Jump to content

Malwarebytes

Infected with Dropper.Bcminer, Generic28.ANIC, rootkit.0access, backdoor back

- - - - -
Started by Rickaber, Aug 08 2012 02:00 PM


16 replies to this topic

#1
Rickaber
Posted 08 August 2012 - 02:00 PM

    New Member

  • Members
  • Pip
  • 10 posts
Quite a mess. I see you are working on several already. I need some help can't do it on my own.
Rick

#2
screen317
Posted 08 August 2012 - 02:04 PM

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,465 posts
  • Gender:Male
  • Location:New Haven, CT
Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3
Rickaber
Posted 08 August 2012 - 02:50 PM

    New Member

  • Members
  • Pip
  • 10 posts
Scaned with MBAM, shows 12 log files should I open and post all?
Let me know if these are OK and next step, thank you. Rick

2012/08/08 07:23:17 -0500 RICK-PC Rick MESSAGE Starting protection
2012/08/08 07:23:21 -0500 RICK-PC Rick MESSAGE Protection started successfully
2012/08/08 07:23:24 -0500 RICK-PC Rick MESSAGE Starting IP protection
2012/08/08 07:23:24 -0500 RICK-PC Rick ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/08/08 07:23:25 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 07:26:12 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 07:26:12 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 07:31:56 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 07:31:56 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 07:32:11 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 07:37:26 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 07:37:27 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 07:37:27 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 07:37:28 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 07:51:45 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 07:53:40 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 07:53:43 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 07:54:04 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 07:54:16 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 07:54:16 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 08:00:03 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 08:10:02 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 08:10:03 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 08:22:18 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 08:25:56 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 08:25:59 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 08:26:53 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 08:26:53 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 08:45:06 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 08:45:06 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 08:48:11 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 08:50:26 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 08:50:26 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 08:55:27 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 08:55:28 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 09:01:02 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 09:01:03 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 09:16:26 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 09:16:26 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 09:33:57 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 09:33:57 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 09:38:06 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 09:43:05 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 09:48:25 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 09:48:26 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 09:56:29 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 09:56:32 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 09:59:12 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 09:59:12 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 10:16:02 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 10:16:02 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 10:31:56 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 10:31:56 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 10:47:16 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 10:47:16 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 10:53:59 -0500 RICK-PC Rick MESSAGE Executing scheduled update: Daily
2012/08/08 10:54:09 -0500 RICK-PC Rick MESSAGE Starting database refresh
2012/08/08 10:54:09 -0500 RICK-PC Rick MESSAGE Scheduled update executed successfully: database updated from version v2012.08.07.06 to version v2012.08.08.07
2012/08/08 10:54:12 -0500 RICK-PC Rick MESSAGE Database refreshed successfully
2012/08/08 10:58:30 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 10:58:30 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 11:08:52 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 11:08:52 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 11:23:13 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 11:23:13 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 11:37:42 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 11:37:43 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 11:51:26 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 11:51:27 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 12:01:47 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 12:01:47 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 12:14:06 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 12:14:06 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 12:19:09 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 12:19:09 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 12:34:41 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 12:34:41 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 12:48:32 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 12:48:32 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 12:54:02 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 13:03:53 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 13:03:53 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 13:18:49 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 13:18:49 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 13:31:02 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 13:31:03 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 13:36:40 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 13:41:53 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 13:41:53 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 13:42:31 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 13:58:09 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 13:58:09 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 14:13:59 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 14:14:00 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 14:17:02 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 14:19:21 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\000000cb.@ Rootkit.0Access ALLOW
2012/08/08 14:19:23 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 14:20:48 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 14:22:07 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 14:22:54 -0500 RICK-PC Rick MESSAGE Starting database refresh
2012/08/08 14:23:08 -0500 RICK-PC Rick MESSAGE Database refreshed successfully
2012/08/08 14:26:48 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 14:26:49 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 14:32:25 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\000000cb.@ Rootkit.0Access ALLOW
2012/08/08 14:32:25 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 14:41:06 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW
2012/08/08 14:41:06 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.08.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Rick :: RICK-PC [administrator]

Protection: Enabled

8/8/2012 2:23:07 PM
mbam-log-2012-08-08 (14-23-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 258294
Time elapsed: 4 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Rick at 14:42:52 on 2012-08-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.1573 [GMT -5:00]
.
AV: Lavasoft Ad-Aware *Enabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Enabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Users\Rick\Documents\RCA Detective\RCADetective.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: {8A86D350-37AB-410A-8531-7D1363F317B3} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - Searchqu Toolbar
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [ContactKeeper Birthday reminder] "C:\Program Files (x86)\ContactKeeper\ContactKeeper.exe" /Reminder
uRun: [Easy Dock] C:\Users\Rick\Documents\RCA easyRip\EZDock.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [sbitunesagent] C:\Program Files (x86)\Philips\Philips Songbird\songbirditunesagent.exe
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk.disabled
StartupFolder: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk.disabled
StartupFolder: C:\Users\Rick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RCADET~1.LNK - C:\Users\Rick\Documents\RCA Detective\RCADetective.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk.disabled
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{1208C354-97C5-4451-B68C-C2B2C45836B9} : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
TCP: Interfaces\{1208C354-97C5-4451-B68C-C2B2C45836B9}\2716265627E616478697 : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
TCP: Interfaces\{405F4969-1A06-4677-B746-974FA9DD6BA6} : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
TCP: Interfaces\{405F4969-1A06-4677-B746-974FA9DD6BA6}\C696E6B6379737 : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
TCP: Interfaces\{E2236717-3539-4EC4-ABDA-0B9D7560F5D3} : DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{E2236717-3539-4EC4-ABDA-0B9D7560F5D3}\2716265627E616478697 : DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{F4F2BF47-101D-46CA-9AFD-5CDCDBC9AE66} : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
TCP: Interfaces\{F4F2BF47-101D-46CA-9AFD-5CDCDBC9AE66}\C696E6B6379737 : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO-X64: Ad-Aware Security Toolbar - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: {8A86D350-37AB-410A-8531-7D1363F317B3} - No File
BHO-X64: Fantapper - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
BHO-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - Searchqu Toolbar
BHO-X64: Searchqu Toolbar - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UBNet\UBNet.lnk
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\z6sxmaoi.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B53df7d87-0c97-4a62-a0bd-474c614748d2%7D&mid=a1b7d9edb0581287024df44b9f52c980-351f31d2ccd06ea5391faed251a2d45d3213f1b7&ds=AVG&v=12.1.0.21&lang=en&pr=fr&d=2012-08-02%2007%3A27%3A57&sap=ku&q=
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: C:\Program Files (x86)\Charter Security Suite\NRS\litmus-ff@f-secure.com\components\litmus-ff.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=axl&q=
FF - user.js: extensions.funmoods_i.id - bcafd950000000000000001ee5e3fb7f
FF - user.js: extensions.funmoods_i.instlDay - 15478
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.228:27:42
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.funmoods.hmpg - false
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtByCtB0DtCtC0B0DyEzz0DzyyDtDtN0D0TzutBtDtCtBtDyDtBtA&cr=863154621
FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtByCtB0DtCtC0B0DyEzz0DzyyDtDtN0D0TzutBtDtCtBtDyDtBtA&cr=863154621
FF - user.js: extensions.funmoods.tlbrSrchUrl -
FF - user.js: extensions.funmoods.id - bcafd950000000000000001ee5e3fb7f
FF - user.js: extensions.funmoods.instlDay - 15483
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-4-29 101720]
R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-2 655944]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-5-17 2804280]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-1-21 1692480]
R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-8-2 830048]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
R3 VIACRX64;VIACRX64;C:\Windows\system32\DRIVERS\viacr64.sys --> C:\Windows\system32\DRIVERS\viacr64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FTSvc;Fantapper Player Update Service;"C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe" --> C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-28 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-5-29 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 250056]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-2 1025352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-28 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-05 17:33:38 -------- d-----w- C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-04 13:19:13 -------- d-----w- C:\Program Files\Enigma Software Group
2012-08-04 13:17:56 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-08-04 13:14:36 -------- d-----w- C:\Users\Rick\AppData\Local\Microsoft Help
2012-08-04 13:13:01 -------- d-----w- C:\Windows\System32\wbem\Logs
2012-08-04 12:55:35 -------- d-----w- C:\Users\Rick\AppData\Roaming\DriverCure
2012-08-04 12:55:34 -------- d-----w- C:\Users\Rick\AppData\Roaming\SpeedyPC Software
2012-08-04 12:55:17 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software
2012-08-04 12:55:13 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-08-04 12:55:13 -------- d-----w- C:\Program Files (x86)\SpeedyPC Software
2012-08-03 14:00:40 -------- d-----w- C:\Program Files\iPod
2012-08-03 14:00:38 -------- d-----w- C:\Program Files\iTunes
2012-08-03 13:55:27 -------- d-----w- C:\Program Files\Bonjour
2012-08-03 13:55:27 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-08-02 17:06:03 -------- d-----w- C:\Users\Rick\AppData\Roaming\Malwarebytes
2012-08-02 17:03:51 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-02 17:03:48 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-02 17:03:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-02 12:27:56 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-08-02 12:27:52 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-07-29 19:23:48 -------- d-----w- C:\Users\Rick\AppData\Roaming\Flickr
2012-07-29 19:23:48 -------- d-----w- C:\Users\Rick\AppData\Local\Flickr
2012-07-29 19:22:13 -------- d-----w- C:\Program Files (x86)\Flickr Uploadr
2012-07-29 13:33:16 -------- d--h--w- C:\$AVG
2012-07-29 13:12:02 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-12 08:08:11 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 11:04:19 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 11:04:19 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 11:04:18 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 11:04:17 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-11 11:04:16 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 11:04:16 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-11 11:02:07 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-11 11:02:07 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 11:02:06 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-07-11 11:02:05 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-07-11 11:02:05 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-07-11 11:02:04 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-07-11 11:02:03 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 11:02:02 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
2012-07-11 11:02:02 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 11:02:02 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 11:02:01 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 11:02:00 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 11:01:59 1133568 ----a-w- C:\Windows\System32\cdosys.dll
.
==================== Find3M ====================
.
2012-08-02 23:17:32 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-02 23:17:32 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 14:44:05.95 ===============

#4
Rickaber
Posted 08 August 2012 - 03:42 PM

    New Member

  • Members
  • Pip
  • 10 posts
I have also tried to get rid of the 'funmoods' but can't. They are associated with FF are they harmful? Rick

#5
screen317
Posted 10 August 2012 - 01:49 PM

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,465 posts
  • Gender:Male
  • Location:New Haven, CT
Hi,

If you get anymore of these alerts:


2012/08/08 14:41:06 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

Do not allow them!


Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.


If after ComboFix reboots you get a message about an "Invalid Option Registry Key Marked for Deletion," please reboot again and the error will go away.


-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6
Rickaber
Posted 10 August 2012 - 02:37 PM

    New Member

  • Members
  • Pip
  • 10 posts
Ok glad to see you back.

