36.0400 4900 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
08:57:36.0400 4900 WPDBusEnum - ok
08:57:36.0649 4900 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
08:57:36.0743 4900 WpdUsb - ok
08:57:37.0289 4900 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:57:37.0429 4900 WPFFontCache_v0400 - ok
08:57:37.0476 4900 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
08:57:37.0492 4900 ws2ifsl - ok
08:57:37.0632 4900 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
08:57:37.0632 4900 wscsvc - ok
08:57:37.0648 4900 WSearch - ok
08:57:38.0241 4900 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
08:57:38.0256 4900 wuauserv - ok
08:57:38.0755 4900 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
08:57:38.0787 4900 wudfsvc - ok
08:57:38.0880 4900 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
08:57:38.0989 4900 XAudio - ok
08:57:39.0036 4900 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
08:57:39.0208 4900 XAudioService - ok
08:57:39.0239 4900 XDva393 - ok
08:57:39.0598 4900 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
08:57:39.0645 4900 yukonwlh - ok
08:57:39.0785 4900 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
08:57:39.0863 4900 \Device\Harddisk0\DR0 - ok
08:57:39.0957 4900 Boot (0x1200) (9f4cf0f1aa52631794d20a3e083fba49) \Device\Harddisk0\DR0\Partition0
08:57:39.0972 4900 \Device\Harddisk0\DR0\Partition0 - ok
08:57:40.0035 4900 Boot (0x1200) (118f8ff060c1de8d16782d5e3b1c42e2) \Device\Harddisk0\DR0\Partition1
08:57:40.0035 4900 \Device\Harddisk0\DR0\Partition1 - ok
08:57:40.0035 4900 ============================================================
08:57:40.0035 4900 Scan finished
08:57:40.0035 4900 ============================================================
08:57:40.0050 4312 Detected object count: 3
08:57:40.0050 4312 Actual detected object count: 3
08:58:30.0360 4312 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
08:58:30.0360 4312 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
08:58:30.0469 4312 C:\Windows\system32\drivers\arc.sys - copied to quarantine
08:58:30.0657 4312 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
08:58:30.0672 4312 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
08:58:30.0672 4312 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
08:58:30.0797 4312 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
08:58:31.0093 4312 Backup copy found, using it..
08:58:31.0156 4312 C:\Windows\system32\drivers\arc.sys - will be cured on reboot
08:58:31.0156 4312 arc ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
08:58:31.0171 4312 sptd ( LockedFile.Multi.Generic ) - skipped by user
08:58:31.0171 4312 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
08:58:39.0720 5424 Deinitialize success

[Elise]

That confirmed indeed the rootkit. While it is gone now, please read the following information before continuing.

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and cleaned, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


COMBOFIX
---------------
Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

[SweetieLydia]

Hmmm I'm a little unsure on what to do. My computer doesn't have high ''private'' information except for my debit card account. I do believe a re-instal and reformat would be good. I've been having these problems for a while and to be honest, haha I just want to get rid of it all and start over. I'm not too sure how that works though. That's re-installing everything right? The laptop I am using right now has a broken screen, so I am forced to use a separate screen connected to it that only ''activates'' on log in. I've tried re-installing Vista and everything in the past but with the separate screen, I can't see the first screens where the ''install'' would show normally.

Also, I'm assuming that would require the original disc I downloaded Vista with on my computer? What do you believe I should do about the screen issue. Is there a way to re-instal and re-format while using my separate screen? If yes, any more information you could give?

[Elise]

In that case the best option would be to go for the cleanup at this point. Once the computer is clean you can always decide to do a reformat/reinstall. I'm not sure there is anything you can do about the screen issue though.

[SweetieLydia]

Ok ! I did the clean up with Combofix and here is my log:

ComboFix 12-04-31.02 - Amy 30/04/2012 10:33:26.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2814.1622 [GMT -4:00]
Running from: c:\users\Amy\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\premieropinion
c:\program files\premieropinion\asmcf.dat
c:\program files\premieropinion\ncncf.dat
c:\program files\premieropinion\nscf.dat
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar
c:\programdata\Microsoft\Windows\Start Menu\Programs\PremierOpinion
c:\users\Amy\AppData\Local\.#
c:\users\Amy\AppData\Local\assembly\tmp
c:\users\Amy\AppData\Roaming\app
c:\users\Amy\AppData\Roaming\app\Jerakine_lang.dat
c:\users\Amy\AppData\Roaming\app\Jerakine_lang_vesrion.dat
c:\users\Amy\AppData\Roaming\RIFT
c:\users\Amy\AppData\Roaming\RIFT\rift.cfg
c:\users\Amy\AppData\Roaming\WeatherDPA
c:\users\Amy\Documents\~WRL0430.tmp
c:\users\Amy\Documents\~WRL0440.tmp
c:\users\Amy\Documents\~WRL0616.tmp
c:\users\Amy\Documents\~WRL1002.tmp
c:\users\Amy\Documents\~WRL1029.tmp
c:\users\Amy\Documents\~WRL1966.tmp
c:\users\Amy\Documents\~WRL2188.tmp
c:\users\Amy\Documents\~WRL2256.tmp
c:\users\Amy\Documents\~WRL2391.tmp
c:\users\Amy\Documents\~WRL2677.tmp
c:\users\Amy\Documents\~WRL2759.tmp
c:\users\Amy\Documents\~WRL2766.tmp
c:\users\Amy\Documents\~WRL2932.tmp
c:\users\Amy\Documents\~WRL3112.tmp
c:\users\Amy\Documents\~WRL3191.tmp
c:\users\Amy\Documents\~WRL3611.tmp
c:\users\Amy\Documents\~WRL3627.tmp
c:\users\Amy\Documents\~WRL3786.tmp
c:\users\Amy\Documents\~WRL3950.tmp
c:\users\Amy\Documents\~WRL4082.tmp
c:\windows\system32\spsys.log
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-30 )))))))))))))))))))))))))))))))
.
.
2012-04-30 15:01 . 2012-04-30 15:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-30 15:01 . 2012-04-30 15:01 -------- d-----w- c:\users\Shamrock Produktions\AppData\Local\temp
2012-04-30 12:58 . 2012-04-30 12:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-30 02:00 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-30 02:00 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-30 02:00 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-30 02:00 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-30 01:58 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-30 01:58 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-30 01:48 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-04-30 01:48 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-04-30 01:48 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-30 01:48 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-04-30 01:41 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-04-30 01:41 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-04-30 01:41 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-04-30 01:41 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-04-30 01:40 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-04-29 19:52 . 2012-04-29 19:52 -------- d-----w- c:\program files\Trend Micro
2012-04-29 18:34 . 2012-04-29 18:34 -------- d-----w- c:\users\Amy\AppData\Roaming\Malwarebytes
2012-04-26 19:15 . 2012-04-26 19:15 -------- d-----w- c:\users\Amy\AppData\Roaming\yess
2012-04-23 12:59 . 2012-04-30 15:00 -------- d-----w- c:\users\Amy\AppData\Local\assembly
2012-04-23 12:58 . 2012-04-23 17:10 -------- d-----w- c:\program files\NCSoft
2012-04-23 12:55 . 2012-04-23 12:55 -------- d-----w- c:\users\Amy\AppData\Roaming\InstallShield
2012-04-20 07:29 . 2012-04-29 18:19 -------- d-----w- c:\program files\World of Warcraft Beta
2012-04-17 16:48 . 2012-04-17 16:50 -------- d-----w- c:\users\Amy\AppData\Roaming\Digiarty
2012-04-17 16:47 . 2012-04-17 16:50 -------- d-----w- c:\program files\Digiarty
2012-04-17 16:37 . 2012-04-17 16:37 -------- d-----w- c:\users\Amy\AppData\Roaming\Apowersoft
2012-04-17 16:26 . 2012-04-17 16:26 -------- d-----w- c:\programdata\NCH Software
2012-04-17 16:26 . 2012-04-17 16:27 -------- d-----w- c:\users\Amy\AppData\Roaming\NCH Software
2012-04-13 12:42 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-13 06:00 . 2012-04-13 06:02 -------- d-----w- c:\programdata\Battle.net
2012-04-03 22:08 . 2012-04-03 22:08 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\5807e0d01cd11e604\MeshBetaRemover.exe
2012-04-03 22:07 . 2012-04-03 22:07 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\38f096b01cd11e603\DSETUP.dll
2012-04-03 22:07 . 2012-04-03 22:07 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\38f096b01cd11e603\DXSETUP.exe
2012-04-03 22:07 . 2012-04-03 22:07 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\38f096b01cd11e603\dsetup32.dll
2012-04-03 22:07 . 2012-04-03 22:07 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\2e4061f01cd11e602\DSETUP.dll
2012-04-03 22:07 . 2012-04-03 22:07 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\2e4061f01cd11e602\DXSETUP.exe
2012-04-03 22:07 . 2012-04-03 22:07 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\2e4061f01cd11e602\dsetup32.dll
