Jump to content

SweetieLydia

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral

About SweetieLydia

  • Birthday 07/10/1993

Profile Information

  • Location
    Canada
  1. Alright ok Thank you so much for sticking with me through this. I really owe it to you for fixing this problem haha. Take care!
  2. Perfect Thank you so much! One last question, do I remove HijackThis?
  3. Ok, even more reasons to rid of it. Here is the results of ESETScan: C:\ProgramData\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}\SavevidSetupV2.res a variant of Win32/Toolbar.SearchSuite application deleted - quarantined C:\TDSSKiller_Quarantine\30.04.2012_08.54.41\rtkt0000\svc0000\tsk0000.dta Win32/Olmarik.ZC trojan cleaned - quarantined C:\TDSSKiller_Quarantine\30.04.2012_08.54.41\rtkt0000\tdlfs0000\tsk0003.dta Win32/Olmarik.YR trojan cleaned by deleting - quarantined C:\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\177237ca-60599f86 multiple threats deleted - quarantined C:\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\53b3d6cd-4f530223 multiple threats deleted - quarantined C:\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\47b9e491-5b934651 multiple threats deleted - quarantined C:\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\63ff10c2-24c45853 multiple threats deleted - quarantined C:\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\4808c9f2-37e8c2a5 multiple threats deleted - quarantined C:\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\2606caba-295732bf multiple threats deleted - quarantined C:\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\551652ba-44709b88 multiple threats deleted - quarantined C:\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\5ebe80bd-7ccc9759 multiple threats deleted - quarantined C:\Users\Amy\Documents\Raph^_^\Adobe After Effects CS4.exe BAT/HostsChanger.A application deleted - quarantined C:\Users\Amy\Documents\Raph^_^\flstudio_9.0_final.exe Win32/OpenCandy application deleted - quarantined C:\Users\Amy\Documents\Raph^_^\Adobe After Effects CS4\Activation & Instructions\Activation Blocker.cmd BAT/HostsChanger.A application cleaned by deleting - quarantined C:\Users\Amy\Downloads\flstudio_9.0.exe Win32/OpenCandy application deleted - quarantined C:\Users\Amy\Downloads\SoftonicDownloader_for_particleillusion.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined C:\Users\Amy\Downloads\Sony Vegas Pro 10 Keygen.rar a variant of Win32/Packed.VMProtect.AAD trojan deleted - quarantined
  4. Did everything Here is the MBAM log: Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.30.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19190 Amy :: AMY-PC [administrator] Protection: Enabled 30/04/2012 12:52:20 PM mbam-log-2012-04-30 (12-52-20).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 597761 Time elapsed: 7 hour(s), 27 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Users\Amy\Downloads\Sony Vegas Movie Studio HD Platinum 10.0.179 + Keygen [RH]\SV.MST.HD.PE.10.0.179_[RH]\Sony Vegas Movie Studio HD Platinum 10.0.179\Keygen\Patch (Extra included)\Patch_Vegas.Movie.Studio.HD.Platinum.10.0.exe (PUP.Hacktool.Patcher) -> No action taken. C:\Program Files\Mystery Case Files - Dire Grove Collector's Edition\Uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully. C:\Users\Amy\Downloads\Warcraft 3\warcraft3 keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully. (end)
  5. Things are definitely running much faster now I uninstalled the Freecorder Toolbar. Here is the attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/09/2009 6:22:15 AM System Uptime: 30/04/2012 9:00:04 AM (2 hours ago) . Motherboard: Wistron | | 303C Processor: AMD Athlon Dual-Core QL-64 | Socket A | 1050/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 222 GiB total, 31.32 GiB free. D: is FIXED (NTFS) - 11 GiB total, 1.457 GiB free. E: is CDROM () F: is CDROM () G: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft ISATAP Adapter Device ID: ROOT\*ISATAP\0006 Manufacturer: Microsoft Name: Microsoft ISATAP Adapter PNP Device ID: ROOT\*ISATAP\0006 Service: tunnel . Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318} Description: Device ID: ROOT\SYSTEM\0001 Manufacturer: Name: PNP Device ID: ROOT\SYSTEM\0001 Service: . ==== System Restore Points =================== . RP640: 30/04/2012 9:18:22 AM - Language Pack Removal . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 7-Zip 4.65 ACID Pro 7.0 Acrobat.com Activation Assistant for the 2007 Microsoft Office suites ActiveCheck component for HP Active Support Library Adobe After Effects CS4 Adobe After Effects CS4 Presets Adobe After Effects CS4 Third Party Content Adobe AIR Adobe Anchor Service CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe Color Video Profiles AE CS4 Adobe Community Help Adobe Default Language CS4 Adobe Device Central CS4 Adobe Dynamiclink Support Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Fonts All Adobe Media Encoder CS4 Adobe Media Encoder CS4 Additional Exporter Adobe Media Encoder CS4 Exporter Adobe Media Player Adobe MotionPicture Color Files CS4 Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop CS5 Adobe Reader 9.5.0 Adobe Setup Adobe Shockwave Player Adobe Type Support CS4 Adobe Update Manager CS4 Adobe XMP Panels CS4 Akamai NetSession Interface Akamai NetSession Interface Service aMSN 0.98.4 Antidote RX v7 Any Video Converter 3.0.6 Apple Application Support Apple Mobile Device Support Apple Software Update ASIO4ALL Ask Toolbar Astroburn Lite Astroburn Toolbar Atheros Driver Installation Program Audacity 1.3.12 (Unicode) Audio Player ActiveX AVG 2011 Bonjour Boris Continuum Complete 7 for Avid CamStudio OSS Desktop Recorder Camtasia Studio 6 Compatibility Pack for the 2007 Office system Conexant HD Audio CyberLink DVD Suite CyberLink YouCam D3DX10 DAEMON Tools Lite ESU for Microsoft Vista Express Burn Disc Burning Software Finale NotePad 2011 FL Studio 9 Fraps (remove only) Fwink GOM Player Google Chrome Google Toolbar for Internet Explorer Google Update Helper Graboid Video 3.05 HDAUDIO Soft Data Fax Modem with SmartCP Hotel Dash Suite Success Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Customer Experience Enhancements HP Doc Viewer HP DVD Play 3.7 HP Games HP Help and Support HP Pavilion Webcam Driver for Vista v061.001.00006 HP Product Detection HP Quick Launch Buttons 6.40 H2 HP Total Care Advisor HP Total Care Setup HP Update HP User Guides 0118 HP Wireless Assistant HPAsset component for HP Active Support Library HPNetworkAssistant IL Download Manager iTunes Java Auto Updater Java 6 Update 31 Java 6 Update 7 Junk Mail filter update LabelPrint LightScribe System Software 1.14.17.1 Malwarebytes Anti-Malware version 1.61.0.1400 Mesh Runtime Messenger Companion Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft DirectX SDK (April 2007) Microsoft Live Search Toolbar Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional Edition 2003 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 MixPad Audio Mixer MSVCRT MSVCRT Redists MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee Reveal My Tribe NCsoft Launcher NetWaiting NetZero Preloader NVIDIA Drivers Opera 11.62 Pando Media Booster Passport to Paradise PDF Settings CS5 Photoshop Camera Raw Pixel Bender Toolkit PoiZone Power2Go PowerDirector PVSonyDll QuickTime Realtek USB 2.0 Card Reader Rosetta Stone Version 3 Safari SaveVid Plug-in Sawer Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Segoe UI Skype Click to Call Skype™ 5.8 Software Informer 1.0 BETA Sony ACID Pro 6.0 Sony Media Manager 2.2 Suite Shared Configuration CS4 Super Mp3 Recorder Professional v6.2 Synaptics Pointing Device Driver System Requirements Lab Toxic Biohazard Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Vegas Movie Studio HD 9.0 Vegas Pro 11.0 Ventrilo Client VirtualDJ Home FREE VLC media player 1.0.1 WavePad Sound Editor Web Games Player Plugin Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.00 beta 3 (32-bit) WinX HD Video Converter Deluxe 3.12.2 WinX Video Converter 4.5.11 World of Warcraft World of Warcraft Beta Xvid Video Codec . ==== Event Viewer Messages From Past Week ======== . 