#7
Rickaber
Posted 10 August 2012 - 03:55 PM

    New Member

  • Members
  • Pip
  • 10 posts
Thanks Screen 317,
Sorry it took so long, kind of fumbling around, but I think this is what you need. Rick



ComboFix 12-08-09.01 - Rick 08/10/2012 15:09:13.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2452 [GMT -5:00]
Running from: c:\users\Rick\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Aware *Disabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\FilmFanatic
c:\program files (x86)\FilmFanatic\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\FilmFanatic\bar\Message\COMMON.T8S
c:\program files (x86)\FilmFanatic\bar\Settings\s_pid.dat
c:\program files (x86)\FilmFanaticEI
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\@
c:\windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\L\00000004.@
c:\windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\L\201d3dde
c:\windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\00000004.@
c:\windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\00000008.@
c:\windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\000000cb.@
c:\windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000000.@
c:\windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@
c:\windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000064.@
.
c:\windows\system32\services.exe . . . is infected!!
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy1_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_FTSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-10 20:21 . 2012-08-10 20:21 -------- d-----w- c:\users\MaRiAh\AppData\Local\temp
2012-08-10 20:21 . 2012-08-10 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 18:18 . 2012-08-05 18:18 -------- d-----w- c:\users\Lisa\AppData\Local\AVG Secure Search
2012-08-05 17:33 . 2012-08-05 17:34 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-04 13:19 . 2012-08-04 13:19 -------- d-----w- c:\program files\Enigma Software Group
2012-08-04 13:17 . 2012-08-04 13:17 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-08-04 13:14 . 2012-08-04 13:14 -------- d-----w- c:\users\Rick\AppData\Local\Microsoft Help
2012-08-04 13:13 . 2012-08-04 13:13 -------- d-----w- c:\windows\system32\wbem\Logs
2012-08-04 12:55 . 2012-08-04 12:55 -------- d-----w- c:\users\Rick\AppData\Roaming\DriverCure
2012-08-04 12:55 . 2012-08-04 12:55 -------- d-----w- c:\users\Rick\AppData\Roaming\SpeedyPC Software
2012-08-04 12:55 . 2012-08-04 12:55 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2012-08-04 12:55 . 2012-08-04 12:55 -------- d-----w- c:\programdata\SpeedyPC Software
2012-08-04 12:55 . 2012-08-04 12:55 -------- d-----w- c:\program files (x86)\SpeedyPC Software
2012-08-03 14:00 . 2012-08-03 14:00 -------- d-----w- c:\program files\iPod
2012-08-03 14:00 . 2012-08-03 14:01 -------- d-----w- c:\program files\iTunes
2012-08-03 13:55 . 2012-08-03 13:55 -------- d-----w- c:\program files\Bonjour
2012-08-03 13:55 . 2012-08-03 13:55 -------- d-----w- c:\program files (x86)\Bonjour
2012-08-02 17:06 . 2012-08-02 17:06 -------- d-----w- c:\users\Rick\AppData\Roaming\Malwarebytes
2012-08-02 17:03 . 2012-08-02 17:03 -------- d-----w- c:\programdata\Malwarebytes
2012-08-02 17:03 . 2012-08-02 17:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-02 17:03 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-02 12:27 . 2012-08-02 12:27 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-02 12:27 . 2012-08-02 12:28 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-29 19:23 . 2012-07-29 19:23 -------- d-----w- c:\users\Rick\AppData\Roaming\Flickr
2012-07-29 19:23 . 2012-07-29 19:23 -------- d-----w- c:\users\Rick\AppData\Local\Flickr
2012-07-29 19:22 . 2012-07-29 19:23 -------- d-----w- c:\program files (x86)\Flickr Uploadr
2012-07-29 13:33 . 2012-08-02 12:25 -------- d-----w- C:\$AVG
2012-07-29 13:12 . 2012-07-29 13:12 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-12 08:08 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 08:01 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-12 08:01 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 23:17 . 2012-03-29 10:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-02 23:17 . 2011-07-13 10:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 08:04 . 2010-05-26 14:55 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-09 05:43 . 2012-07-11 11:04 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 11:04 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 11:04 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 11:01 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 11:04 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 11:04 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 11:02 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 11:47 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:47 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 11:47 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:47 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 11:47 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 11:47 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 11:47 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-21 11:46 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-21 11:46 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 11:03 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 11:03 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 11:03 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 11:03 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 11:03 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 11:03 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 11:03 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 11:03 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 11:03 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-03-06 19:16 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-02 12:27 2086496 ----a-w- c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 02:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-08-02 2086496]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-03-06 87440]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"ContactKeeper Birthday reminder"="c:\program files (x86)\ContactKeeper\ContactKeeper.exe" [2008-01-04 860160]
"Easy Dock"="c:\users\Rick\Documents\RCA easyRip\EZDock.exe" [2011-08-12 585728]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"sbitunesagent"="c:\program files (x86)\Philips\Philips Songbird\songbirditunesagent.exe" [2011-11-16 266240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-02 1147488]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-09-25 560128]
.
c:\users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk.disabled [2010-5-19 1980]
LimeWire On Startup.lnk.disabled [2010-10-16 1865]
RCA Detective.lnk - c:\users\Rick\Documents\RCA Detective\RCADetective.exe [2012-1-23 868864]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Desktop Manager.lnk.disabled [2010-7-26 2012]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"BlackBerryAutoUpdate"=c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"<NO NAME>"=
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-07-26 1025352]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 84568]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 60504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-02 31080]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 253528]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 55384]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 94296]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-05-17 2804280]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-05-11 72280]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-08-02 830048]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2009-05-25 966144]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 84568]
S3 VIACRX64;VIACRX64;c:\windows\system32\DRIVERS\viacr64.sys [2010-05-10 82544]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-24 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 17:44]
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 23:17]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 16:52]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 16:52]
.
2012-08-04 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 23:17]
.
2012-08-09 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-08-10 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52]
.
2012-08-04 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52]
.
2012-07-30 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2010-05-29 20:31]
.
2010-07-08 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SDUpdate.exe [2010-05-29 20:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Linksys Wireless Manager"="c:\program files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-07-09 1366064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"SBRegRebootCleaner"="c:\program files (x86)\Ad-Aware Antivirus\Engine\SBRC.exe" [2011-05-17 197968]
"combofix"="c:\combofix\CF15351.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
FF - ProfilePath - c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\z6sxmaoi.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B53df7d87-0c97-4a62-a0bd-474c614748d2%7D&mid=a1b7d9edb0581287024df44b9f52c980-351f31d2ccd06ea5391faed251a2d45d3213f1b7&ds=AVG&v=12.1.0.21&lang=en&pr=fr&d=2012-08-02%2007%3A27%3A57&sap=ku&q=
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=axl&q=
FF - user.js: extensions.funmoods_i.id - bcafd950000000000000001ee5e3fb7f
FF - user.js: extensions.funmoods_i.instlDay - 15478
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.228:27
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.funmoods.hmpg - false
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtByCtB0DtCtC0B0DyEzz0DzyyDtDtN0D0TzutBtDtCtBtDyDtBtA&cr=863154621
FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtByCtB0DtCtC0B0DyEzz0DzyyDtDtN0D0TzutBtDtCtBtDyDtBtA&cr=863154621
FF - user.js: extensions.funmoods.tlbrSrchUrl -
FF - user.js: extensions.funmoods.id - bcafd950000000000000001ee5e3fb7f
FF - user.js: extensions.funmoods.instlDay - 15483
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-08-10 15:40:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-10 20:40
.
Pre-Run: 565,213,704,192 bytes free
Post-Run: 564,390,342,656 bytes free
.
- - End Of File - - 45A97CEAFC06A9395B428C43A01BA04B


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Rick at 15:50:59 on 2012-08-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2412 [GMT -5:00]
.
AV: Lavasoft Ad-Aware *Disabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Users\Rick\Documents\RCA Detective\RCADetective.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [ContactKeeper Birthday reminder] "C:\Program Files (x86)\ContactKeeper\ContactKeeper.exe" /Reminder
uRun: [Easy Dock] C:\Users\Rick\Documents\RCA easyRip\EZDock.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [sbitunesagent] C:\Program Files (x86)\Philips\Philips Songbird\songbirditunesagent.exe
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk.disabled
StartupFolder: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk.disabled
StartupFolder: C:\Users\Rick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RCADET~1.LNK - C:\Users\Rick\Documents\RCA Detective\RCADetective.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk.disabled
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{1208C354-97C5-4451-B68C-C2B2C45836B9} : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
TCP: Interfaces\{1208C354-97C5-4451-B68C-C2B2C45836B9}\2716265627E616478697 : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
TCP: Interfaces\{405F4969-1A06-4677-B746-974FA9DD6BA6} : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
TCP: Interfaces\{405F4969-1A06-4677-B746-974FA9DD6BA6}\C696E6B6379737 : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
TCP: Interfaces\{E2236717-3539-4EC4-ABDA-0B9D7560F5D3} : DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{E2236717-3539-4EC4-ABDA-0B9D7560F5D3}\2716265627E616478697 : DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{F4F2BF47-101D-46CA-9AFD-5CDCDBC9AE66} : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
TCP: Interfaces\{F4F2BF47-101D-46CA-9AFD-5CDCDBC9AE66}\C696E6B6379737 : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO-X64: Ad-Aware Security Toolbar - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UBNet\UBNet.lnk
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\z6sxmaoi.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B53df7d87-0c97-4a62-a0bd-474c614748d2%7D&mid=a1b7d9edb0581287024df44b9f52c980-351f31d2ccd06ea5391faed251a2d45d3213f1b7&ds=AVG&v=12.1.0.21&lang=en&pr=fr&d=2012-08-02%2007%3A27%3A57&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=axl&q=
FF - user.js: extensions.funmoods_i.id - bcafd950000000000000001ee5e3fb7f
FF - user.js: extensions.funmoods_i.instlDay - 15478
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.228:27:42
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.funmoods.hmpg - false
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtByCtB0DtCtC0B0DyEzz0DzyyDtDtN0D0TzutBtDtCtBtDyDtBtA&cr=863154621
FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtByCtB0DtCtC0B0DyEzz0DzyyDtDtN0D0TzutBtDtCtBtDyDtBtA&cr=863154621
FF - user.js: extensions.funmoods.tlbrSrchUrl -
FF - user.js: extensions.funmoods.id - bcafd950000000000000001ee5e3fb7f
FF - user.js: extensions.funmoods.instlDay - 15483
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-4-29 101720]
R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-2 655944]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-5-17 2804280]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-5-29 1153368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-1-21 1692480]
R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-8-2 830048]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
R3 VIACRX64;VIACRX64;C:\Windows\system32\DRIVERS\viacr64.sys --> C:\Windows\system32\DRIVERS\viacr64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-28 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 250056]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-2 1025352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-28 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-10 20:23:41 -------- d-----w- C:\$RECYCLE.BIN
2012-08-10 19:54:31 98816 ----a-w- C:\Windows\sed.exe
2012-08-10 19:54:31 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-10 19:54:31 256000 ----a-w- C:\Windows\PEV.exe
2012-08-10 19:54:31 208896 ----a-w- C:\Windows\MBR.exe
2012-08-05 17:33:38 -------- d-----w- C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-04 13:19:13 -------- d-----w- C:\Program Files\Enigma Software Group
2012-08-04 13:17:56 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-08-04 13:14:36 -------- d-----w- C:\Users\Rick\AppData\Local\Microsoft Help
2012-08-04 13:13:01 -------- d-----w- C:\Windows\System32\wbem\Logs
2012-08-04 12:55:35 -------- d-----w- C:\Users\Rick\AppData\Roaming\DriverCure
2012-08-04 12:55:34 -------- d-----w- C:\Users\Rick\AppData\Roaming\SpeedyPC Software
2012-08-04 12:55:17 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software
2012-08-04 12:55:13 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-08-04 12:55:13 -------- d-----w- C:\Program Files (x86)\SpeedyPC Software
2012-08-03 14:00:40 -------- d-----w- C:\Program Files\iPod
2012-08-03 14:00:38 -------- d-----w- C:\Program Files\iTunes
2012-08-03 13:55:27 -------- d-----w- C:\Program Files\Bonjour
2012-08-03 13:55:27 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-08-02 17:06:03 -------- d-----w- C:\Users\Rick\AppData\Roaming\Malwarebytes
2012-08-02 17:03:51 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-02 17:03:48 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-02 17:03:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-02 12:27:56 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-08-02 12:27:52 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-07-29 19:23:48 -------- d-----w- C:\Users\Rick\AppData\Roaming\Flickr
2012-07-29 19:23:48 -------- d-----w- C:\Users\Rick\AppData\Local\Flickr
2012-07-29 19:22:13 -------- d-----w- C:\Program Files (x86)\Flickr Uploadr
2012-07-29 13:33:16 -------- d-----w- C:\$AVG
2012-07-29 13:12:02 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-12 08:08:11 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2012-08-02 23:17:32 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-02 23:17:32 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 15:52:20.62 ===============

#8
screen317
Posted 12 August 2012 - 10:13 PM

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,465 posts
  • Gender:Male
  • Location:New Haven, CT
Hi,

I notice that you are using more than one antivirus program (Lavasoft and AVG). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

I see the Ask Toolbar in your log.

I strongly recommend you remove Ask Toolbar from your computer because:
  • It promotes its toolbars on sites targeted at kids.
  • It promotes its toolbars through ads that appear to be part of other companies' sites.
  • It promotes its toolbars through other companies' spyware.
  • It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  • It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
You can read more about Ask.com here

To remove it:

Click Start-->Control Panel-->Programs and Features
Click on the program name AskBarDis and/or Ask Toolbar to highlight it
From the menu at the top, select Uninstall or Remove.

Please reboot the computer.


Grab a fresh copy of ComboFix, run it, and post its log.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9
Rickaber
Posted 13 August 2012 - 02:19 PM

    New Member

  • Members
  • Pip
  • 10 posts
Sorry it took so long. Deleted 'ask tool bar'. I'M not a fan of tool bars they always come with strings attached.
Here is the new Combofix TXT file. The PC has quit poping up warnings. Had to reboot after combofix ran.