2012-04-02 13:18 . 2012-04-02 13:18 -------- d-----w- c:\program files\Common Files\Skype
2012-04-02 08:02 . 2010-01-13 20:48 230752 ----a-w- c:\windows\patchw32.dll
2012-04-02 07:39 . 2012-04-20 08:17 -------- d-----w- c:\program files\Outspark
2012-04-02 06:03 . 2012-04-11 00:22 -------- d-----w- c:\users\Amy\AppData\Local\PMB Files
2012-04-02 06:02 . 2012-04-02 06:03 -------- d-----w- c:\programdata\PMB Files
2012-04-02 06:01 . 2012-04-02 06:02 -------- d-----w- c:\program files\Pando Networks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-30 13:00 . 2006-11-02 07:36 79416 ----a-w- c:\windows\system32\drivers\arc.sys
2012-04-19 19:28 . 2010-10-07 21:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-29 22:45 . 2011-03-28 22:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-09 20:03 . 2011-07-11 23:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-02-04 01:20 . 2012-02-04 01:20 0 ---ha-w- c:\users\Amy\AppData\Local\BIT4060.tmp
2012-02-04 01:18 . 2012-02-04 01:18 0 ---ha-w- c:\users\Amy\AppData\Local\BIT31CC.tmp
2012-02-04 01:18 . 2012-02-04 01:18 0 ---ha-w- c:\users\Amy\AppData\Local\BIT1382.tmp
2012-02-04 01:12 . 2012-02-04 01:12 0 ---ha-w- c:\users\Amy\AppData\Local\BITF9B.tmp
2012-02-04 01:12 . 2012-02-04 01:12 0 ---ha-w- c:\users\Amy\AppData\Local\BIT1289.tmp
2012-02-02 18:57 . 2012-02-02 18:57 808440 ----a-w- c:\windows\system32\CDDBUI.dll
2012-02-02 18:57 . 2012-02-02 18:57 796152 ----a-w- c:\windows\system32\CDDBControl.dll
2012-02-02 18:57 . 2012-02-02 18:57 169464 ----a-w- c:\windows\system32\CddbLangRU.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Freecorder\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-13 03:10 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 21:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"= "c:\program files\Astroburn Toolbar\ABToolbar.dll" [2011-05-23 1000768]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{efeed92a-a33d-4873-ba8f-32baa631e54d}]
[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}]
[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
"{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"= "c:\program files\Astroburn Toolbar\ABToolbar.dll" [2011-05-23 1000768]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{efeed92a-a33d-4873-ba8f-32baa631e54d}]
[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}]
[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-15 39408]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Akamai NetSession Interface"="c:\users\Amy\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2008-12-03 542136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-13 982880]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-05 928096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Gestionnaire Antidote.exe"="c:\progra~1\Druide\Antidote\Gestionnaire Antidote.exe" [2008-12-03 542136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 90611446
*Deregistered* - 90611446
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd09fc6922bb47.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-29 16:03]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc4fb9b1e3d4eb.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-29 16:03]
.
2011-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-171740006-2288968661-193012664-1000Core1cc6ed19e0acd30.job
- c:\users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-13 06:22]
.
2012-04-30 c:\windows\Tasks\HPCeeScheduleForAmy.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-20 18:34]
.
2011-06-20 c:\windows\Tasks\{00C89A4D-BFCA-4C33-B8FF-A508499176F5}.job
- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]
.
2011-09-10 c:\windows\Tasks\{783DD85C-1A5E-4A67-8897-EBE35CDC7725}.job
- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]
.
2011-09-19 c:\windows\Tasks\{79F2124E-BEF3-4197-AE52-380354712124}.job
- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]
.
2011-10-16 c:\windows\Tasks\{99FA5890-163B-4958-B01E-E89675AB52FD}.job
- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]
.
2011-08-23 c:\windows\Tasks\{B732499B-DD1D-4805-9608-65F11F731AE5}.job
- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]
.
2011-10-07 c:\windows\Tasks\{E879C9BF-E54D-416E-BF81-FBAAB9AA589A}.job
- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Save video on Savevid.com - c:\program files\Savevid\redirect.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-fsm - (no file)
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-PlayNC Launcher - (no file)
HKLM-Run-PLFSetL - c:\windows\PLFSetL.exe
SafeBoot-90611446.sys
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-30 11:06
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-04-30 11:14:15
ComboFix-quarantined-files.txt 2012-04-30 15:13
.
Pre-Run: 17,921,880,064 bytes free
Post-Run: 33,289,764,864 bytes free
.
- - End Of File - - 44F2085D41F63BCEC729FCEB7CE37717