30/04/2012 9:20:17 AM, Error: Microsoft-Windows-LanguagePackSetup [1003] - CBS error 0x800f0825 reported while operating on UI Language Pack for fr-FR 30/04/2012 9:02:08 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 30/04/2012 8:59:18 AM, Error: Microsoft-Windows-LanguagePackSetup [1003] - CBS error 0x800706ba reported while operating on UI Language Pack for fr-FR 30/04/2012 8:47:54 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Skype Updater service to connect. 30/04/2012 8:47:54 AM, Error: Service Control Manager [7000] - The Skype Updater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 30/04/2012 8:47:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service SkypeUpdate with arguments "/ComService" in order to run the server: {CC957078-B838-47C4-A7CF-626E7A82FC58} 30/04/2012 8:45:55 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate1ca58b169fd7b60) service to connect. 30/04/2012 8:45:55 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate1ca58b169fd7b60) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 30/04/2012 8:45:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate1ca58b169fd7b60 with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} 30/04/2012 8:43:27 AM, Error: EventLog [6008] - The previous system shutdown at 8:38:56 AM on 30/04/2012 was unexpected. 30/04/2012 8:37:14 AM, Error: EventLog [6008] - The previous system shutdown at 8:34:10 AM on 30/04/2012 was unexpected. 30/04/2012 8:31:06 AM, Error: EventLog [6008] - The previous system shutdown at 8:28:01 AM on 30/04/2012 was unexpected. 30/04/2012 7:35:08 AM, Error: Service Control Manager [7031] - The Norton Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 30/04/2012 11:05:50 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 30/04/2012 10:31:47 AM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s). 29/04/2012 6:34:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect. 29/04/2012 6:34:27 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 29/04/2012 6:34:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED} 28/04/2012 3:20:32 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 28/04/2012 3:19:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect. 28/04/2012 3:19:36 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 28/04/2012 3:19:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} 28/04/2012 3:14:44 AM, Error: EventLog [6008] - The previous system shutdown at 3:11:48 AM on 28/04/2012 was unexpected. 24/04/2012 11:14:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the hpqwmiex service to connect. 24/04/2012 11:14:20 AM, Error: Service Control Manager [7000] - The hpqwmiex service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 24/04/2012 11:14:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E} 24/04/2012 11:13:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect. 24/04/2012 11:13:36 AM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting. 24/04/2012 11:08:07 AM, Error: EventLog [6008] - The previous system shutdown at 11:05:36 AM on 24/04/2012 was unexpected. 24/04/2012 10:59:56 AM, Error: EventLog [6008] - The previous system shutdown at 10:56:27 AM on 24/04/2012 was unexpected. 24/04/2012 10:53:00 AM, Error: EventLog [6008] - The previous system shutdown at 10:49:33 AM on 24/04/2012 was unexpected. 24/04/2012 10:47:12 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Com4QLBEx service to connect. 24/04/2012 10:47:12 AM, Error: Service Control Manager [7000] - The Com4QLBEx service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 24/04/2012 10:47:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service Com4QLBEx with arguments "" in order to run the server: {DB536E5D-10F7-4B34-B443-140161048E2E} 24/04/2012 10:43:53 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Cyberlink RichVideo Service(CRVS) service to connect. 24/04/2012 10:43:53 AM, Error: Service Control Manager [7000] - The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 24/04/2012 10:40:50 AM, Error: EventLog [6008] - The previous system shutdown at 10:25:22 AM on 24/04/2012 was unexpected. . ==== End Of File ===========================
  6. Ok ! I did the clean up with Combofix and here is my log: ComboFix 12-04-31.02 - Amy 30/04/2012 10:33:26.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2814.1622 [GMT -4:00] Running from: c:\users\Amy\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\program files\premieropinion c:\program files\premieropinion\asmcf.dat c:\program files\premieropinion\ncncf.dat c:\program files\premieropinion\nscf.dat c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar c:\programdata\Microsoft\Windows\Start Menu\Programs\PremierOpinion c:\users\Amy\AppData\Local\.# c:\users\Amy\AppData\Local\assembly\tmp c:\users\Amy\AppData\Roaming\app c:\users\Amy\AppData\Roaming\app\Jerakine_lang.dat c:\users\Amy\AppData\Roaming\app\Jerakine_lang_vesrion.dat c:\users\Amy\AppData\Roaming\RIFT c:\users\Amy\AppData\Roaming\RIFT\rift.cfg c:\users\Amy\AppData\Roaming\WeatherDPA c:\users\Amy\Documents\~WRL0430.tmp c:\users\Amy\Documents\~WRL0440.tmp c:\users\Amy\Documents\~WRL0616.tmp c:\users\Amy\Documents\~WRL1002.tmp c:\users\Amy\Documents\~WRL1029.tmp c:\users\Amy\Documents\~WRL1966.tmp c:\users\Amy\Documents\~WRL2188.tmp c:\users\Amy\Documents\~WRL2256.tmp c:\users\Amy\Documents\~WRL2391.tmp c:\users\Amy\Documents\~WRL2677.tmp c:\users\Amy\Documents\~WRL2759.tmp c:\users\Amy\Documents\~WRL2766.tmp c:\users\Amy\Documents\~WRL2932.tmp c:\users\Amy\Documents\~WRL3112.tmp c:\users\Amy\Documents\~WRL3191.tmp c:\users\Amy\Documents\~WRL3611.tmp c:\users\Amy\Documents\~WRL3627.tmp c:\users\Amy\Documents\~WRL3786.tmp c:\users\Amy\Documents\~WRL3950.tmp c:\users\Amy\Documents\~WRL4082.tmp c:\windows\system32\spsys.log . . ((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-30 ))))))))))))))))))))))))))))))) . . 2012-04-30 15:01 . 2012-04-30 15:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-30 15:01 . 2012-04-30 15:01 -------- d-----w- c:\users\Shamrock Produktions\AppData\Local\temp 2012-04-30 12:58 . 2012-04-30 12:58 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-30 02:00 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-30 02:00 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll 2012-04-30 02:00 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-30 02:00 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-30 01:58 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-30 01:58 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-30 01:48 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys 2012-04-30 01:48 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll 2012-04-30 01:48 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-30 01:48 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2012-04-30 01:41 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-04-30 01:41 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-04-30 01:41 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-04-30 01:41 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-04-30 01:40 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-04-29 19:52 . 