ComboFix 12-08-13.01 - Rick 08/13/2012 13:41:21.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2419 [GMT -5:00]
Running from: c:\users\Rick\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Aware *Disabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-13 18:53 . 2012-08-13 18:53 -------- d-----w- c:\users\MaRiAh\AppData\Local\temp
2012-08-13 18:53 . 2012-08-13 18:53 -------- d-----w- c:\users\Lisa\AppData\Local\temp
2012-08-13 18:53 . 2012-08-13 18:53 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-13 18:53 . 2012-08-13 18:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-13 13:31 . 2012-08-13 14:02 -------- d-----w- c:\users\Rick\AppData\Roaming\.minecraft
2012-08-05 18:18 . 2012-08-05 18:18 -------- d-----w- c:\users\Lisa\AppData\Local\AVG Secure Search
2012-08-05 17:33 . 2012-08-05 17:34 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-04 13:19 . 2012-08-04 13:19 -------- d-----w- c:\program files\Enigma Software Group
2012-08-04 13:17 . 2012-08-04 13:17 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-08-04 13:14 . 2012-08-04 13:14 -------- d-----w- c:\users\Rick\AppData\Local\Microsoft Help
2012-08-04 13:13 . 2012-08-04 13:13 -------- d-----w- c:\windows\system32\wbem\Logs
2012-08-04 12:55 . 2012-08-04 12:55 -------- d-----w- c:\users\Rick\AppData\Roaming\DriverCure
2012-08-04 12:55 . 2012-08-04 12:55 -------- d-----w- c:\users\Rick\AppData\Roaming\SpeedyPC Software
2012-08-04 12:55 . 2012-08-04 12:55 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2012-08-04 12:55 . 2012-08-04 12:55 -------- d-----w- c:\programdata\SpeedyPC Software
2012-08-04 12:55 . 2012-08-04 12:55 -------- d-----w- c:\program files (x86)\SpeedyPC Software
2012-08-03 14:00 . 2012-08-03 14:00 -------- d-----w- c:\program files\iPod
2012-08-03 14:00 . 2012-08-03 14:01 -------- d-----w- c:\program files\iTunes
2012-08-03 13:55 . 2012-08-03 13:55 -------- d-----w- c:\program files\Bonjour
2012-08-03 13:55 . 2012-08-03 13:55 -------- d-----w- c:\program files (x86)\Bonjour
2012-08-02 17:06 . 2012-08-02 17:06 -------- d-----w- c:\users\Rick\AppData\Roaming\Malwarebytes
2012-08-02 17:03 . 2012-08-02 17:03 -------- d-----w- c:\programdata\Malwarebytes
2012-08-02 17:03 . 2012-08-02 17:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-02 17:03 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-02 12:27 . 2012-08-02 12:27 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-02 12:27 . 2012-08-02 12:28 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-29 19:23 . 2012-07-29 19:23 -------- d-----w- c:\users\Rick\AppData\Roaming\Flickr
2012-07-29 19:23 . 2012-07-29 19:23 -------- d-----w- c:\users\Rick\AppData\Local\Flickr
2012-07-29 19:22 . 2012-07-29 19:23 -------- d-----w- c:\program files (x86)\Flickr Uploadr
2012-07-29 13:33 . 2012-08-02 12:25 -------- d-----w- C:\$AVG
2012-07-29 13:12 . 2012-07-29 13:12 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 23:17 . 2012-03-29 10:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-02 23:17 . 2011-07-13 10:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 08:04 . 2010-05-26 14:55 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-12 08:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 11:04 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 11:04 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 11:04 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 11:01 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 11:04 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 11:04 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 11:02 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 11:47 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:47 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 11:47 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:47 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 11:47 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 11:47 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 11:47 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-21 11:46 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-21 11:46 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-12 08:01 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 08:01 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 08:02 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 08:02 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 08:02 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 08:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 08:02 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 08:02 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 08:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 08:02 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 08:02 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 08:02 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 08:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 08:02 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 08:02 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 08:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 08:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 08:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 08:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 11:03 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 11:03 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 11:03 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 11:03 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 11:03 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 11:03 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 11:03 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 11:03 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 11:03 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-10_20.23.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-21 10:28 . 2012-08-13 18:56 69850 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-13 18:56 46364 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-19 19:06 . 2012-08-13 18:56 22292 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1225534422-883377268-376103282-1000_UserData.bin
+ 2010-05-19 18:55 . 2012-08-12 11:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-19 18:55 . 2012-08-05 18:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-19 18:55 . 2012-08-12 11:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-19 18:55 . 2012-08-05 18:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-12 11:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-05 18:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-16 06:06 . 2012-08-13 18:36 3434 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-08-10 20:23 . 2012-08-10 20:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-13 18:54 . 2012-08-13 18:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-13 18:54 . 2012-08-13 18:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-10 20:23 . 2012-08-10 20:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-08-10 20:23 344064 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-13 18:54 344064 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-20 02:55 . 2012-08-12 22:08 375344 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-08-13 18:43 626778 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-10 20:07 626778 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-13 18:43 107752 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-10 20:07 107752 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-08-10 20:22 354888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-13 18:53 354888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-10-18 01:33 . 2012-08-05 17:28 821860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1225534422-883377268-376103282-1000-12288.dat
+ 2011-10-18 01:33 . 2012-08-12 01:41 821860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1225534422-883377268-376103282-1000-12288.dat
+ 2009-07-14 04:54 . 2012-08-13 18:54 3489792 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-10 20:23 3489792 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-10 20:23 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-13 18:54 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-20 16:07 . 2012-08-13 18:53 54350780 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1225534422-883377268-376103282-1000-8192.dat
- 2011-04-20 16:07 . 2012-08-10 20:22 11536584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2011-04-20 16:07 . 2012-08-13 18:53 11536584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-03-06 19:16 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-02 12:27 2086496 ----a-w- c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-08-02 2086496]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-03-06 87440]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"ContactKeeper Birthday reminder"="c:\program files (x86)\ContactKeeper\ContactKeeper.exe" [2008-01-04 860160]
"Easy Dock"="c:\users\Rick\Documents\RCA easyRip\EZDock.exe" [2011-08-12 585728]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"sbitunesagent"="c:\program files (x86)\Philips\Philips Songbird\songbirditunesagent.exe" [2011-11-16 266240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-02 1147488]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-09-25 560128]
.
c:\users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk.disabled [2010-5-19 1980]
LimeWire On Startup.lnk.disabled [2010-10-16 1865]
RCA Detective.lnk - c:\users\Rick\Documents\RCA Detective\RCADetective.exe [2012-1-23 868864]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Desktop Manager.lnk.disabled [2010-7-26 2012]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"BlackBerryAutoUpdate"=c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"<NO NAME>"=
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-07-26 1025352]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 84568]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 60504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-02 31080]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 253528]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 55384]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 94296]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-05-17 2804280]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-05-11 72280]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-08-02 830048]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2009-05-25 966144]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 84568]
S3 VIACRX64;VIACRX64;c:\windows\system32\DRIVERS\viacr64.sys [2010-05-10 82544]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-24 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 17:44]
.
2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 23:17]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 16:52]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 16:52]
.
2012-08-04 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 23:17]
.
2012-08-12 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-08-13 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52]
.
2012-08-04 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52]
.
2012-07-30 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2010-05-29 20:31]
.
2010-07-08 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SDUpdate.exe [2010-05-29 20:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Linksys Wireless Manager"="c:\program files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-07-09 1366064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"SBRegRebootCleaner"="c:\program files (x86)\Ad-Aware Antivirus\Engine\SBRC.exe" [2011-05-17 197968]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
FF - ProfilePath - c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\z6sxmaoi.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B53df7d87-0c97-4a62-a0bd-474c614748d2%7D&mid=a1b7d9edb0581287024df44b9f52c980-351f31d2ccd06ea5391faed251a2d45d3213f1b7&ds=AVG&v=12.1.0.21&lang=en&pr=fr&d=2012-08-02%2007%3A27%3A57&sap=ku&q=
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=axl&q=
FF - user.js: extensions.funmoods_i.id - bcafd950000000000000001ee5e3fb7f
FF - user.js: extensions.funmoods_i.instlDay - 15478
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.228:27
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.funmoods.hmpg - false
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtByCtB0DtCtC0B0DyEzz0DzyyDtDtN0D0TzutBtDtCtBtDyDtBtA&cr=863154621
FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtByCtB0DtCtC0B0DyEzz0DzyyDtDtN0D0TzutBtDtCtBtDyDtBtA&cr=863154621
FF - user.js: extensions.funmoods.tlbrSrchUrl -
FF - user.js: extensions.funmoods.id - bcafd950000000000000001ee5e3fb7f
FF - user.js: extensions.funmoods.instlDay - 15483
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-08-13 14:11:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-13 19:11
ComboFix2.txt 2012-08-10 20:40
.
Pre-Run: 561,969,410,048 bytes free
Post-Run: 561,654,755,328 bytes free
.
- - End Of File - - 074565B2BF0D7D2CC6E4FE4B88859E4F

#10
screen317
Posted 15 August 2012 - 12:18 AM

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,465 posts
  • Gender:Male
  • Location:New Haven, CT
Hi,

Did you see the part about your antivirus software?

Run TFC by OldTimer to clear temporary files:
  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.



  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).
The log is like UtilityName.Version_Date_Time_log.txt.
for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.



Next, please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Export the threats found (if any), and post them here.


Next, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.



Next, download my Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#11
Rickaber
Posted 15 August 2012 - 07:44 AM

    New Member

  • Members
  • Pip
  • 10 posts
Ok will get these tun today. Right now the pc is running good, no warnings or redirects. I have AVG turned off because itt was interfearing with one of the utilities I ran. Will post results later today. Need more coffee first. Thank you, Rick

#12
Rickaber
Posted 15 August 2012 - 10:19 AM

    New Member

  • Members
  • Pip
  • 10 posts
Here are the logs you requested. I couldn't get ESET Online Scanner to run. I used IE and tried several times. After I pressed start it just went blank, I waited several minutes but it didn't respond. Rick

# AdwCleaner v1.801 - Logfile created 08/15/2012 at 09:40:42
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Rick - RICK-PC
# Boot Mode : Normal
# Running from : C:\Users\Rick\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Rick\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Rick\AppData\Local\Ilivid Player
Folder Found : C:\Users\Lisa\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Rick\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Rick\AppData\LocalLow\Funmoods
Folder Found : C:\Users\Rick\AppData\LocalLow\searchquband
Folder Found : C:\Users\Lisa\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Rick\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\z6sxmaoi.default\ConduitCommon
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\WeCareReminder
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Funmoods
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
File Found : C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\z6sxmaoi.default\searchplugins\Askcom.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\user.js

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Funmoods
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Funmoods
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[x64] Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
[x64] Key Found : HKCU\Software\AVG Secure Search
[x64] Key Found : HKCU\Software\Funmoods
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
[x64] Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[x64] Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\z6sxmaoi.default\prefs.js