[Elise]

That is looking good, how is everything running at this point?

I recommend you to uninstall Freecorder toolbar, as it is a questionable program and cane in some cases slow down your browser. You can uninstall this program using Programs and Features in Control Panel.

Can you please rerun DDS and post me attach.txt (no need for dds.txt).

[SweetieLydia]

Things are definitely running much faster now I uninstalled the Freecorder Toolbar. Here is the attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/09/2009 6:22:15 AM
System Uptime: 30/04/2012 9:00:04 AM (2 hours ago)
.
Motherboard: Wistron | | 303C
Processor: AMD Athlon Dual-Core QL-64 | Socket A | 1050/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 31.32 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.457 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0006
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0006
Service: tunnel
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description:
Device ID: ROOT\SYSTEM\0001
Manufacturer:
Name:
PNP Device ID: ROOT\SYSTEM\0001
Service:
.
==== System Restore Points ===================
.
RP640: 30/04/2012 9:18:22 AM - Language Pack Removal
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.65
ACID Pro 7.0
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color Video Profiles AE CS4
Adobe Community Help
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Exporter
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS5
Adobe Reader 9.5.0
Adobe Setup
Adobe Shockwave Player
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Akamai NetSession Interface
Akamai NetSession Interface Service
aMSN 0.98.4
Antidote RX v7
Any Video Converter 3.0.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Ask Toolbar
Astroburn Lite
Astroburn Toolbar
Atheros Driver Installation Program
Audacity 1.3.12 (Unicode)
Audio Player ActiveX
AVG 2011
Bonjour
Boris Continuum Complete 7 for Avid
CamStudio OSS Desktop Recorder
Camtasia Studio 6
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink DVD Suite
CyberLink YouCam
D3DX10
DAEMON Tools Lite
ESU for Microsoft Vista
Express Burn Disc Burning Software
Finale NotePad 2011
FL Studio 9
Fraps (remove only)
Fwink
GOM Player
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Graboid Video 3.05
HDAUDIO Soft Data Fax Modem with SmartCP
Hotel Dash Suite Success
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Games
HP Help and Support
HP Pavilion Webcam Driver for Vista v061.001.00006
HP Product Detection
HP Quick Launch Buttons 6.40 H2
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
IL Download Manager
iTunes
Java Auto Updater
Java™ 6 Update 31
Java™ 6 Update 7
Junk Mail filter update
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft DirectX SDK (April 2007)
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MixPad Audio Mixer
MSVCRT
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My Tribe
NCsoft Launcher
NetWaiting
NetZero Preloader
NVIDIA Drivers
Opera 11.62
Pando Media Booster
Passport to Paradise
PDF Settings CS5
Photoshop Camera Raw
Pixel Bender Toolkit
PoiZone
Power2Go
PowerDirector
PVSonyDll
QuickTime
Realtek USB 2.0 Card Reader
Rosetta Stone Version 3
Safari
SaveVid Plug-in
Sawer
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Skype Click to Call
Skype™ 5.8
Software Informer 1.0 BETA
Sony ACID Pro 6.0
Sony Media Manager 2.2
Suite Shared Configuration CS4
Super Mp3 Recorder Professional v6.2
Synaptics Pointing Device Driver
System Requirements Lab
Toxic Biohazard
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vegas Movie Studio HD 9.0
Vegas Pro 11.0
Ventrilo Client
VirtualDJ Home FREE
VLC media player 1.0.1
WavePad Sound Editor
Web Games Player Plugin
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.00 beta 3 (32-bit)
WinX HD Video Converter Deluxe 3.12.2
WinX Video Converter 4.5.11
World of Warcraft
World of Warcraft Beta
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
30/04/2012 9:20:17 AM, Error: Microsoft-Windows-LanguagePackSetup [1003] - CBS error 0x800f0825 reported while operating on UI Language Pack for fr-FR
30/04/2012 9:02:08 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
30/04/2012 8:59:18 AM, Error: Microsoft-Windows-LanguagePackSetup [1003] - CBS error 0x800706ba reported while operating on UI Language Pack for fr-FR
30/04/2012 8:47:54 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Skype Updater service to connect.
30/04/2012 8:47:54 AM, Error: Service Control Manager [7000] - The Skype Updater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
30/04/2012 8:47:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service SkypeUpdate with arguments "/ComService" in order to run the server: {CC957078-B838-47C4-A7CF-626E7A82FC58}