2012-04-29 19:52 -------- d-----w- c:\program files\Trend Micro 2012-04-29 18:34 . 2012-04-29 18:34 -------- d-----w- c:\users\Amy\AppData\Roaming\Malwarebytes 2012-04-26 19:15 . 2012-04-26 19:15 -------- d-----w- c:\users\Amy\AppData\Roaming\yess 2012-04-23 12:59 . 2012-04-30 15:00 -------- d-----w- c:\users\Amy\AppData\Local\assembly 2012-04-23 12:58 . 2012-04-23 17:10 -------- d-----w- c:\program files\NCSoft 2012-04-23 12:55 . 2012-04-23 12:55 -------- d-----w- c:\users\Amy\AppData\Roaming\InstallShield 2012-04-20 07:29 . 2012-04-29 18:19 -------- d-----w- c:\program files\World of Warcraft Beta 2012-04-17 16:48 . 2012-04-17 16:50 -------- d-----w- c:\users\Amy\AppData\Roaming\Digiarty 2012-04-17 16:47 . 2012-04-17 16:50 -------- d-----w- c:\program files\Digiarty 2012-04-17 16:37 . 2012-04-17 16:37 -------- d-----w- c:\users\Amy\AppData\Roaming\Apowersoft 2012-04-17 16:26 . 2012-04-17 16:26 -------- d-----w- c:\programdata\NCH Software 2012-04-17 16:26 . 2012-04-17 16:27 -------- d-----w- c:\users\Amy\AppData\Roaming\NCH Software 2012-04-13 12:42 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-13 06:00 . 2012-04-13 06:02 -------- d-----w- c:\programdata\Battle.net 2012-04-03 22:08 . 2012-04-03 22:08 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\5807e0d01cd11e604\MeshBetaRemover.exe 2012-04-03 22:07 . 2012-04-03 22:07 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\38f096b01cd11e603\DSETUP.dll 2012-04-03 22:07 . 2012-04-03 22:07 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\38f096b01cd11e603\DXSETUP.exe 2012-04-03 22:07 . 2012-04-03 22:07 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\38f096b01cd11e603\dsetup32.dll 2012-04-03 22:07 . 2012-04-03 22:07 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\2e4061f01cd11e602\DSETUP.dll 2012-04-03 22:07 . 2012-04-03 22:07 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\2e4061f01cd11e602\DXSETUP.exe 2012-04-03 22:07 . 2012-04-03 22:07 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\2e4061f01cd11e602\dsetup32.dll 2012-04-02 13:18 . 2012-04-02 13:18 -------- d-----w- c:\program files\Common Files\Skype 2012-04-02 08:02 . 2010-01-13 20:48 230752 ----a-w- c:\windows\patchw32.dll 2012-04-02 07:39 . 2012-04-20 08:17 -------- d-----w- c:\program files\Outspark 2012-04-02 06:03 . 2012-04-11 00:22 -------- d-----w- c:\users\Amy\AppData\Local\PMB Files 2012-04-02 06:02 . 2012-04-02 06:03 -------- d-----w- c:\programdata\PMB Files 2012-04-02 06:01 . 2012-04-02 06:02 -------- d-----w- c:\program files\Pando Networks . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-30 13:00 . 2006-11-02 07:36 79416 ----a-w- c:\windows\system32\drivers\arc.sys 2012-04-19 19:28 . 2010-10-07 21:49 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-29 22:45 . 2011-03-28 22:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-03-09 20:03 . 2011-07-11 23:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\system32\sirenacm.dll 2012-02-04 01:20 . 2012-02-04 01:20 0 ---ha-w- c:\users\Amy\AppData\Local\BIT4060.tmp 2012-02-04 01:18 . 2012-02-04 01:18 0 ---ha-w- c:\users\Amy\AppData\Local\BIT31CC.tmp 2012-02-04 01:18 . 2012-02-04 01:18 0 ---ha-w- c:\users\Amy\AppData\Local\BIT1382.tmp 2012-02-04 01:12 . 2012-02-04 01:12 0 ---ha-w- c:\users\Amy\AppData\Local\BITF9B.tmp 2012-02-04 01:12 . 2012-02-04 01:12 0 ---ha-w- c:\users\Amy\AppData\Local\BIT1289.tmp 2012-02-02 18:57 . 2012-02-02 18:57 808440 ----a-w- c:\windows\system32\CDDBUI.dll 2012-02-02 18:57 . 2012-02-02 18:57 796152 ----a-w- c:\windows\system32\CDDBControl.dll 2012-02-02 18:57 . 2012-02-02 18:57 169464 ----a-w- c:\windows\system32\CddbLangRU.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] 2011-01-17 14:54 175912 ----a-w- c:\program files\Freecorder\prxtbFre0.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-03-13 03:10 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-04 21:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912] "{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"= "c:\program files\Astroburn Toolbar\ABToolbar.dll" [2011-05-23 1000768] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{efeed92a-a33d-4873-ba8f-32baa631e54d}] [HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1] [HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}] [HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912] "{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"= "c:\program files\Astroburn Toolbar\ABToolbar.dll" [2011-05-23 1000768] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_CLASSES_ROOT\clsid\{efeed92a-a33d-4873-ba8f-32baa631e54d}] [HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1] [HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}] [HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-15 39408] "Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192] "Akamai NetSession Interface"="c:\users\Amy\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552] "Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2008-12-03 542136] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264] "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-13 982880] "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-05 928096] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Gestionnaire Antidote.exe"="c:\progra~1\Druide\Antidote\Gestionnaire Antidote.exe" [2008-12-03 542136] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 90611446 *Deregistered* - 90611446 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache Akamai REG_MULTI_SZ Akamai . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd09fc6922bb47.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-29 16:03] . 2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc4fb9b1e3d4eb.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-29 16:03] . 2011-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-171740006-2288968661-193012664-1000Core1cc6ed19e0acd30.job - c:\users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-13 06:22] . 2012-04-30 c:\windows\Tasks\HPCeeScheduleForAmy.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-20 18:34] . 2011-06-20 c:\windows\Tasks\{00C89A4D-BFCA-4C33-B8FF-A508499176F5}.job - c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55] . 2011-09-10 c:\windows\Tasks\{783DD85C-1A5E-4A67-8897-EBE35CDC7725}.job - c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55] . 2011-09-19 c:\windows\Tasks\{79F2124E-BEF3-4197-AE52-380354712124}.job - c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55] . 2011-10-16 c:\windows\Tasks\{99FA5890-163B-4958-B01E-E89675AB52FD}.job - c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55] . 2011-08-23 c:\windows\Tasks\{B732499B-DD1D-4805-9608-65F11F731AE5}.job - c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55] . 2011-10-07 c:\windows\Tasks\{E879C9BF-E54D-416E-BF81-FBAAB9AA589A}.job - c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Save video on Savevid.com - c:\program files\Savevid\redirect.htm Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.0.