Found : user_pref("CT3003485..clientLogIsEnabled", true);
Found : user_pref("CT3003485..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT3003485..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT3003485.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT3003485.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT3003485.BrowserCompStateIsOpen_1000515", true);
Found : user_pref("CT3003485.BrowserCompStateIsOpen_129575137568133121", true);
Found : user_pref("CT3003485.CT3003485", "CT3003485");
Found : user_pref("CT3003485.CurrentServerDate", "9-12-2011");
Found : user_pref("CT3003485.DSInstall", false);
Found : user_pref("CT3003485.DialogsAlignMode", "LTR");
Found : user_pref("CT3003485.DialogsGetterLastCheckTime", "Wed Dec 07 2011 09:55:57 GMT-0600 (Central Standa[...]
Found : user_pref("CT3003485.DownloadReferralCookieData", "");
Found : user_pref("CT3003485.ExternalComponentPollDate129491538130487928", "Fri Dec 09 2011 10:35:41 GMT-060[...]
Found : user_pref("CT3003485.FirstServerDate", "1-12-2011");
Found : user_pref("CT3003485.FirstTime", true);
Found : user_pref("CT3003485.FirstTimeFF3", true);
Found : user_pref("CT3003485.FixPageNotFoundErrors", false);
Found : user_pref("CT3003485.GroupingServerCheckInterval", 1440);
Found : user_pref("CT3003485.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT3003485.HPInstall", false);
Found : user_pref("CT3003485.HasUserGlobalKeys", true);
Found : user_pref("CT3003485.Initialize", true);
Found : user_pref("CT3003485.InitializeCommonPrefs", true);
Found : user_pref("CT3003485.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT3003485.InstallationType", "Unknown");
Found : user_pref("CT3003485.InstalledDate", "Wed Nov 30 2011 16:40:15 GMT-0600 (Central Standard Time)");
Found : user_pref("CT3003485.InvalidateCache", false);
Found : user_pref("CT3003485.IsAlertDBUpdated", true);
Found : user_pref("CT3003485.IsGrouping", false);
Found : user_pref("CT3003485.IsInitSetupIni", true);
Found : user_pref("CT3003485.IsMulticommunity", false);
Found : user_pref("CT3003485.IsOpenThankYouPage", true);
Found : user_pref("CT3003485.IsOpenUninstallPage", true);
Found : user_pref("CT3003485.IsProtectorsInit", true);
Found : user_pref("CT3003485.LanguagePackLastCheckTime", "Fri Dec 09 2011 11:51:47 GMT-0600 (Central Standar[...]
Found : user_pref("CT3003485.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT3003485.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT3003485.LastLogin_3.8.1.0", "Fri Dec 09 2011 11:40:54 GMT-0600 (Central Standard Time)"[...]
Found : user_pref("CT3003485.LatestVersion", "3.8.1.0");
Found : user_pref("CT3003485.Locale", "en");
Found : user_pref("CT3003485.MCDetectTooltipHeight", "83");
Found : user_pref("CT3003485.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT3003485.MCDetectTooltipWidth", "295");
Found : user_pref("CT3003485.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT3003485.OriginalFirstVersion", "3.8.1.0");
Found : user_pref("CT3003485.RadioIsPodcast", false);
Found : user_pref("CT3003485.RadioLastCheckTime", "Fri Dec 09 2011 11:52:11 GMT-0600 (Central Standard Time)[...]
Found : user_pref("CT3003485.RadioLastUpdateIPServer", "3");
Found : user_pref("CT3003485.RadioLastUpdateServer", "3");
Found : user_pref("CT3003485.RadioMediaID", "9962");
Found : user_pref("CT3003485.RadioMediaType", "Media Player");
Found : user_pref("CT3003485.RadioMenuSelectedID", "EBRadioMenu_CT30034859962");
Found : user_pref("CT3003485.RadioShrinkedFromSetup", false);
Found : user_pref("CT3003485.RadioStationName", "California%20Rock");
Found : user_pref("CT3003485.RadioStationURL", "hxxp://feedlive.net/california.asx");
Found : user_pref("CT3003485.SearchCaption", "Mapit Customized Web Search");
Found : user_pref("CT3003485.SearchEngineBeforeUnload", "AVG Secure Search");
Found : user_pref("CT3003485.SearchFromAddressBarIsInit", true);
Found : user_pref("CT3003485.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT300[...]
Found : user_pref("CT3003485.SearchInNewTabEnabled", true);
Found : user_pref("CT3003485.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT3003485.SearchInNewTabLastCheckTime", "Fri Dec 09 2011 11:51:46 GMT-0600 (Central Stand[...]
Found : user_pref("CT3003485.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT3003485.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT3003485.SearchProtectorEnabled", false);
Found : user_pref("CT3003485.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT3003485.SendProtectorDataViaLogin", true);
Found : user_pref("CT3003485.ServiceMapLastCheckTime", "Fri Dec 09 2011 11:51:48 GMT-0600 (Central Standard [...]
Found : user_pref("CT3003485.SettingsLastCheckTime", "Fri Dec 09 2011 10:35:41 GMT-0600 (Central Standard Ti[...]
Found : user_pref("CT3003485.SettingsLastUpdate", "1322750667");
Found : user_pref("CT3003485.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3003485&SearchSource=13");
Found : user_pref("CT3003485.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT3003485.ThirdPartyComponentsLastCheck", "Wed Nov 30 2011 16:40:11 GMT-0600 (Central Sta[...]
Found : user_pref("CT3003485.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT3003485.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT3003485.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3003485");
Found : user_pref("CT3003485.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT3003485.UserID", "UN89057222319340485");
Found : user_pref("CT3003485.ValidationData_Search", 2);
Found : user_pref("CT3003485.ValidationData_Toolbar", 2);
Found : user_pref("CT3003485.alertChannelId", "1395219");
Found : user_pref("CT3003485.backendstorage.cb_firstuse0100", "31");
Found : user_pref("CT3003485.backendstorage.cbfirsttime", "576564204E6F7620333020323031312031363A34303A31382[...]
Found : user_pref("CT3003485.backendstorage.url_history", "687474703A2F2F776F6F64776F726B65722E636F6D2F66756[...]
Found : user_pref("CT3003485.backendstorage.url_history_time", "31333233343433393533323135");
Found : user_pref("CT3003485.components.1000515", true);
Found : user_pref("CT3003485.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT3003485.globalFirstTimeInfoLastCheckTime", "Fri Dec 09 2011 11:40:54 GMT-0600 (Central [...]
Found : user_pref("CT3003485.homepageProtectorEnableByLogin", true);
Found : user_pref("CT3003485.initDone", true);
Found : user_pref("CT3003485.isAppTrackingManagerOn", true);
Found : user_pref("CT3003485.isFirstRadioInstallation", false);
Found : user_pref("CT3003485.myStuffEnabled", true);
Found : user_pref("CT3003485.myStuffPublihserMinWidth", 400);
Found : user_pref("CT3003485.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT3003485.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT3003485.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT3003485.oldAppsList", "129491538127987918,129491538128456672,111,129491538128612923,129[...]
Found : user_pref("CT3003485.revertSettingsEnabled", false);
Found : user_pref("CT3003485.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT3003485.searchProtectorEnableByLogin", true);
Found : user_pref("CT3003485.testingCtid", "");
Found : user_pref("CT3003485.toolbarAppMetaDataLastCheckTime", "Fri Dec 09 2011 11:51:47 GMT-0600 (Central S[...]
Found : user_pref("CT3003485.toolbarContextMenuLastCheckTime", "Wed Nov 30 2011 16:40:15 GMT-0600 (Central S[...]
Found : user_pref("CT3003485.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3003485/CT3003485[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3209604/CT3209604[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1395219/1390878/US", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1631618/1624709/US", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3003485", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3209604", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3003485",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3209604",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3003485&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"21b[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Rick\\AppData\\Roaming\\Mozilla\\Fi[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.avg.com/route/?d=4cb3494d&[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT3003485");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3003485");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3003485");
Found : user_pref("CommunityToolbar.globalUserId", "99e8c163-bae6-42fb-81e2-cb06e75836ab");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jun 25 2012 07:20:4[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jun 25 2012 07:21:26 GMT-050[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jun 25 2012 07:20:39 GMT-0500 (C[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "bbb95877-7c1c-431d-a377-fdf949297c68");
Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://my.yahoo.com/");
Found : user_pref("CommunityToolbar.originalSearchEngine", "AVG Secure Search");
Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.1.0.21");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("extensions.funmoods.admin", false);
Found : user_pref("extensions.funmoods.aflt", "axl");
Found : user_pref("extensions.funmoods.autoRvrt", false);
Found : user_pref("extensions.funmoods.cntry", "US");
Found : user_pref("extensions.funmoods.cv", "cv5");
Found : user_pref("extensions.funmoods.dfltLng", "");
Found : user_pref("extensions.funmoods.dfltSrch", false);
Found : user_pref("extensions.funmoods.dnsErr", true);
Found : user_pref("extensions.funmoods.envrmnt", "production");
Found : user_pref("extensions.funmoods.excTlbr", false);
Found : user_pref("extensions.funmoods.hdrMd5", "B2EEE89EC35CBF9CB763491CF684507B");
Found : user_pref("extensions.funmoods.hmpg", false);
Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2[...]
Found : user_pref("extensions.funmoods.id", "bcafd950000000000000001ee5e3fb7f");
Found : user_pref("extensions.funmoods.instlDay", "15483");
Found : user_pref("extensions.funmoods.instlRef", "axl");
Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.228:27:42");
Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Found : user_pref("extensions.funmoods.newTab", false);
Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAt[...]
Found : user_pref("extensions.funmoods.noFFXTlbr", false);
Found : user_pref("extensions.funmoods.prdct", "funmoods");
Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods.sg", "none");
Found : user_pref("extensions.funmoods.smplGrp", "none");
Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
Found : user_pref("extensions.funmoods.tlbrId", "base");
Found : user_pref("extensions.funmoods.tlbrSrchUrl", "");
Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.228:27:42");
Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Found : user_pref("extensions.funmoods_i.aflt", "axl");
Found : user_pref("extensions.funmoods_i.dfltLng", "");
Found : user_pref("extensions.funmoods_i.excTlbr", false);
Found : user_pref("extensions.funmoods_i.id", "bcafd950000000000000001ee5e3fb7f");
Found : user_pref("extensions.funmoods_i.instlDay", "15478");
Found : user_pref("extensions.funmoods_i.instlRef", "");
Found : user_pref("extensions.funmoods_i.newTab", false);
Found : user_pref("extensions.funmoods_i.prdct", "funmoods");
Found : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Found : user_pref("extensions.funmoods_i.tlbrId", "base");
Found : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=axl&q=")[...]
Found : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.228:27:42");
Found : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");
Found : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7B53df7d87-0c97-4a62-a0bd-474c614748d2[...]

Profile name : default
File : C:\Users\MaRiAh\AppData\Roaming\Mozilla\Firefox\Profiles\fazsdtkx.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");

Profile name : default
File : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\0c9zwr06.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.selectedEngine", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.avg.com/route/?d=4cb3494d&v=7.0[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