30/04/2012 8:45:55 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate1ca58b169fd7b60) service to connect.
30/04/2012 8:45:55 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate1ca58b169fd7b60) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
30/04/2012 8:45:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate1ca58b169fd7b60 with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
30/04/2012 8:43:27 AM, Error: EventLog [6008] - The previous system shutdown at 8:38:56 AM on 30/04/2012 was unexpected.
30/04/2012 8:37:14 AM, Error: EventLog [6008] - The previous system shutdown at 8:34:10 AM on 30/04/2012 was unexpected.
30/04/2012 8:31:06 AM, Error: EventLog [6008] - The previous system shutdown at 8:28:01 AM on 30/04/2012 was unexpected.
30/04/2012 7:35:08 AM, Error: Service Control Manager [7031] - The Norton Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
30/04/2012 11:05:50 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
30/04/2012 10:31:47 AM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
29/04/2012 6:34:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
29/04/2012 6:34:27 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
29/04/2012 6:34:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
28/04/2012 3:20:32 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
28/04/2012 3:19:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
28/04/2012 3:19:36 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
28/04/2012 3:19:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
28/04/2012 3:14:44 AM, Error: EventLog [6008] - The previous system shutdown at 3:11:48 AM on 28/04/2012 was unexpected.
24/04/2012 11:14:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the hpqwmiex service to connect.
24/04/2012 11:14:20 AM, Error: Service Control Manager [7000] - The hpqwmiex service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
24/04/2012 11:14:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
24/04/2012 11:13:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
24/04/2012 11:13:36 AM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.
24/04/2012 11:08:07 AM, Error: EventLog [6008] - The previous system shutdown at 11:05:36 AM on 24/04/2012 was unexpected.
24/04/2012 10:59:56 AM, Error: EventLog [6008] - The previous system shutdown at 10:56:27 AM on 24/04/2012 was unexpected.
24/04/2012 10:53:00 AM, Error: EventLog [6008] - The previous system shutdown at 10:49:33 AM on 24/04/2012 was unexpected.
24/04/2012 10:47:12 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Com4QLBEx service to connect.
24/04/2012 10:47:12 AM, Error: Service Control Manager [7000] - The Com4QLBEx service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
24/04/2012 10:47:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service Com4QLBEx with arguments "" in order to run the server: {DB536E5D-10F7-4B34-B443-140161048E2E}
24/04/2012 10:43:53 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Cyberlink RichVideo Service(CRVS) service to connect.
24/04/2012 10:43:53 AM, Error: Service Control Manager [7000] - The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
24/04/2012 10:40:50 AM, Error: EventLog [6008] - The previous system shutdown at 10:25:22 AM on 24/04/2012 was unexpected.
.
==== End Of File ===========================

[Elise]

Good to hear that!

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

• Download the latest version of Adobe Reader Version X. and save it to your desktop.
  
• Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  
• Click the download button at the bottom.
  
• If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  
• Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
  If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  
• Then from your desktop double-click on Adobe Reader to install the newest version.
  If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  
• When the "Adobe Setup - Welcome" window opens, click the Install > button.
  
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!


Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

• Download the latest version of Java Runtime Environment (JRE) Version 7u3.
  
• Look for "JDK 7u3 (JDK or JRE).
  
• Click the "Download JRE" button at the right.
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
  • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
• Save it to your desktop
  
• Close any programs you may have running - especially your web browser.
  
• Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  
• Reboot your computer once all Java components are removed.
  
• Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

Please launch MBAM, update it and run a full scan. Post me the resulting log.