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) HKCU-Run-fsm - (no file) HKCU-Run-AdobeBridge - (no file) HKCU-Run-PlayNC Launcher - (no file) HKLM-Run-PLFSetL - c:\windows\PLFSetL.exe SafeBoot-90611446.sys AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-30 11:06 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice] @Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000) @Denied: (2) (LocalSystem) "Progid"="SafariDownload" . [HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000) @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000) @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice] @Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000) @Denied: (2) (LocalSystem) "Progid"="SafariExtension" . [HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000) @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice] @Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000) @Denied: (2) (LocalSystem) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice] @Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000) @Denied: (2) (LocalSystem) "Progid"="SafariHTML" . [HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000) @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000) @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice] @Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000) @Denied: (2) (LocalSystem) "Progid"="SafariHTML" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2012-04-30 11:14:15 ComboFix-quarantined-files.txt 2012-04-30 15:13 . Pre-Run: 17,921,880,064 bytes free Post-Run: 33,289,764,864 bytes free . - - End Of File - - 44F2085D41F63BCEC729FCEB7CE37717
  7. Hmmm I'm a little unsure on what to do. My computer doesn't have high ''private'' information except for my debit card account. I do believe a re-instal and reformat would be good. I've been having these problems for a while and to be honest, haha I just want to get rid of it all and start over. I'm not too sure how that works though. That's re-installing everything right? The laptop I am using right now has a broken screen, so I am forced to use a separate screen connected to it that only ''activates'' on log in. I've tried re-installing Vista and everything in the past but with the separate screen, I can't see the first screens where the ''install'' would show normally. Also, I'm assuming that would require the original disc I downloaded Vista with on my computer? What do you believe I should do about the screen issue. Is there a way to re-instal and re-format while using my separate screen? If yes, any more information you could give?
  8. 08:54:40.0541 5304 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43 08:54:41.0415 5304 ============================================================ 08:54:41.0415 5304 Current date / time: 2012/04/30 08:54:41.0415 08:54:41.0415 5304 SystemInfo: 08:54:41.0415 5304 08:54:41.0415 5304 OS Version: 6.0.6002 ServicePack: 2.0 08:54:41.0415 5304 Product type: Workstation 08:54:41.0415 5304 ComputerName: AMY-PC 08:54:41.0415 5304 UserName: Amy 08:54:41.0415 5304 Windows directory: C:\Windows 08:54:41.0415 5304 System windows directory: C:\Windows 08:54:41.0415 5304 Processor architecture: Intel x86 08:54:41.0415 5304 Number of processors: 2 08:54:41.0415 5304 Page size: 0x1000 08:54:41.0415 5304 Boot type: Normal boot 08:54:41.0415 5304 ============================================================ 08:54:50.0151 5304 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 08:54:50.0182 5304 ============================================================ 08:54:50.0182 5304 \Device\Harddisk0\DR0: 08:54:50.0197 5304 MBR partitions: 08:54:50.0197 5304 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BC55000 08:54:50.0197 5304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BC55800, BlocksNum 0x156E800 08:54:50.0197 5304 ============================================================ 08:54:50.0775 5304 C: <-> \Device\Harddisk0\DR0\Partition0 08:54:51.0414 5304 D: <-> \Device\Harddisk0\DR0\Partition1 08:54:51.0414 5304 ============================================================ 08:54:51.0414 5304 Initialize success 08:54:51.0414 5304 ============================================================ 08:55:32.0317 4900 ============================================================ 08:55:32.0317 4900 Scan started 08:55:32.0317 4900 Mode: Manual; 08:55:32.0317 4900 ============================================================ 08:55:36.0389 4900 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 08:55:36.0405 4900 ACPI - ok 08:55:36.0561 4900 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 08:55:36.0654 4900 adp94xx - ok 08:55:36.0779 4900 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 08:55:36.0826 4900 adpahci - ok 08:55:36.0841 4900 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 08:55:36.0841 4900 adpu160m - ok 08:55:36.0857 4900 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 08:55:36.0857 4900 adpu320 - ok 08:55:36.0904 4900 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 08:55:36.0904 4900 AeLookupSvc - ok 08:55:37.0044 4900 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 08:55:37.0091 4900 AFD - ok 08:55:37.0278 4900 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 08:55:37.0325 4900 agp440 - ok 08:55:37.0356 4900 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 08:55:37.0356 4900 aic78xx - ok 08:55:39.0946 4900 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files\common files\akamai/netsession_win_6c825ce.dll 08:55:39.0946 4900 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7 08:55:39.0961 4900 Akamai ( HiddenFile.Multi.Generic ) - warning 08:55:39.0961 4900 Akamai - detected HiddenFile.Multi.Generic (1) 08:55:40.0383 4900 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 08:55:40.0383 4900 ALG - ok 08:55:40.0476 4900 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys 08:55:40.0554 4900 aliide - ok 08:55:40.0897 4900 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 08:55:40.0913 4900 amdagp - ok 08:55:41.0116 4900 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys 08:55:41.0116 4900 amdide - ok 08:55:41.0163 4900 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 08:55:41.0178 4900 AmdK7 - ok 08:55:41.0350 4900 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 08:55:41.0397 4900 AmdK8 - ok 08:55:41.0459 4900 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 08:55:41.0459 4900 Appinfo - ok 08:55:43.0503 4900 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 08:55:43.0518 4900 Apple Mobile Device - ok 08:55:43.0893 4900 arc (df9daabdc58cb616af5396088d402482) C:\Windows\system32\drivers\arc.sys 08:55:43.0893 4900 Suspicious file (Forged): C:\Windows\system32\drivers\arc.sys. Real md5: df9daabdc58cb616af5396088d402482, Fake md5: 5d2888182fb46632511acee92fdad522 08:55:43.0893 4900 arc ( Rootkit.Win32.TDSS.tdl3 ) - infected 08:55:43.0893 4900 arc - detected Rootkit.Win32.TDSS.tdl3 (0) 08:55:44.0111 4900 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 08:55:44.0127 4900 arcsas - ok 08:55:44.0142 4900 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 08:55:44.0158 4900 AsyncMac - ok 08:55:44.0205 4900 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 08:55:44.0220 4900 atapi - ok 08:55:44.0891 4900 athr (02d34ac487df3da4e3f01874e61eb619) C:\Windows\system32\DRIVERS\athr.sys 08:55:44.0938 4900 athr - ok 08:55:44.0969 4900 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 08:55:44.0969 4900 AudioEndpointBuilder - ok 08:55:44.0985 4900 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 08:55:44.0985 4900 Audiosrv - ok 08:55:45.0546 4900 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe 08:55:45.0655 4900 AVG Security Toolbar Service - ok 08:55:48.0931 4900 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe 08:55:49.0321 