#13
Rickaber
Posted 15 August 2012 - 10:22 AM

    New Member

  • Members
  • Pip
  • 10 posts
Post was too long. Here are rest of logs

09:17:48.0759 1108 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
09:17:49.0087 1108 ============================================================
09:17:49.0087 1108 Current date / time: 2012/08/15 09:17:49.0087
09:17:49.0087 1108 SystemInfo:
09:17:49.0087 1108
09:17:49.0087 1108 OS Version: 6.1.7601 ServicePack: 1.0
09:17:49.0087 1108 Product type: Workstation
09:17:49.0087 1108 ComputerName: RICK-PC
09:17:49.0087 1108 UserName: Rick
09:17:49.0087 1108 Windows directory: C:\Windows
09:17:49.0087 1108 System windows directory: C:\Windows
09:17:49.0087 1108 Running under WOW64
09:17:49.0087 1108 Processor architecture: Intel x64
09:17:49.0087 1108 Number of processors: 2
09:17:49.0087 1108 Page size: 0x1000
09:17:49.0087 1108 Boot type: Normal boot
09:17:49.0087 1108 ============================================================
09:17:49.0898 1108 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:17:49.0914 1108 ============================================================
09:17:49.0914 1108 \Device\Harddisk0\DR0:
09:17:49.0914 1108 MBR partitions:
09:17:49.0914 1108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
09:17:49.0914 1108 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x48AF7AB0
09:17:49.0914 1108 ============================================================
09:17:49.0929 1108 C: <-> \Device\Harddisk0\DR0\Partition2
09:17:49.0929 1108 ============================================================
09:17:49.0929 1108 Initialize success
09:17:49.0929 1108 ============================================================
09:17:55.0608 3916 ============================================================
09:17:55.0608 3916 Scan started
09:17:55.0608 3916 Mode: Manual;
09:17:55.0608 3916 ============================================================
09:17:56.0669 3916 ================ Scan services =============================
09:17:56.0793 3916 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:17:56.0809 3916 1394ohci - ok
09:17:56.0825 3916 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:17:56.0825 3916 ACPI - ok
09:17:56.0856 3916 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:17:56.0856 3916 AcpiPmi - ok
09:17:56.0934 3916 [ fb182ad520910442abf146bb325de79b ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
09:17:56.0934 3916 Ad-Aware Service - ok
09:17:57.0012 3916 [ 11a52cf7b265631deeb24c6149309eff ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:17:57.0012 3916 AdobeARMservice - ok
09:17:57.0137 3916 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:17:57.0137 3916 AdobeFlashPlayerUpdateSvc - ok
09:17:57.0199 3916 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:17:57.0199 3916 adp94xx - ok
09:17:57.0215 3916 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:17:57.0215 3916 adpahci - ok
09:17:57.0230 3916 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:17:57.0246 3916 adpu320 - ok
09:17:57.0261 3916 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:17:57.0261 3916 AeLookupSvc - ok
09:17:57.0293 3916 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:17:57.0293 3916 AFD - ok
09:17:57.0324 3916 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:17:57.0324 3916 agp440 - ok
09:17:57.0339 3916 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
09:17:57.0339 3916 ALG - ok
09:17:57.0371 3916 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:17:57.0371 3916 aliide - ok
09:17:57.0386 3916 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
09:17:57.0386 3916 amdide - ok
09:17:57.0402 3916 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:17:57.0402 3916 AmdK8 - ok
09:17:57.0417 3916 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:17:57.0417 3916 AmdPPM - ok
09:17:57.0433 3916 [ 6ec6d772eae38dc17c14aed9b178d24b ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:17:57.0433 3916 amdsata - ok
09:17:57.0464 3916 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:17:57.0464 3916 amdsbs - ok
09:17:57.0480 3916 [ 1142a21db581a84ea5597b03a26ebaa0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:17:57.0480 3916 amdxata - ok
09:17:57.0511 3916 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
09:17:57.0511 3916 AppID - ok
09:17:57.0527 3916 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:17:57.0527 3916 AppIDSvc - ok
09:17:57.0558 3916 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:17:57.0558 3916 Appinfo - ok
09:17:57.0605 3916 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:17:57.0605 3916 Apple Mobile Device - ok
09:17:57.0636 3916 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
09:17:57.0636 3916 arc - ok
09:17:57.0651 3916 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:17:57.0651 3916 arcsas - ok
09:17:57.0667 3916 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:17:57.0667 3916 AsyncMac - ok
09:17:57.0698 3916 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
09:17:57.0698 3916 atapi - ok
09:17:57.0729 3916 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:17:57.0729 3916 AudioEndpointBuilder - ok
09:17:57.0761 3916 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:17:57.0761 3916 AudioSrv - ok
09:17:57.0854 3916 [ 080d4fe1435401a370f122614ea514cd ] AVG Security Toolbar Service C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
09:17:57.0870 3916 AVG Security Toolbar Service - ok
09:17:58.0026 3916 [ d67719bcfde5798f5c30d14efed3bcaf ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
09:17:58.0057 3916 AVGIDSAgent - ok
09:17:58.0104 3916 [ 1b2e9fcdc26dc7c81d4131430e2dc936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
09:17:58.0104 3916 AVGIDSDriver - ok
09:17:58.0135 3916 [ 0f293406f64b48d5d2f0d3a1117f3a83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
09:17:58.0135 3916 AVGIDSFilter - ok
09:17:58.0182 3916 [ cffc3a4a638f462e0561cb368b9a7a3a ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
09:17:58.0182 3916 AVGIDSHA - ok
09:17:58.0197 3916 [ 59955b4c288dd2a8b9fd2cd5158355c5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
09:17:58.0213 3916 Avgldx64 - ok
09:17:58.0229 3916 [ a6aec362aae5e2dda7445e7690cb0f33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
09:17:58.0229 3916 Avgmfx64 - ok
09:17:58.0244 3916 [ 645c7f0a0e39758a0024a9b1748273c0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
09:17:58.0244 3916 Avgrkx64 - ok
09:17:58.0275 3916 [ 1bee674ad792b1c63bb0dac5fa724b23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
09:17:58.0275 3916 Avgtdia - ok
09:17:58.0307 3916 [ e1b8ec60c85a266cb604cd46921606b4 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
09:17:58.0307 3916 avgtp - ok
09:17:58.0322 3916 [ ea1145debcd508fd25bd1e95c4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
09:17:58.0322 3916 avgwd - ok
09:17:58.0369 3916 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:17:58.0369 3916 AxInstSV - ok
09:17:58.0400 3916 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:17:58.0400 3916 b06bdrv - ok
09:17:58.0431 3916 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:17:58.0431 3916 b57nd60a - ok
09:17:58.0463 3916 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:17:58.0463 3916 BDESVC - ok
09:17:58.0478 3916 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:17:58.0478 3916 Beep - ok
09:17:58.0509 3916 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
09:17:58.0509 3916 BFE - ok
09:17:58.0541 3916 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:17:58.0541 3916 blbdrive - ok
09:17:58.0665 3916 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:17:58.0665 3916 Bonjour Service - ok
09:17:58.0697 3916 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:17:58.0697 3916 bowser - ok
09:17:58.0712 3916 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:17:58.0712 3916 BrFiltLo - ok
09:17:58.0728 3916 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:17:58.0728 3916 BrFiltUp - ok
09:17:58.0743 3916 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
09:17:58.0743 3916 BridgeMP - ok
09:17:58.0775 3916 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll
09:17:58.0775 3916 Browser - ok
09:17:58.0790 3916 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:17:58.0790 3916 Brserid - ok
09:17:58.0821 3916 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:17:58.0821 3916 BrSerWdm - ok
09:17:58.0821 3916 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:17:58.0821 3916 BrUsbMdm - ok
09:17:58.0837 3916 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:17:58.0837 3916 BrUsbSer - ok
09:17:58.0853 3916 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:17:58.0853 3916 BTHMODEM - ok
09:17:58.0884 3916 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
09:17:58.0884 3916 bthserv - ok
09:17:58.0899 3916 catchme - ok
09:17:58.0915 3916 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:17:58.0915 3916 cdfs - ok
09:17:58.0946 3916 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
09:17:58.0946 3916 cdrom - ok
09:17:58.0977 3916 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
09:17:58.0977 3916 CertPropSvc - ok
09:17:58.0993 3916 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:17:58.0993 3916 circlass - ok
09:17:59.0009 3916 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
09:17:59.0009 3916 CLFS - ok
09:17:59.0133 3916 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:17:59.0133 3916 clr_optimization_v2.0.50727_32 - ok
09:17:59.0180 3916 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:17:59.0180 3916 clr_optimization_v2.0.50727_64 - ok
09:17:59.0227 3916 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:17:59.0227 3916 clr_optimization_v4.0.30319_32 - ok
09:17:59.0258 3916 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:17:59.0258 3916 clr_optimization_v4.0.30319_64 - ok
09:17:59.0274 3916 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:17:59.0274 3916 CmBatt - ok
09:17:59.0305 3916 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:17:59.0305 3916 cmdide - ok
09:17:59.0321 3916 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
09:17:59.0336 3916 CNG - ok
09:17:59.0430 3916 [ cb0e01a5a433b5bcc6f760e01ca9cd8b ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
09:17:59.0445 3916 CnxtHdAudService - ok
09:17:59.0461 3916 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:17:59.0461 3916 Compbatt - ok
09:17:59.0492 3916 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:17:59.0492 3916 CompositeBus - ok
09:17:59.0492 3916 COMSysApp - ok
09:17:59.0508 3916 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:17:59.0508 3916 crcdisk - ok
09:17:59.0539 3916 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:17:59.0539 3916 CryptSvc - ok
09:17:59.0617 3916 [ ed5cf92396a62f4c15110dcdb5e854d9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
09:17:59.0617 3916 CtClsFlt - ok
09:17:59.0664 3916 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:17:59.0664 3916 DcomLaunch - ok
09:17:59.0695 3916 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
09:17:59.0695 3916 defragsvc - ok
09:17:59.0726 3916 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:17:59.0726 3916 DfsC - ok
09:17:59.0773 3916 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
09:17:59.0773 3916 Dhcp - ok
09:17:59.0789 3916 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
09:17:59.0789 3916 discache - ok
09:17:59.0804 3916 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:17:59.0804 3916 Disk - ok
09:17:59.0835 3916 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:17:59.0835 3916 Dnscache - ok
09:17:59.0882 3916 [ 0840abbbdf438691ee65a20040635cbe ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
09:17:59.0898 3916 DockLoginService - ok
09:17:59.0913 3916 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:17:59.0913 3916 dot3svc - ok
09:17:59.0945 3916 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
09:17:59.0945 3916 DPS - ok
09:17:59.0976 3916 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:17:59.0976 3916 drmkaud - ok
09:18:00.0023 3916 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:18:00.0023 3916 DXGKrnl - ok
09:18:00.0038 3916 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:18:00.0038 3916 EapHost - ok
09:18:00.0163 3916 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:18:00.0179 3916 ebdrv - ok
09:18:00.0210 3916 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
09:18:00.0210 3916 EFS - ok
09:18:00.0272 3916 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:18:00.0272 3916 ehRecvr - ok
09:18:00.0303 3916 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
09:18:00.0303 3916 ehSched - ok
09:18:00.0381 3916 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:18:00.0381 3916 elxstor - ok
09:18:00.0413 3916 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:18:00.0413 3916 ErrDev - ok
09:18:00.0459 3916 esgiguard - ok
09:18:00.0491 3916 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
09:18:00.0491 3916 EventSystem - ok
09:18:00.0537 3916 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
09:18:00.0537 3916 exfat - ok
09:18:00.0569 3916 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:18:00.0569 3916 fastfat - ok
09:18:00.0631 3916 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
09:18:00.0647 3916 Fax - ok
09:18:00.0662 3916 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:18:00.0662 3916 fdc - ok
09:18:00.0678 3916 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:18:00.0678 3916 fdPHost - ok
09:18:00.0693 3916 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:18:00.0693 3916 FDResPub - ok
09:18:00.0709 3916 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:18:00.0709 3916 FileInfo - ok
09:18:00.0725 3916 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:18:00.0725 3916 Filetrace - ok
09:18:00.0740 3916 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:18:00.0740 3916 flpydisk - ok
09:18:00.0771 3916 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:18:00.0771 3916 FltMgr - ok
09:18:00.0818 3916 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
09:18:00.0818 3916 FontCache - ok
09:18:00.0849 3916 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:18:00.0849 3916 FontCache3.0.0.0 - ok
09:18:00.0865 3916 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:18:00.0865 3916 FsDepends - ok
09:18:00.0881 3916 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:18:00.0881 3916 Fs_Rec - ok
09:18:00.0912 3916 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:18:00.0912 3916 fvevol - ok
09:18:00.0927 3916 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:18:00.0927 3916 gagp30kx - ok
09:18:00.0959 3916 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:18:00.0959 3916 GEARAspiWDM - ok
09:18:00.0974 3916 [ d3316f6e3c011435f36e3d6e49b3196c ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
09:18:00.0974 3916 GoToAssist - ok
09:18:01.0021 3916 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
09:18:01.0021 3916 gpsvc - ok
09:18:01.0083 3916 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:18:01.0083 3916 gupdate - ok
09:18:01.0130 3916 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:18:01.0130 3916 gupdatem - ok
09:18:01.0146 3916 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:18:01.0146 3916 hcw85cir - ok
09:18:01.0177 3916 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:18:01.0177 3916 HDAudBus - ok
09:18:01.0193 3916 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:18:01.0193 3916 HidBatt - ok
09:18:01.0208 3916 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:18:01.0208 3916 HidBth - ok
09:18:01.0224 3916 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:18:01.0224 3916 HidIr - ok
09:18:01.0239 3916 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
09:18:01.0239 3916 hidserv - ok
09:18:01.0271 3916 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:18:01.0271 3916 HidUsb - ok
09:18:01.0286 3916 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:18:01.0286 3916 hkmsvc - ok
09:18:01.0317 3916 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:18:01.0317 3916 HomeGroupListener - ok
09:18:01.0333 3916 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:18:01.0349 3916 HomeGroupProvider - ok
09:18:01.0364 3916 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:18:01.0364 3916 HpSAMD - ok
09:18:01.0411 3916 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:18:01.0411 3916 HTTP - ok
09:18:01.0442 3916 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:18:01.0442 3916 hwpolicy - ok