[SweetieLydia]

Did everything Here is the MBAM log:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.30.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19190
Amy :: AMY-PC [administrator]

Protection: Enabled

30/04/2012 12:52:20 PM
mbam-log-2012-04-30 (12-52-20).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 597761
Time elapsed: 7 hour(s), 27 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Amy\Downloads\Sony Vegas Movie Studio HD Platinum 10.0.179 + Keygen [RH]\SV.MST.HD.PE.10.0.179_[RH]\Sony Vegas Movie Studio HD Platinum 10.0.179\Keygen\Patch (Extra included)\Patch_Vegas.Movie.Studio.HD.Platinum.10.0.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Program Files\Mystery Case Files - Dire Grove Collector's Edition\Uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Users\Amy\Downloads\Warcraft 3\warcraft3 keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

[Elise]

Looks good, however keep in mind that using pirated software isn't only illegal, but also quite likely to get a computer infected with all latest nasties.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on this link to open ESET OnlineScan in a new window.
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the
    icon on your desktop.
• Check "YES, I accept the Terms of Use."
  
• Click the Start button.
  
• Accept any security warnings from your browser.
  
• Under scan settings, check "Scan Archives" and "Remove found threats"
  
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, click List Threats
  
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  
• Click the Back button.
  
• Click the Finish button.

[SweetieLydia]

Ok, even more reasons to rid of it. Here is the results of ESETScan:

C:\ProgramData\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}\SavevidSetupV2.res a variant of Win32/Toolbar.SearchSuite application deleted - quarantined
C:\TDSSKiller_Quarantine\30.04.2012_08.54.41\rtkt0000\svc0000\tsk0000.dta Win32/Olmarik.ZC trojan cleaned - quarantined
C:\TDSSKiller_Quarantine\30.04.2012_08.54.41\rtkt0000\tdlfs0000\tsk0003.dta Win32/Olmarik.YR trojan cleaned by deleting - quarantined
C:\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\177237ca-60599f86 multiple threats deleted - quarantined
C:\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\53b3d6cd-4f530223 multiple threats deleted - quarantined
C:\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\47b9e491-5b934651 multiple threats deleted - quarantined
C:\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\63ff10c2-24c45853 multiple threats deleted - quarantined
C:\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\4808c9f2-37e8c2a5 multiple threats deleted - quarantined
C:\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\2606caba-295732bf multiple threats deleted - quarantined
C:\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\551652ba-44709b88 multiple threats deleted - quarantined
C:\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\5ebe80bd-7ccc9759 multiple threats deleted - quarantined
C:\Users\Amy\Documents\Raph^_^\Adobe After Effects CS4.exe BAT/HostsChanger.A application deleted - quarantined
C:\Users\Amy\Documents\Raph^_^\flstudio_9.0_final.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Amy\Documents\Raph^_^\Adobe After Effects CS4\Activation & Instructions\Activation Blocker.cmd BAT/HostsChanger.A application cleaned by deleting - quarantined
C:\Users\Amy\Downloads\flstudio_9.0.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Amy\Downloads\SoftonicDownloader_for_particleillusion.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Users\Amy\Downloads\Sony Vegas Pro 10 Keygen.rar a variant of Win32/Packed.VMProtect.AAD trojan deleted - quarantined

[Elise]

Yes, indeed, its safer to stay away from them.

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean

Please do the following to remove the remaining programs from your PC:

• Delete the tools used during the disinfection:
  • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

Please read these advices, in order to prevent reinfecting your PC:

• Install and update the following programs regularly:
  • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
    A comprehensive tutorial and a list of possible firewalls can be found here.
    
  • an AntiVirus Software
    It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    
  • an Anti-Spyware program
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    
  • Spyware Blaster
    A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
• Keep Windows (and your other Microsoft software) up to date!
  I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
  Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  
• Keep your other software up to date as well
  Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  
• Stay up to date!
  The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

• Miekies' prevention suggestions
  
• So How did I get infected?
  
• Microsoft - 'Security at home'
  
• Calendar of Updates: See which updates have been released.
  
• How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:
  
• Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
  
• osalt: Find (free) open source alternatives to known commercial software.

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

[SweetieLydia]

Perfect Thank you so much! One last question, do I remove HijackThis?

[Elise]

Yes, Hijackthis can be uninstalled and any other tool you still have can be deleted (the same goes for logs). Only be sure you uninstall combofix as instructed above.

I will request this topic to be closed.