4900 AVGIDSAgent - ok 08:55:50.0039 4900 AVGIDSDriver (1c8d965bbcaa9ee5defdb54743437086) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 08:55:50.0055 4900 AVGIDSDriver - ok 08:55:50.0226 4900 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 08:55:50.0226 4900 AVGIDSEH - ok 08:55:50.0429 4900 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 08:55:50.0445 4900 AVGIDSFilter - ok 08:55:50.0554 4900 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 08:55:50.0569 4900 AVGIDSShim - ok 08:55:50.0632 4900 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys 08:55:50.0632 4900 Avgldx86 - ok 08:55:50.0913 4900 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys 08:55:50.0913 4900 Avgmfx86 - ok 08:55:50.0959 4900 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys 08:55:50.0975 4900 Avgrkx86 - ok 08:55:51.0396 4900 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys 08:55:51.0661 4900 Avgtdix - ok 08:55:52.0254 4900 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files\AVG\AVG10\avgwdsvc.exe 08:55:52.0254 4900 avgwd - ok 08:55:53.0081 4900 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 08:55:53.0284 4900 Beep - ok 08:55:53.0923 4900 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll 08:55:54.0095 4900 BFE - ok 08:55:55.0000 4900 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll 08:55:55.0187 4900 BITS - ok 08:55:55.0296 4900 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 08:55:55.0296 4900 blbdrive - ok 08:55:55.0920 4900 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe 08:55:55.0983 4900 Bonjour Service - ok 08:55:56.0076 4900 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 08:55:56.0201 4900 bowser - ok 08:55:56.0373 4900 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 08:55:56.0373 4900 BrFiltLo - ok 08:55:56.0404 4900 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 08:55:56.0404 4900 BrFiltUp - ok 08:55:56.0513 4900 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 08:55:56.0513 4900 Browser - ok 08:55:56.0560 4900 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 08:55:56.0575 4900 Brserid - ok 08:55:56.0622 4900 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 08:55:56.0622 4900 BrSerWdm - ok 08:55:56.0638 4900 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 08:55:56.0653 4900 BrUsbMdm - ok 08:55:56.0669 4900 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 08:55:56.0669 4900 BrUsbSer - ok 08:55:56.0731 4900 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 08:55:56.0825 4900 BTHMODEM - ok 08:55:56.0950 4900 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 08:55:56.0950 4900 cdfs - ok 08:55:56.0997 4900 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 08:55:56.0997 4900 cdrom - ok 08:55:57.0012 4900 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 08:55:57.0012 4900 CertPropSvc - ok 08:55:57.0043 4900 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 08:55:57.0043 4900 circlass - ok 08:55:57.0090 4900 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 08:55:57.0184 4900 CLFS - ok 08:55:57.0262 4900 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 08:55:57.0262 4900 clr_optimization_v2.0.50727_32 - ok 08:55:58.0042 4900 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 08:55:58.0167 4900 clr_optimization_v4.0.30319_32 - ok 08:55:58.0213 4900 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 08:55:58.0245 4900 CmBatt - ok 08:55:58.0276 4900 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys 08:55:58.0276 4900 cmdide - ok 08:55:58.0494 4900 CnxtHdAudService (1adf6f4852e7d7e2e8ac481bdb970586) C:\Windows\system32\drivers\CHDRT32.sys 08:55:58.0588 4900 CnxtHdAudService - ok 08:55:58.0822 4900 Com4QLBEx (7795f8cebc284a426b53f541e538695f) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 08:55:58.0822 4900 Com4QLBEx - ok 08:55:58.0869 4900 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 08:55:58.0869 4900 Compbatt - ok 08:55:58.0884 4900 COMSysApp - ok 08:55:58.0884 4900 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 08:55:58.0900 4900 crcdisk - ok 08:55:58.0931 4900 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 08:55:58.0931 4900 Crusoe - ok 08:55:59.0103 4900 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll 08:55:59.0103 4900 CryptSvc - ok 08:55:59.0181 4900 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 08:55:59.0181 4900 DcomLaunch - ok 08:55:59.0274 4900 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 08:55:59.0274 4900 DfsC - ok 08:55:59.0586 4900 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 08:55:59.0805 4900 DFSR - ok 08:56:00.0132 4900 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 08:56:00.0132 4900 Dhcp - ok 08:56:00.0241 4900 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 08:56:00.0273 4900 disk - ok 08:56:00.0366 4900 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll 08:56:00.0366 4900 Dnscache - ok 08:56:00.0413 4900 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 08:56:00.0413 4900 dot3svc - ok 08:56:00.0475 4900 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 08:56:00.0475 4900 DPS - ok 08:56:00.0585 4900 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 08:56:00.0600 4900 drmkaud - ok 08:56:00.0678 4900 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 08:56:01.0006 4900 DXGKrnl - ok 08:56:01.0131 4900 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 08:56:01.0131 4900 E1G60 - ok 08:56:01.0162 4900 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 08:56:01.0162 4900 EapHost - ok 08:56:01.0645 4900 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 08:56:01.0755 4900 Ecache - ok 08:56:02.0051 4900 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 08:56:02.0160 4900 ehRecvr - ok 08:56:02.0347 4900 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 08:56:02.0363 4900 ehSched - ok 08:56:02.0488 4900 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 08:56:02.0488 4900 ehstart - ok 08:56:02.0597 4900 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 08:56:02.0675 4900 elxstor - ok 08:56:02.0862 4900 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 08:56:02.0862 4900 EMDMgmt - ok 08:56:02.0893 4900 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 08:56:02.0909 4900 ErrDev - ok 08:56:03.0003 4900 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 08:56:03.0003 4900 EventSystem - ok 08:56:03.0783 4900 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 08:56:03.0985 4900 exfat - ok 08:56:04.0719 4900 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 08:56:04.0937 4900 fastfat - ok 08:56:05.0171 4900 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 08:56:05.0171 4900 fdc - ok 08:56:05.0327 4900 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 08:56:05.0374 4900 fdPHost - ok 08:56:05.0623 4900 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 08:56:05.0623 4900 FDResPub - ok 08:56:06.0216 4900 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 08:56:06.0279 4900 FileInfo - ok 08:56:06.0653 4900 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 08:56:06.0715 4900 Filetrace - ok 08:56:09.0165 4900 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 08:56:09.0258 4900 FLEXnet Licensing Service - ok 08:56:09.0274 4900 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 08:56:09.0289 4900 flpydisk - ok 08:56:09.0399 4900 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 08:56:09.0508 4900 FltMgr - ok 08:56:10.0662 4900 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll 08:56:10.0803 