09:18:01.0473 3916 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:18:01.0473 3916 i8042prt - ok
09:18:01.0505 3916 [ 3df4395a7cf8b7a72a5f4606366b8c2d ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:18:01.0505 3916 iaStorV - ok
09:18:01.0551 3916 [ 6f95324909b502e2651442c1548ab12f ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
09:18:01.0551 3916 IDriverT - ok
09:18:01.0645 3916 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:18:01.0645 3916 idsvc - ok
09:18:01.0832 3916 [ 677aa5991026a65ada128c4b59cf2bad ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:18:01.0895 3916 igfx - ok
09:18:01.0926 3916 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:18:01.0926 3916 iirsp - ok
09:18:01.0988 3916 [ ad5df6f4fbbc798636edc66bfec7d0de ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
09:18:01.0988 3916 IJPLMSVC - ok
09:18:02.0019 3916 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
09:18:02.0035 3916 IKEEXT - ok
09:18:02.0035 3916 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
09:18:02.0035 3916 intelide - ok
09:18:02.0066 3916 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:18:02.0066 3916 intelppm - ok
09:18:02.0129 3916 [ 3dc635b66dd7412e1c9c3a77b8d78f25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
09:18:02.0129 3916 IntuitUpdateService - ok
09:18:02.0160 3916 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:18:02.0160 3916 IPBusEnum - ok
09:18:02.0191 3916 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:18:02.0191 3916 IpFilterDriver - ok
09:18:02.0238 3916 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:18:02.0238 3916 iphlpsvc - ok
09:18:02.0269 3916 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:18:02.0269 3916 IPMIDRV - ok
09:18:02.0269 3916 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:18:02.0269 3916 IPNAT - ok
09:18:02.0331 3916 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:18:02.0331 3916 iPod Service - ok
09:18:02.0347 3916 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:18:02.0347 3916 IRENUM - ok
09:18:02.0363 3916 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:18:02.0363 3916 isapnp - ok
09:18:02.0394 3916 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:18:02.0394 3916 iScsiPrt - ok
09:18:02.0425 3916 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:18:02.0425 3916 kbdclass - ok
09:18:02.0441 3916 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:18:02.0441 3916 kbdhid - ok
09:18:02.0441 3916 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
09:18:02.0456 3916 KeyIso - ok
09:18:02.0472 3916 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:18:02.0472 3916 KSecDD - ok
09:18:02.0487 3916 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:18:02.0487 3916 KSecPkg - ok
09:18:02.0503 3916 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:18:02.0503 3916 ksthunk - ok
09:18:02.0534 3916 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
09:18:02.0534 3916 KtmRm - ok
09:18:02.0550 3916 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\System32\srvsvc.dll
09:18:02.0550 3916 LanmanServer - ok
09:18:02.0597 3916 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:18:02.0597 3916 LanmanWorkstation - ok
09:18:02.0628 3916 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:18:02.0628 3916 lltdio - ok
09:18:02.0659 3916 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:18:02.0659 3916 lltdsvc - ok
09:18:02.0675 3916 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:18:02.0675 3916 lmhosts - ok
09:18:02.0690 3916 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:18:02.0690 3916 LSI_FC - ok
09:18:02.0706 3916 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:18:02.0706 3916 LSI_SAS - ok
09:18:02.0721 3916 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:18:02.0721 3916 LSI_SAS2 - ok
09:18:02.0737 3916 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:18:02.0737 3916 LSI_SCSI - ok
09:18:02.0753 3916 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
09:18:02.0753 3916 luafv - ok
09:18:02.0784 3916 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:18:02.0784 3916 MBAMProtector - ok
09:18:02.0815 3916 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:18:02.0815 3916 MBAMService - ok
09:18:02.0846 3916 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:18:02.0846 3916 Mcx2Svc - ok
09:18:02.0846 3916 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:18:02.0846 3916 megasas - ok
09:18:02.0862 3916 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:18:02.0862 3916 MegaSR - ok
09:18:02.0877 3916 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
09:18:02.0893 3916 MMCSS - ok
09:18:02.0893 3916 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:18:02.0893 3916 Modem - ok
09:18:02.0909 3916 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:18:02.0909 3916 monitor - ok
09:18:02.0924 3916 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:18:02.0924 3916 mouclass - ok
09:18:02.0940 3916 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:18:02.0940 3916 mouhid - ok
09:18:02.0971 3916 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:18:02.0971 3916 mountmgr - ok
09:18:03.0018 3916 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:18:03.0018 3916 MozillaMaintenance - ok
09:18:03.0033 3916 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:18:03.0033 3916 mpio - ok
09:18:03.0065 3916 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:18:03.0065 3916 mpsdrv - ok
09:18:03.0096 3916 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:18:03.0096 3916 MpsSvc - ok
09:18:03.0143 3916 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:18:03.0143 3916 MRxDAV - ok
09:18:03.0174 3916 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:18:03.0174 3916 mrxsmb - ok
09:18:03.0221 3916 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:18:03.0221 3916 mrxsmb10 - ok
09:18:03.0236 3916 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:18:03.0236 3916 mrxsmb20 - ok
09:18:03.0267 3916 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:18:03.0267 3916 msahci - ok
09:18:03.0299 3916 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:18:03.0299 3916 msdsm - ok
09:18:03.0330 3916 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
09:18:03.0330 3916 MSDTC - ok
09:18:03.0377 3916 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:18:03.0377 3916 Msfs - ok
09:18:03.0408 3916 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:18:03.0408 3916 mshidkmdf - ok
09:18:03.0423 3916 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:18:03.0423 3916 msisadrv - ok
09:18:03.0439 3916 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:18:03.0455 3916 MSiSCSI - ok
09:18:03.0455 3916 msiserver - ok
09:18:03.0470 3916 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:18:03.0470 3916 MSKSSRV - ok
09:18:03.0486 3916 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:18:03.0486 3916 MSPCLOCK - ok
09:18:03.0501 3916 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:18:03.0501 3916 MSPQM - ok
09:18:03.0548 3916 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:18:03.0548 3916 MsRPC - ok
09:18:03.0579 3916 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:18:03.0579 3916 mssmbios - ok
09:18:03.0595 3916 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:18:03.0595 3916 MSTEE - ok
09:18:03.0595 3916 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:18:03.0595 3916 MTConfig - ok
09:18:03.0626 3916 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:18:03.0626 3916 Mup - ok
09:18:03.0657 3916 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
09:18:03.0657 3916 napagent - ok
09:18:03.0689 3916 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:18:03.0689 3916 NativeWifiP - ok
09:18:03.0720 3916 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys
09:18:03.0720 3916 NDIS - ok
09:18:03.0767 3916 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:18:03.0767 3916 NdisCap - ok
09:18:03.0782 3916 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:18:03.0782 3916 NdisTapi - ok
09:18:03.0813 3916 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:18:03.0813 3916 Ndisuio - ok
09:18:03.0845 3916 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:18:03.0845 3916 NdisWan - ok
09:18:03.0860 3916 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:18:03.0860 3916 NDProxy - ok
09:18:03.0876 3916 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:18:03.0876 3916 NetBIOS - ok
09:18:03.0907 3916 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:18:03.0907 3916 NetBT - ok
09:18:03.0923 3916 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
09:18:03.0923 3916 Netlogon - ok
09:18:03.0938 3916 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
09:18:03.0938 3916 Netman - ok
09:18:03.0969 3916 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
09:18:03.0969 3916 netprofm - ok
09:18:04.0001 3916 [ 883269c1ca478658f1334f3c39b0c7ac ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
09:18:04.0016 3916 netr28ux - ok
09:18:04.0032 3916 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:18:04.0032 3916 NetTcpPortSharing - ok
09:18:04.0047 3916 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:18:04.0047 3916 nfrd960 - ok
09:18:04.0079 3916 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:18:04.0079 3916 NlaSvc - ok
09:18:04.0141 3916 [ cd569fa91ec6f59d045c19d0d3850f44 ] nmservice C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
09:18:04.0141 3916 nmservice - ok
09:18:04.0157 3916 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:18:04.0157 3916 Npfs - ok
09:18:04.0172 3916 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:18:04.0172 3916 nsi - ok
09:18:04.0172 3916 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:18:04.0172 3916 nsiproxy - ok
09:18:04.0235 3916 [ 05d78aa5cb5f3f5c31160bdb955d0b7c ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:18:04.0235 3916 Ntfs - ok
09:18:04.0250 3916 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
09:18:04.0250 3916 Null - ok
09:18:04.0266 3916 [ 5d9fd91f3d38dc9da01e3cb5fa89cd48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:18:04.0266 3916 nvraid - ok
09:18:04.0297 3916 [ f7cd50fe7139f07e77da8ac8033d1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:18:04.0297 3916 nvstor - ok
09:18:04.0328 3916 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:18:04.0328 3916 nv_agp - ok
09:18:04.0359 3916 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:18:04.0375 3916 odserv - ok
09:18:04.0391 3916 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:18:04.0391 3916 ohci1394 - ok
09:18:04.0406 3916 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:18:04.0406 3916 ose - ok
09:18:04.0437 3916 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:18:04.0437 3916 p2pimsvc - ok
09:18:04.0453 3916 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:18:04.0453 3916 p2psvc - ok
09:18:04.0469 3916 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:18:04.0469 3916 Parport - ok
09:18:04.0500 3916 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:18:04.0500 3916 partmgr - ok
09:18:04.0515 3916 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:18:04.0515 3916 PcaSvc - ok
09:18:04.0531 3916 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
09:18:04.0531 3916 pci - ok
09:18:04.0547 3916 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
09:18:04.0547 3916 pciide - ok
09:18:04.0547 3916 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:18:04.0547 3916 pcmcia - ok
09:18:04.0578 3916 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:18:04.0578 3916 pcw - ok
09:18:04.0593 3916 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:18:04.0593 3916 PEAUTH - ok
09:18:04.0656 3916 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:18:04.0656 3916 PerfHost - ok
09:18:04.0718 3916 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
09:18:04.0718 3916 pla - ok
09:18:04.0765 3916 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:18:04.0765 3916 PlugPlay - ok
09:18:04.0796 3916 [ fb83b6c62dff5abe36304351d2bed581 ] pnarp C:\Windows\system32\DRIVERS\pnarp.sys
09:18:04.0796 3916 pnarp - ok
09:18:04.0796 3916 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:18:04.0812 3916 PNRPAutoReg - ok
09:18:04.0827 3916 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:18:04.0827 3916 PNRPsvc - ok
09:18:04.0843 3916 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:18:04.0843 3916 PolicyAgent - ok
09:18:04.0874 3916 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
09:18:04.0874 3916 Power - ok
09:18:04.0890 3916 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:18:04.0890 3916 PptpMiniport - ok
09:18:04.0905 3916 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:18:04.0905 3916 Processor - ok
09:18:04.0921 3916 [ 5c78838b4d166d1a27db3a8a820c799a ] ProfSvc C:\Windows\system32\profsvc.dll
09:18:04.0921 3916 ProfSvc - ok
09:18:04.0937 3916 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:18:04.0937 3916 ProtectedStorage - ok
09:18:04.0937 3916 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:18:04.0952 3916 Psched - ok
09:18:04.0968 3916 [ 1b3434642ce3c26e6f24d3a76d749c2a ] purendis C:\Windows\system32\DRIVERS\purendis.sys
09:18:04.0968 3916 purendis - ok
09:18:04.0999 3916 [ 4712cc14e720ecccc0aa16949d18aaf1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
09:18:04.0999 3916 PxHlpa64 - ok
09:18:05.0046 3916 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:18:05.0061 3916 ql2300 - ok
09:18:05.0093 3916 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:18:05.0093 3916 ql40xx - ok
09:18:05.0139 3916 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
09:18:05.0139 3916 QWAVE - ok
09:18:05.0155 3916 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:18:05.0155 3916 QWAVEdrv - ok
09:18:05.0186 3916 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:18:05.0186 3916 RasAcd - ok
09:18:05.0217 3916 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:18:05.0217 3916 RasAgileVpn - ok
09:18:05.0249 3916 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
09:18:05.0249 3916 RasAuto - ok
09:18:05.0280 3916 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:18:05.0280 3916 Rasl2tp - ok
09:18:05.0327 3916 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
09:18:05.0327 3916 RasMan - ok
09:18:05.0358 3916 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:18:05.0358 3916 RasPppoe - ok
09:18:05.0373 3916 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:18:05.0373 3916 RasSstp - ok
09:18:05.0436 3916 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:18:05.0436 3916 rdbss - ok
09:18:05.0451 3916 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:18:05.0451 3916 rdpbus - ok
09:18:05.0451 3916 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:18:05.0451 3916 RDPCDD - ok
09:18:05.0483 3916 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:18:05.0483 3916 RDPENCDD - ok
09:18:05.0483 3916 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:18:05.0483 3916 RDPREFMP - ok
09:18:05.0514 3916 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:18:05.0514 3916 RDPWD - ok
09:18:05.0529 3916 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:18:05.0529 3916 rdyboost - ok
09:18:05.0561 3916 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:18:05.0561 3916 RemoteAccess - ok
09:18:05.0576 3916 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:18:05.0576 3916 RemoteRegistry - ok
09:18:05.0639 3916 [ 71b48ddaf5e9c2b40e64de5c405f5aac ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
09:18:05.0639 3916 RimUsb - ok
09:18:05.0654 3916 [ c903d49655b4aae46673f0aaa6be0f58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
09:18:05.0654 3916 RimVSerPort - ok
09:18:05.0670 3916 [ 388d3dd1a6457280f3badba9f3acd6b1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
09:18:05.0670 3916 ROOTMODEM - ok
09:18:05.0685 3916 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:18:05.0685 3916 RpcEptMapper - ok
09:18:05.0701 3916 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
09:18:05.0701 3916 RpcLocator - ok
09:18:05.0732 3916 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\System32\rpcss.dll
09:18:05.0732 3916 RpcSs - ok
09:18:05.0748 3916 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:18:05.0748 3916 rspndr - ok
09:18:05.0779 3916 [ 4b42bc58294e83a6a92ec8b88c14c4a3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
09:18:05.0779 3916 RTL8167 - ok
09:18:05.0795 3916 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
09:18:05.0795 3916 SamSs - ok
09:18:05.0888 3916 [ c7d53053541a448febb1373abbaf79ef ] SBAMSvc C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