4900 FontCache - ok 08:56:10.0943 4900 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 08:56:10.0959 4900 FontCache3.0.0.0 - ok 08:56:11.0099 4900 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys 08:56:11.0099 4900 Fs_Rec - ok 08:56:11.0255 4900 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 08:56:11.0255 4900 gagp30kx - ok 08:56:11.0817 4900 GameConsoleService (6858c318e8daa40e747e6fb9b214e104) C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe 08:56:11.0817 4900 GameConsoleService - ok 08:56:11.0926 4900 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 08:56:11.0988 4900 GEARAspiWDM - ok 08:56:12.0175 4900 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 08:56:12.0253 4900 gpsvc - ok 08:56:12.0909 4900 gupdate1ca58b169fd7b60 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 08:56:12.0924 4900 gupdate1ca58b169fd7b60 - ok 08:56:13.0080 4900 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 08:56:13.0080 4900 gupdatem - ok 08:56:13.0205 4900 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 08:56:13.0314 4900 gusvc - ok 08:56:13.0361 4900 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 08:56:13.0439 4900 HdAudAddService - ok 08:56:13.0501 4900 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 08:56:13.0595 4900 HDAudBus - ok 08:56:13.0611 4900 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 08:56:13.0611 4900 HidBth - ok 08:56:13.0642 4900 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 08:56:13.0642 4900 HidIr - ok 08:56:13.0673 4900 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll 08:56:13.0673 4900 hidserv - ok 08:56:13.0735 4900 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 08:56:13.0735 4900 HidUsb - ok 08:56:13.0923 4900 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 08:56:13.0923 4900 hkmsvc - ok 08:56:14.0547 4900 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe 08:56:14.0547 4900 HP Health Check Service - ok 08:56:14.0640 4900 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 08:56:14.0640 4900 HpCISSs - ok 08:56:14.0812 4900 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 08:56:14.0827 4900 HpqKbFiltr - ok 08:56:14.0952 4900 hpqwmiex (1665c7121a026df10c903db9bc5e9d43) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 08:56:14.0968 4900 hpqwmiex - ok 08:56:15.0342 4900 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys 08:56:15.0514 4900 HSF_DPV - ok 08:56:15.0529 4900 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 08:56:15.0545 4900 HSXHWAZL - ok 08:56:15.0717 4900 HTTP (4d6eb87dcabfd66221822f49cfd79077) C:\Windows\system32\drivers\HTTP.sys 08:56:15.0810 4900 HTTP - ok 08:56:15.0841 4900 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 08:56:15.0841 4900 i2omp - ok 08:56:15.0951 4900 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 08:56:16.0060 4900 i8042prt - ok 08:56:16.0200 4900 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 08:56:16.0325 4900 iaStorV - ok 08:56:16.0809 4900 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 08:56:16.0887 4900 IDriverT - ok 08:56:17.0557 4900 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 08:56:17.0713 4900 idsvc - ok 08:56:17.0760 4900 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 08:56:17.0760 4900 iirsp - ok 08:56:17.0807 4900 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 08:56:17.0916 4900 IKEEXT - ok 08:56:17.0932 4900 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys 08:56:17.0947 4900 intelide - ok 08:56:17.0963 4900 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 08:56:17.0979 4900 intelppm - ok 08:56:18.0025 4900 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 08:56:18.0025 4900 IPBusEnum - ok 08:56:18.0072 4900 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 08:56:18.0088 4900 IpFilterDriver - ok 08:56:18.0400 4900 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll 08:56:18.0415 4900 iphlpsvc - ok 08:56:18.0447 4900 IpInIp - ok 08:56:18.0634 4900 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 08:56:18.0759 4900 IPMIDRV - ok 08:56:18.0790 4900 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 08:56:18.0790 4900 IPNAT - ok 08:56:19.0133 4900 iPod Service (6e27978a4755f4789f912f5f49392f7c) C:\Program Files\iPod\bin\iPodService.exe 08:56:19.0320 4900 iPod Service - ok 08:56:19.0336 4900 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 08:56:19.0351 4900 IRENUM - ok 08:56:19.0414 4900 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 08:56:19.0570 4900 isapnp - ok 08:56:19.0601 4900 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 08:56:19.0601 4900 iScsiPrt - ok 08:56:19.0617 4900 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 08:56:19.0632 4900 iteatapi - ok 08:56:19.0648 4900 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 08:56:19.0663 4900 iteraid - ok 08:56:19.0679 4900 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 08:56:19.0679 4900 kbdclass - ok 08:56:19.0710 4900 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys 08:56:19.0710 4900 kbdhid - ok 08:56:19.0851 4900 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 08:56:19.0866 4900 KeyIso - ok 08:56:19.0913 4900 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 08:56:19.0929 4900 KSecDD - ok 08:56:19.0975 4900 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 08:56:19.0991 4900 KtmRm - ok 08:56:20.0209 4900 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll 08:56:20.0209 4900 LanmanServer - ok 08:56:20.0381 4900 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll 08:56:20.0428 4900 LanmanWorkstation - ok 08:56:21.0239 4900 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files\Common Files\LightScribe\LSSrvc.exe 08:56:21.0255 4900 LightScribeService - ok 08:56:21.0364 4900 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 08:56:21.0395 4900 lltdio - ok 08:56:21.0879 4900 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 08:56:21.0941 4900 lltdsvc - ok 08:56:22.0035 4900 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 08:56:22.0128 4900 lmhosts - ok 08:56:22.0206 4900 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 08:56:22.0393 4900 LSI_FC - ok 08:56:22.0409 4900 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 08:56:22.0425 4900 LSI_SAS - ok 08:56:22.0440 4900 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 08:56:22.0440 4900 LSI_SCSI - ok 08:56:22.0456 4900 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 08:56:22.0471 4900 luafv - ok 08:56:22.0534 4900 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys 08:56:22.0549 4900 MBAMProtector - ok 08:56:22.0768 4900 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 08:56:22.0908 4900 MBAMService - ok 08:56:22.0955 4900 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll 08:56:22.0971 4900 Mcx2Svc - ok 08:56:23.0080 4900 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 08:56:23.0080 4900 mdmxsdk - ok 08:56:23.0205 4900 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 08:56:23.0220 4900 megasas - ok 08:56:23.0797 4900 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 08:56:24.0016 4900 MegaSR - ok 08:56:24.0078 4900 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 08:56:24.0172 4900 MMCSS - ok 08:56:24.0250 4900 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 08:56:24.0265 4900 Modem - ok 08:56:24.0312 4900 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 08:56:24.0328 4900 monitor - ok 08:56:24.0421 4900 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 08:56:24.0546 4900 mouclass - ok 08:56:24.0593 4900 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 08:56:24.0593 4900 mouhid - ok 08:56:24.0640 4900 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 08:56:24.0655 4900 MountMgr - ok 08:56:24.0765 4900 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 08:56:24.0889 4900 mpio - ok 08:56:24.0905 4900 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 08:56:24.0921 4900 mpsdrv - ok 08:56:24.0983 4900 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll 08:56:25.0186 4900 MpsSvc - ok 08:56:25.0201 4900 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 08:56:25.0201 4900 Mraid35x - ok 08:56:25.0279 4900 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 08:56:25.0295 4900 MRxDAV - ok 08:56:25.0373 4900 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 08:56:25.0373 4900 mrxsmb - ok 08:56:25.0482 4900 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 08:56:25.0513 4900 mrxsmb10 - ok 08:56:25.0576 4900 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 08:56:25.0685 4900 mrxsmb20 - ok 08:56:25.0716 4900 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys 08:56:25.0716 4900 msahci - ok 08:56:25.0732 4900 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 08:56:25.0747 4900 msdsm - ok 08:56:25.0779 4900 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 08:56:25.0888 4900 MSDTC - ok 08:56:25.0935 4900 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 08:56:25.0935 4900 Msfs - ok 08:56:25.0950 4900 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 08:56:25.0966 4900 msisadrv - ok 08:56:25.0997 4900 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 08:56:26.0013 4900 MSiSCSI - ok 08:56:26.0013 4900 msiserver - ok 08:56:26.0044 4900 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 08:56:26.0059 4900 MSKSSRV - ok 08:56:26.0091 4900 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 08:56:26.0106 4900 MSPCLOCK - ok 08:56:26.0153 4900 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 08:56:26.0153 4900 MSPQM - ok 08:56:26.0278 4900 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 08:56:26.0293 4900 MsRPC - ok 08:56:26.0418 4900 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 08:56:26.0418 4900 mssmbios - ok 08:56:26.0637 4900 MSSQL$SONY_MEDIAMGR - ok 08:56:26.0746 4900 MSSQLServerADHelper (cb7524c21727404bd3140dca32deb7de) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe 08:56:26.0808 4900 MSSQLServerADHelper - ok 08:56:26.0871 4900 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 08:56:26.0871 4900 MSTEE - ok 08:56:26.0902 4900 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 08:56:26.0902 4900 Mup - ok 08:56:27.0089 4900 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 08:56:27.0105 4900 napagent - ok 08:56:27.0323 4900 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 08:56:27.0417 4900 NativeWifiP - ok 08:56:27.0635 4900 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 08:56:27.0744 4900 NDIS - ok 08:56:27.0838 4900 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 08:56:27.0853 4900 NdisTapi - ok 08:56:27.0963 4900 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 08:56:27.0963 4900 Ndisuio - ok 08:56:28.0009 4900 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 08:56:28.0119 4900 NdisWan - ok 08:56:28.0212 4900 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 08:56:28.0212 4900 NDProxy - ok 08:56:28.0321 4900 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 08:56:28.0415 4900 NetBIOS - ok 08:56:28.0571 4900 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 08:56:28.0696 4900 netbt - ok 08:56:28.0789 4900 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 08:56:28.0789 4900 Netlogon - ok 08:56:29.0117 4900 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 08:56:29.0382 4900 Netman - ok 08:56:29.0491 4900 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 08:56:29.0491 4900 netprofm - ok 08:56:30.0084 4900 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 08:56:30.0100 4900 NetTcpPortSharing - ok 08:56:30.0724 4900 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys 08:56:30.0849 4900 NETw3v32 - ok 08:56:31.0644 4900 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 08:56:31.0769 4900 nfrd960 - ok 08:56:31.0816 4900 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 08:56:31.0831 4900 NlaSvc - ok 08:56:31.0863 4900 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 08:56:31.0863 4900 Npfs - ok 08:56:31.0894 4900 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 08:56:31.0894 4900 nsi - ok 08:56:31.0925 4900 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 08:56:31.0925 4900 nsiproxy - ok 08:56:32.0143 4900 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 08:56:32.0424 4900 Ntfs - ok 08:56:32.0518 4900 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 08:56:32.0518 4900 ntrigdigi - ok 08:56:32.0549 4900 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 08:56:32.0565 4900 Null - ok 08:56:32.0908 4900 NVENETFD (ae78a7285df03a277415fc62f8ce8f24) C:\Windows\system32\DRIVERS\nvmfdx32.sys 08:56:33.0126 4900 NVENETFD - ok 08:56:33.0173 4900 NVHDA (b0dd52428bf564f5fc5ee331060be2a6) C:\Windows\system32\drivers\nvhda32v.sys 08:56:33.0173 4900 NVHDA - ok 08:56:35.0731 4900 nvlddmkm (9dac05d828e56801fd6ce5fdfced64af) C:\Windows\system32\DRIVERS\nvlddmkm.sys 08:56:36.0496 4900 nvlddmkm - ok 08:56:37.0822 4900 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 08:56:37.0837 4900 nvraid - ok 08:56:37.0884 4900 nvsmu (0fb6bf3ab170fc5bd403d25e134eafde) C:\Windows\system32\DRIVERS\nvsmu.sys 08:56:37.0900 4900 nvsmu - ok 08:56:38.0134 4900 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 08:56:38.0165 4900 nvstor - ok 08:56:38.0524 4900 nvsvc (51e7f2c26b6ece61c5241f1f731eab2b) C:\Windows\system32\nvvsvc.exe 08:56:38.0664 4900 nvsvc - ok 08:56:38.0758 4900 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 08:56:38.0773 4900 nv_agp - ok 08:56:38.0773 4900 NwlnkFlt - ok 08:56:38.0789 4900 NwlnkFwd - ok 08:56:39.0444 4900 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 08:56:39.0959 4900 odserv - ok 08:56:40.0255 4900 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys 08:56:40.0271 4900 ohci1394 - ok 08:56:40.0614 4900 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 08:56:40.0645 4900 ose - ok 08:56:41.0503 4900 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 08:56:41.0644 4900 p2pimsvc - ok 08:56:41.0659 4900 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 08:56:41.0675 4900 p2psvc - ok 08:56:41.0909 4900 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 08:56:41.0925 4900 Parport - ok 08:56:42.0034 4900 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 08:56:42.0049 4900 partmgr - ok 08:56:42.0096 4900 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 08:56:42.0096 4900 Parvdm - ok 08:56:42.0174 4900 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 08:56:42.0174 4900 PcaSvc - ok 08:56:42.0439 4900 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 08:56:42.0455 4900 pci - ok 08:56:42.0580 4900 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 08:56:42.0595 4900 pciide - ok 08:56:42.0798 4900 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 08:56:42.0829 4900 pcmcia - ok 08:56:43.0266 4900 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 08:56:43.0329 4900 PEAUTH - ok 08:56:44.0483 4900 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 08:56:44.0935 4900 pla - ok 08:56:46.0511 4900 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 08:56:46.0511 4900 