09:18:05.0904 3916 SBAMSvc - ok
09:18:05.0935 3916 [ db7f9394b2f2d446df14d46c61b0e94b ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
09:18:05.0935 3916 sbapifs - ok
09:18:05.0966 3916 [ cdb954c736d51dc5fa712c039af4f683 ] SbFw C:\Windows\system32\drivers\SbFw.sys
09:18:05.0966 3916 SbFw - ok
09:18:05.0997 3916 [ 5de22e3cb6140213da2e0599b08d525c ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys
09:18:05.0997 3916 SBFWIMCL - ok
09:18:06.0029 3916 [ 5de22e3cb6140213da2e0599b08d525c ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys
09:18:06.0029 3916 SBFWIMCLMP - ok
09:18:06.0044 3916 [ a5bc45f8c2f30350e7566799c86b2f5d ] sbhips C:\Windows\system32\drivers\sbhips.sys
09:18:06.0044 3916 sbhips - ok
09:18:06.0075 3916 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:18:06.0075 3916 sbp2port - ok
09:18:06.0107 3916 [ fd833bee2fd9befdc0afd1941a306d9e ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
09:18:06.0107 3916 SBRE - ok
09:18:06.0247 3916 [ 794d4b48dfb6e999537c7c3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
09:18:06.0263 3916 SBSDWSCService - ok
09:18:06.0309 3916 [ f9955774a6bf0a5ca696f591c7b80a79 ] SbTis C:\Windows\system32\drivers\sbtis.sys
09:18:06.0309 3916 SbTis - ok
09:18:06.0341 3916 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:18:06.0341 3916 SCardSvr - ok
09:18:06.0356 3916 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:18:06.0356 3916 scfilter - ok
09:18:06.0387 3916 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
09:18:06.0403 3916 Schedule - ok
09:18:06.0434 3916 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
09:18:06.0434 3916 SCPolicySvc - ok
09:18:06.0465 3916 [ 111e0ebc0ad79cb0fa014b907b231cf0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
09:18:06.0465 3916 sdbus - ok
09:18:06.0497 3916 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:18:06.0497 3916 SDRSVC - ok
09:18:06.0528 3916 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:18:06.0528 3916 secdrv - ok
09:18:06.0559 3916 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
09:18:06.0559 3916 seclogon - ok
09:18:06.0590 3916 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll
09:18:06.0590 3916 SENS - ok
09:18:06.0606 3916 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:18:06.0606 3916 SensrSvc - ok
09:18:06.0606 3916 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:18:06.0606 3916 Serenum - ok
09:18:06.0621 3916 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:18:06.0621 3916 Serial - ok
09:18:06.0653 3916 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:18:06.0653 3916 sermouse - ok
09:18:06.0715 3916 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:18:06.0715 3916 SessionEnv - ok
09:18:06.0746 3916 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:18:06.0746 3916 sffdisk - ok
09:18:06.0777 3916 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:18:06.0777 3916 sffp_mmc - ok
09:18:06.0793 3916 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:18:06.0793 3916 sffp_sd - ok
09:18:06.0809 3916 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:18:06.0809 3916 sfloppy - ok
09:18:06.0871 3916 [ 74ec60e20516aaa573be74f31175270f ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
09:18:06.0871 3916 SftService - ok
09:18:06.0933 3916 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:18:06.0933 3916 SharedAccess - ok
09:18:06.0965 3916 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:18:06.0965 3916 ShellHWDetection - ok
09:18:06.0996 3916 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:18:06.0996 3916 SiSRaid2 - ok
09:18:07.0011 3916 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:18:07.0011 3916 SiSRaid4 - ok
09:18:07.0027 3916 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:18:07.0027 3916 Smb - ok
09:18:07.0058 3916 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:18:07.0058 3916 SNMPTRAP - ok
09:18:07.0074 3916 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:18:07.0074 3916 spldr - ok
09:18:07.0105 3916 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe
09:18:07.0105 3916 Spooler - ok
09:18:07.0199 3916 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
09:18:07.0214 3916 sppsvc - ok
09:18:07.0245 3916 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:18:07.0245 3916 sppuinotify - ok
09:18:07.0292 3916 [ d630b6f2e8379b6f10dc16e82a426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
09:18:07.0292 3916 sprtsvc_DellSupportCenter - ok
09:18:07.0323 3916 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
09:18:07.0323 3916 srv - ok
09:18:07.0339 3916 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:18:07.0339 3916 srv2 - ok
09:18:07.0355 3916 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:18:07.0355 3916 srvnet - ok
09:18:07.0370 3916 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:18:07.0370 3916 SSDPSRV - ok
09:18:07.0401 3916 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:18:07.0401 3916 SstpSvc - ok
09:18:07.0417 3916 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:18:07.0417 3916 stexstor - ok
09:18:07.0464 3916 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
09:18:07.0464 3916 stisvc - ok
09:18:07.0479 3916 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:18:07.0479 3916 swenum - ok
09:18:07.0495 3916 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
09:18:07.0495 3916 swprv - ok
09:18:07.0542 3916 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
09:18:07.0557 3916 SysMain - ok
09:18:07.0589 3916 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:18:07.0589 3916 TabletInputService - ok
09:18:07.0620 3916 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:18:07.0620 3916 TapiSrv - ok
09:18:07.0635 3916 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
09:18:07.0635 3916 TBS - ok
09:18:07.0682 3916 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:18:07.0698 3916 Tcpip - ok
09:18:07.0745 3916 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:18:07.0745 3916 TCPIP6 - ok
09:18:07.0776 3916 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:18:07.0776 3916 tcpipreg - ok
09:18:07.0807 3916 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:18:07.0807 3916 TDPIPE - ok
09:18:07.0823 3916 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:18:07.0823 3916 TDTCP - ok
09:18:07.0854 3916 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:18:07.0854 3916 tdx - ok
09:18:07.0869 3916 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:18:07.0869 3916 TermDD - ok
09:18:07.0901 3916 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
09:18:07.0901 3916 TermService - ok
09:18:07.0916 3916 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
09:18:07.0916 3916 Themes - ok
09:18:07.0947 3916 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
09:18:07.0947 3916 THREADORDER - ok
09:18:07.0963 3916 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
09:18:07.0963 3916 TrkWks - ok
09:18:08.0010 3916 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:18:08.0010 3916 TrustedInstaller - ok
09:18:08.0025 3916 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:18:08.0025 3916 tssecsrv - ok
09:18:08.0057 3916 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:18:08.0057 3916 TsUsbFlt - ok
09:18:08.0088 3916 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:18:08.0088 3916 tunnel - ok
09:18:08.0103 3916 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:18:08.0103 3916 uagp35 - ok
09:18:08.0135 3916 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:18:08.0135 3916 udfs - ok
09:18:08.0150 3916 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:18:08.0150 3916 UI0Detect - ok
09:18:08.0166 3916 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:18:08.0166 3916 uliagpkx - ok
09:18:08.0197 3916 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\drivers\umbus.sys
09:18:08.0197 3916 umbus - ok
09:18:08.0213 3916 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:18:08.0213 3916 UmPass - ok
09:18:08.0228 3916 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
09:18:08.0228 3916 upnphost - ok
09:18:08.0244 3916 [ 481dff26b4dca8f4cbac1f7dce1d6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:18:08.0244 3916 usbccgp - ok
09:18:08.0275 3916 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:18:08.0275 3916 usbcir - ok
09:18:08.0291 3916 [ 74ee782b1d9c241efe425565854c661c ] usbehci C:\Windows\system32\drivers\usbehci.sys
09:18:08.0291 3916 usbehci - ok
09:18:08.0306 3916 [ dc96bd9ccb8403251bcf25047573558e ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:18:08.0306 3916 usbhub - ok
09:18:08.0322 3916 [ 58e546bbaf87664fc57e0f6081e4f609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:18:08.0322 3916 usbohci - ok
09:18:08.0337 3916 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:18:08.0337 3916 usbprint - ok
09:18:08.0353 3916 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:18:08.0353 3916 usbscan - ok
09:18:08.0369 3916 [ d76510cfa0fc09023077f22c2f979d86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:18:08.0369 3916 USBSTOR - ok
09:18:08.0384 3916 [ 81fb2216d3a60d1284455d511797db3d ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:18:08.0384 3916 usbuhci - ok
09:18:08.0415 3916 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:18:08.0415 3916 usbvideo - ok
09:18:08.0431 3916 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
09:18:08.0431 3916 UxSms - ok
09:18:08.0447 3916 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
09:18:08.0447 3916 VaultSvc - ok
09:18:08.0462 3916 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:18:08.0462 3916 vdrvroot - ok
09:18:08.0493 3916 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
09:18:08.0493 3916 vds - ok
09:18:08.0509 3916 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:18:08.0509 3916 vga - ok
09:18:08.0525 3916 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
09:18:08.0525 3916 VgaSave - ok
09:18:08.0540 3916 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:18:08.0540 3916 vhdmp - ok
09:18:08.0571 3916 [ ed1d7c584a983a17cc448a8f1419be54 ] VIACRX64 C:\Windows\system32\DRIVERS\viacr64.sys
09:18:08.0571 3916 VIACRX64 - ok
09:18:08.0587 3916 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:18:08.0587 3916 viaide - ok
09:18:08.0603 3916 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:18:08.0603 3916 volmgr - ok
09:18:08.0649 3916 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:18:08.0649 3916 volmgrx - ok
09:18:08.0665 3916 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:18:08.0681 3916 volsnap - ok
09:18:08.0696 3916 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:18:08.0696 3916 vsmraid - ok
09:18:08.0727 3916 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
09:18:08.0743 3916 VSS - ok
09:18:08.0806 3916 [ 3da649c6ec481d8f36b54f33fc01dd1e ] vToolbarUpdater12.1.5 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
09:18:08.0806 3916 vToolbarUpdater12.1.5 - ok
09:18:08.0806 3916 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:18:08.0806 3916 vwifibus - ok
09:18:08.0822 3916 [ 6a3d66263414ff0d6fa754c646612f3f ] VWiFiFlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:18:08.0822 3916 VWiFiFlt - ok
09:18:08.0838 3916 [ 6a638fc4bfddc4d9b186c28c91bd1a01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:18:08.0838 3916 vwifimp - ok
09:18:08.0853 3916 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
09:18:08.0853 3916 W32Time - ok
09:18:08.0869 3916 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:18:08.0869 3916 WacomPen - ok
09:18:08.0900 3916 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:18:08.0900 3916 WANARP - ok
09:18:08.0900 3916 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:18:08.0916 3916 Wanarpv6 - ok
09:18:08.0947 3916 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:18:08.0962 3916 WatAdminSvc - ok
09:18:09.0025 3916 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
09:18:09.0025 3916 wbengine - ok
09:18:09.0040 3916 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:18:09.0040 3916 WbioSrvc - ok
09:18:09.0072 3916 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:18:09.0087 3916 wcncsvc - ok
09:18:09.0103 3916 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:18:09.0103 3916 WcsPlugInService - ok
09:18:09.0118 3916 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:18:09.0118 3916 Wd - ok
09:18:09.0134 3916 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:18:09.0134 3916 Wdf01000 - ok
09:18:09.0150 3916 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:18:09.0165 3916 WdiServiceHost - ok
09:18:09.0165 3916 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:18:09.0165 3916 WdiSystemHost - ok
09:18:09.0196 3916 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:18:09.0196 3916 WebClient - ok
09:18:09.0212 3916 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:18:09.0212 3916 Wecsvc - ok
09:18:09.0228 3916 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:18:09.0228 3916 wercplsupport - ok
09:18:09.0243 3916 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:18:09.0243 3916 WerSvc - ok
09:18:09.0259 3916 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:18:09.0259 3916 WfpLwf - ok
09:18:09.0274 3916 [ b14ef15bd757fa488f9c970eee9c0d35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
09:18:09.0290 3916 WimFltr - ok
09:18:09.0306 3916 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:18:09.0306 3916 WIMMount - ok
09:18:09.0321 3916 WinDefend - ok
09:18:09.0337 3916 WinHttpAutoProxySvc - ok
09:18:09.0399 3916 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:18:09.0399 3916 Winmgmt - ok
09:18:09.0493 3916 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
09:18:09.0508 3916 WinRM - ok
09:18:09.0555 3916 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:18:09.0555 3916 WinUsb - ok
09:18:09.0633 3916 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
09:18:09.0649 3916 Wlansvc - ok
09:18:09.0664 3916 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:18:09.0664 3916 WmiAcpi - ok
09:18:09.0711 3916 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:18:09.0711 3916 wmiApSrv - ok
09:18:09.0727 3916 WMPNetworkSvc - ok
09:18:09.0742 3916 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:18:09.0742 3916 WPCSvc - ok
09:18:09.0774 3916 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:18:09.0774 3916 WPDBusEnum - ok
09:18:09.0805 3916 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:18:09.0805 3916 ws2ifsl - ok
09:18:09.0820 3916 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\system32\wscsvc.dll
09:18:09.0820 3916 wscsvc - ok
09:18:09.0820 3916 WSearch - ok
09:18:09.0898 3916 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:18:09.0914 3916 wuauserv - ok
09:18:09.0961 3916 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:18:09.0961 3916 WudfPf - ok
09:18:09.0976 3916 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:18:09.0976 3916 WUDFRd - ok
09:18:10.0008 3916 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:18:10.0008 3916 wudfsvc - ok
09:18:10.0023 3916 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
09:18:10.0023 3916 WwanSvc - ok
09:18:10.0054 3916 ================ Scan global ===============================
09:18:10.0086 3916 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
09:18:10.0101 3916 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
09:18:10.0132 3916 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
09:18:10.0148 3916 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
09:18:10.0195 3916 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
09:18:10.0195 3916 [Global] - ok
09:18:10.0195 3916 ================ Scan MBR ==================================
09:18:10.0210 3916 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:18:10.0413 3916 \Device\Harddisk0\DR0 - ok
09:18:10.0413 3916 ================ Scan VBR ==================================
09:18:10.0413 3916 Boot (0x1200) (c6d77e526763c89ebf84c3566b17acbc) \Device\Harddisk0\DR0\Partition1
09:18:10.0413 3916 \Device\Harddisk0\DR0\Partition1 - ok
09:18:10.0429 3916 Boot (0x1200) (c7e9948176f8520483f751f0b79d3320) \Device\Harddisk0\DR0\Partition2
09:18:10.0429 3916 \Device\Harddisk0\DR0\Partition2 - ok
09:18:10.0429 3916 ============================================================
09:18:10.0429 3916 Scan finished
09:18:10.0429 3916 ============================================================
09:18:10.0444 3624 Detected object count: 0
09:18:10.0444 3624 Actual detected object count: 0
09:24:11.0138 1756 Deinitialize success



Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Lavasoft Ad-Aware
AVG Anti-Virus Free Edition 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
Mozilla Thunderbird (3.0.11) Thunderbird out of Date!
Google Chrome 6.0.472.53
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus Engine SBAMSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#14
screen317
Posted 17 August 2012 - 03:44 PM

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,465 posts
  • Gender:Male
  • Location:New Haven, CT
Hi,

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number

Run TFC by OldTimer to clear temporary files:
  • Open TFC.exe if you already have it. If not, please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.


Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.



After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):


Ad-Aware (if you don't update and use it often)
Java™ 6 Update 31

Restart your computer.

Get the latest version of Java.

Update your version of Thunderbird! You are using version 3, and version 14 is available.. Also update your version of Chrome.


Let me know what issues remain.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#15
Rickaber
Posted 18 August 2012 - 10:08 AM

    New Member

  • Members
  • Pip
  • 10 posts
Chris, I folowed all your instructions. Deleted, updated etc. except for Chrome, willo update next time I use it which is rarely. Had to install a new router, seems to be working all right. If you see anything else let me know. Thanks, Rick



# AdwCleaner v1.801 - Logfile created 08/18/2012 at 09:26:37
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Rick - RICK-PC
# Boot Mode : Normal
# Running from : C:\Users\Rick\Desktop\New folder\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Rick\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Rick\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Lisa\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Rick\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Rick\AppData\LocalLow\Funmoods
Folder Deleted : C:\Users\Rick\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Lisa\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Rick\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\z6sxmaoi.default\ConduitCommon
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Funmoods
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\z6sxmaoi.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\user.js

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Funmoods
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Funmoods
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\z6sxmaoi.default\prefs.js

C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\z6sxmaoi.default\user.js ... Deleted !

Deleted : user_pref("CT3003485..clientLogIsEnabled", true);
Deleted : user_pref("CT3003485..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3003485..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3003485.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3003485.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3003485.BrowserCompStateIsOpen_1000515", true);
Deleted : user_pref("CT3003485.BrowserCompStateIsOpen_129575137568133121", true);
Deleted : user_pref("CT3003485.CT3003485", "CT3003485");
Deleted : user_pref("CT3003485.CurrentServerDate", "9-12-2011");
Deleted : user_pref("CT3003485.DSInstall", false);
Deleted : user_pref("CT3003485.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3003485.DialogsGetterLastCheckTime", "Wed Dec 07 2011 09:55:57 GMT-0600 (Central Standa[...]
Deleted : user_pref("CT3003485.DownloadReferralCookieData", "");
Deleted : user_pref("CT3003485.ExternalComponentPollDate129491538130487928", "Fri Dec 09 2011 10:35:41 GMT-060[...]
Deleted : user_pref("CT3003485.FirstServerDate", "1-12-2011");
Deleted : user_pref("CT3003485.FirstTime", true);
Deleted : user_pref("CT3003485.FirstTimeFF3", true);
Deleted : user_pref("CT3003485.FixPageNotFoundErrors", false);
Deleted : user_pref("CT3003485.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3003485.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3003485.HPInstall", false);
Deleted : user_pref("CT3003485.HasUserGlobalKeys", true);
Deleted : user_pref("CT3003485.Initialize", true);
Deleted : user_pref("CT3003485.InitializeCommonPrefs", true);
Deleted : user_pref("CT3003485.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3003485.InstallationType", "Unknown");
Deleted : user_pref("CT3003485.InstalledDate", "Wed Nov 30 2011 16:40:15 GMT-0600 (Central Standard Time)");
Deleted : user_pref("CT3003485.InvalidateCache", false);
Deleted : user_pref("CT3003485.IsAlertDBUpdated", true);
Deleted : user_pref("CT3003485.IsGrouping", false);
Deleted : user_pref("CT3003485.IsInitSetupIni", true);
Deleted : user_pref("CT3003485.IsMulticommunity", false);
Deleted : user_pref("CT3003485.IsOpenThankYouPage", true);
Deleted : user_pref("CT3003485.IsOpenUninstallPage", true);
Deleted : user_pref("CT3003485.IsProtectorsInit", true);
Deleted : user_pref("CT3003485.LanguagePackLastCheckTime", "Fri Dec 09 2011 11:51:47 GMT-0600 (Central Standar[...]
Deleted : user_pref("CT3003485.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3003485.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3003485.LastLogin_3.8.1.0", "Fri Dec 09 2011 11:40:54 GMT-0600 (Central Standard Time)"[...]
Deleted : user_pref("CT3003485.LatestVersion", "3.8.1.0");
Deleted : user_pref("CT3003485.Locale", "en");
Deleted : user_pref("CT3003485.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3003485.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3003485.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3003485.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3003485.OriginalFirstVersion", "3.8.1.0");
Deleted : user_pref("CT3003485.RadioIsPodcast", false);
Deleted : user_pref("CT3003485.RadioLastCheckTime", "Fri Dec 09 2011 11:52:11 GMT-0600 (Central Standard Time)[...]
Deleted : user_pref("CT3003485.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT3003485.RadioLastUpdateServer", "3");
Deleted : user_pref("CT3003485.RadioMediaID", "9962");
Deleted : user_pref("CT3003485.RadioMediaType", "Media Player");
Deleted : user_pref("CT3003485.RadioMenuSelectedID", "EBRadioMenu_CT30034859962");
Deleted : user_pref("CT3003485.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT3003485.RadioStationName", "California%20Rock");
Deleted : user_pref("CT3003485.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT3003485.SearchCaption", "Mapit Customized Web Search");
Deleted : user_pref("CT3003485.SearchEngineBeforeUnload", "AVG Secure Search");
Deleted : user_pref("CT3003485.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3003485.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT300[...]
Deleted : user_pref("CT3003485.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3003485.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3003485.SearchInNewTabLastCheckTime", "Fri Dec 09 2011 11:51:46 GMT-0600 (Central Stand[...]
Deleted : user_pref("CT3003485.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3003485.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT3003485.SearchProtectorEnabled", false);
Deleted : user_pref("CT3003485.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3003485.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3003485.ServiceMapLastCheckTime", "Fri Dec 09 2011 11:51:48 GMT-0600 (Central Standard [...]
Deleted : user_pref("CT3003485.SettingsLastCheckTime", "Fri Dec 09 2011 10:35:41 GMT-0600 (Central Standard Ti[...]
Deleted : user_pref("CT3003485.SettingsLastUpdate", "1322750667");
Deleted : user_pref("CT3003485.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3003485&SearchSource=13");
Deleted : user_pref("CT3003485.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3003485.ThirdPartyComponentsLastCheck", "Wed Nov 30 2011 16:40:11 GMT-0600 (Central Sta[...]
Deleted : user_pref("CT3003485.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT3003485.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3003485.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3003485");
Deleted : user_pref("CT3003485.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3003485.UserID", "UN89057222319340485");
Deleted : user_pref("CT3003485.ValidationData_Search", 2);
Deleted : user_pref("CT3003485.ValidationData_Toolbar", 2);
Deleted : user_pref("CT3003485.alertChannelId", "1395219");
Deleted : user_pref("CT3003485.backendstorage.cb_firstuse0100", "31");
Deleted : user_pref("CT3003485.backendstorage.cbfirsttime", "576564204E6F7620333020323031312031363A34303A31382[...]
Deleted : user_pref("CT3003485.backendstorage.url_history", "687474703A2F2F776F6F64776F726B65722E636F6D2F66756[...]
Deleted : user_pref("CT3003485.backendstorage.url_history_time", "31333233343433393533323135");
Deleted : user_pref("CT3003485.components.1000515", true);
Deleted : user_pref("CT3003485.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3003485.globalFirstTimeInfoLastCheckTime", "Fri Dec 09 2011 11:40:54 GMT-0600 (Central [...]
Deleted : user_pref("CT3003485.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3003485.initDone", true);
Deleted : user_pref("CT3003485.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3003485.isFirstRadioInstallation", false);
Deleted : user_pref("CT3003485.myStuffEnabled", true);
Deleted : user_pref("CT3003485.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3003485.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3003485.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3003485.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3003485.oldAppsList", "129491538127987918,129491538128456672,111,129491538128612923,129[...]
Deleted : user_pref("CT3003485.revertSettingsEnabled", false);
Deleted : user_pref("CT3003485.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3003485.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3003485.testingCtid", "");
Deleted : user_pref("CT3003485.toolbarAppMetaDataLastCheckTime", "Fri Dec 09 2011 11:51:47 GMT-0600 (Central S[...]
Deleted : user_pref("CT3003485.toolbarContextMenuLastCheckTime", "Wed Nov 30 2011 16:40:15 GMT-0600 (Central S[...]
Deleted : user_pref("CT3003485.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3003485/CT3003485[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3209604/CT3209604[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1395219/1390878/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1631618/1624709/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3003485", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3209604", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3003485",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3209604",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3003485&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"21b[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Rick\\AppData\\Roaming\\Mozilla\\Fi[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.avg.com/route/?d=4cb3494d&[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3003485");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3003485");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3003485");
Deleted : user_pref("CommunityToolbar.globalUserId", "99e8c163-bae6-42fb-81e2-cb06e75836ab");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jun 25 2012 07:20:4[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jun 25 2012 07:21:26 GMT-050[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jun 25 2012 07:20:39 GMT-0500 (C[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "bbb95877-7c1c-431d-a377-fdf949297c68");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://my.yahoo.com/");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "AVG Secure Search");
Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.1.0.21");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.funmoods.admin", false);
Deleted : user_pref("extensions.funmoods.aflt", "axl");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.cntry", "US");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", false);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "B2EEE89EC35CBF9CB763491CF684507B");
Deleted : user_pref("extensions.funmoods.hmpg", false);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2[...]
Deleted : user_pref("extensions.funmoods.id", "bcafd950000000000000001ee5e3fb7f");
Deleted : user_pref("extensions.funmoods.instlDay", "15483");
Deleted : user_pref("extensions.funmoods.instlRef", "axl");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.228:27:42");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", false);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAt[...]
Deleted : user_pref("extensions.funmoods.noFFXTlbr", false);
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "");
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.228:27:42");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.aflt", "axl");
Deleted : user_pref("extensions.funmoods_i.dfltLng", "");
Deleted : user_pref("extensions.funmoods_i.excTlbr", false);
Deleted : user_pref("extensions.funmoods_i.id", "bcafd950000000000000001ee5e3fb7f");
Deleted : user_pref("extensions.funmoods_i.instlDay", "15478");
Deleted : user_pref("extensions.funmoods_i.instlRef", "");
Deleted : user_pref("extensions.funmoods_i.newTab", false);
Deleted : user_pref("extensions.funmoods_i.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.tlbrId", "base");
Deleted : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=axl&q=")[...]
Deleted : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.228:27:42");
Deleted : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");
Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7B53df7d87-0c97-4a62-a0bd-474c614748d2[...]

Profile name : default
File : C:\Users\MaRiAh\AppData\Roaming\Mozilla\Firefox\Profiles\fazsdtkx.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

Profile name : default
File : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\0c9zwr06.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.avg.com/route/?d=4cb3494d&v=7.0[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [26819 octets] - [18/08/2012 09:26:37]

########## EOF - C:\AdwCleaner[S1].txt - [26948 octets] ##########

#16
screen317
Posted 20 August 2012 - 01:57 PM

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,465 posts
  • Gender:Male
  • Location:New Haven, CT
Hi,

Please update Chrome even if you don't use it. If you don't use it often, consider uninstalling it completely.


  • Please double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with Yes.
  • Please double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with Yes.

Reboot.



I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!


Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?




Safe surfing,

-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#17
Maurice Naggar
Posted 22 August 2012 - 07:18 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,270 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.
~Maurice Naggar

I close my threads if there is 5 days without a response.
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us