PlugPlay - ok 08:56:46.0870 4900 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 08:56:46.0870 4900 PNRPAutoReg - ok 08:56:46.0901 4900 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 08:56:46.0917 4900 PNRPsvc - ok 08:56:47.0166 4900 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 08:56:47.0244 4900 PolicyAgent - ok 08:56:47.0400 4900 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 08:56:47.0416 4900 PptpMiniport - ok 08:56:47.0541 4900 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys 08:56:47.0541 4900 Processor - ok 08:56:47.0697 4900 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 08:56:47.0712 4900 ProfSvc - ok 08:56:47.0790 4900 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 08:56:47.0806 4900 ProtectedStorage - ok 08:56:47.0899 4900 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 08:56:47.0915 4900 PSched - ok 08:56:48.0539 4900 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 08:56:48.0695 4900 ql2300 - ok 08:56:48.0851 4900 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 08:56:48.0913 4900 ql40xx - ok 08:56:49.0101 4900 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 08:56:49.0132 4900 QWAVE - ok 08:56:49.0210 4900 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 08:56:49.0210 4900 QWAVEdrv - ok 08:56:49.0257 4900 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 08:56:49.0303 4900 RasAcd - ok 08:56:49.0475 4900 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 08:56:49.0537 4900 RasAuto - ok 08:56:49.0615 4900 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 08:56:49.0662 4900 Rasl2tp - ok 08:56:49.0912 4900 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 08:56:49.0974 4900 RasMan - ok 08:56:50.0005 4900 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 08:56:50.0005 4900 RasPppoe - ok 08:56:50.0161 4900 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 08:56:50.0286 4900 RasSstp - ok 08:56:50.0692 4900 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 08:56:50.0895 4900 rdbss - ok 08:56:50.0926 4900 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 08:56:50.0941 4900 RDPCDD - ok 08:56:53.0032 4900 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 08:56:53.0110 4900 rdpdr - ok 08:56:53.0141 4900 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 08:56:53.0188 4900 RDPENCDD - ok 08:56:53.0578 4900 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys 08:56:53.0656 4900 RDPWD - ok 08:56:54.0280 4900 Recovery Service for Windows (0d362785bef9bdf5a6e1f4628d06716d) C:\Program Files\SMINST\BLService.exe 08:56:54.0311 4900 Recovery Service for Windows - ok 08:56:54.0373 4900 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 08:56:54.0373 4900 RemoteAccess - ok 08:56:54.0483 4900 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 08:56:54.0498 4900 RemoteRegistry - ok 08:56:55.0122 4900 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files\CyberLink\Shared files\RichVideo.exe 08:56:55.0138 4900 RichVideo - ok 08:56:55.0309 4900 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 08:56:55.0372 4900 RpcLocator - ok 08:56:57.0727 4900 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 08:56:57.0743 4900 RpcSs - ok 08:56:58.0055 4900 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 08:56:58.0071 4900 rspndr - ok 08:56:58.0211 4900 RTSTOR (8dab5975b5c7923d61506a48e251dbad) C:\Windows\system32\drivers\RTSTOR.SYS 08:56:58.0211 4900 RTSTOR - ok 08:56:58.0336 4900 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 08:56:58.0383 4900 SamSs - ok 08:56:58.0554 4900 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 08:56:58.0632 4900 sbp2port - ok 08:56:58.0741 4900 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 08:56:58.0804 4900 SCardSvr - ok 08:56:59.0241 4900 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll 08:56:59.0319 4900 Schedule - ok 08:56:59.0365 4900 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 08:56:59.0365 4900 SCPolicySvc - ok 08:56:59.0428 4900 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys 08:56:59.0443 4900 sdbus - ok 08:56:59.0599 4900 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 08:56:59.0662 4900 SDRSVC - ok 08:56:59.0755 4900 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 08:56:59.0755 4900 secdrv - ok 08:56:59.0896 4900 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 08:56:59.0911 4900 seclogon - ok 08:56:59.0989 4900 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll 08:57:00.0005 4900 SENS - ok 08:57:00.0052 4900 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 08:57:00.0052 4900 Serenum - ok 08:57:00.0192 4900 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 08:57:00.0208 4900 Serial - ok 08:57:00.0223 4900 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 08:57:00.0223 4900 sermouse - ok 08:57:00.0333 4900 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 08:57:00.0348 4900 SessionEnv - ok 08:57:00.0379 4900 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 08:57:00.0426 4900 sffdisk - ok 08:57:00.0520 4900 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 08:57:00.0582 4900 sffp_mmc - ok 08:57:00.0832 4900 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 08:57:00.0847 4900 sffp_sd - ok 08:57:00.0941 4900 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 08:57:00.0941 4900 sfloppy - ok 08:57:01.0113 4900 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll 08:57:01.0128 4900 SharedAccess - ok 08:57:01.0222 4900 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll 08:57:01.0331 4900 ShellHWDetection - ok 08:57:01.0471 4900 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 08:57:01.0487 4900 sisagp - ok 08:57:01.0518 4900 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 08:57:01.0518 4900 SiSRaid2 - ok 08:57:01.0549 4900 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 08:57:01.0565 4900 SiSRaid4 - ok 08:57:01.0877 4900 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe 08:57:02.0064 4900 SkypeUpdate - ok 08:57:03.0889 4900 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 08:57:04.0217 4900 slsvc - ok 08:57:04.0810 4900 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 08:57:04.0810 4900 SLUINotify - ok 08:57:04.0981 4900 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 08:57:04.0981 4900 Smb - ok 08:57:05.0091 4900 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 08:57:05.0091 4900 SNMPTRAP - ok 08:57:05.0106 4900 SNP2UVC - ok 08:57:05.0262 4900 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 08:57:05.0262 4900 spldr - ok 08:57:05.0356 4900 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe 08:57:05.0371 4900 Spooler - ok 08:57:05.0449 4900 sptd (8ea0fd60a5b047e0c734d51aace531c9) C:\Windows\System32\Drivers\sptd.sys 08:57:05.0465 4900 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 8ea0fd60a5b047e0c734d51aace531c9 08:57:05.0465 4900 sptd ( LockedFile.Multi.Generic ) - warning 08:57:05.0465 4900 sptd - detected LockedFile.Multi.Generic (1) 08:57:05.0793 4900 SQLAgent$SONY_MEDIAMGR - ok 08:57:06.0089 4900 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 08:57:06.0105 4900 srv - ok 08:57:06.0339 4900 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 08:57:06.0339 4900 srv2 - ok 08:57:06.0354 4900 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 08:57:06.0370 4900 srvnet - ok 08:57:06.0853 4900 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 08:57:07.0009 4900 SSDPSRV - ok 08:57:07.0212 4900 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 08:57:07.0212 4900 SstpSvc - ok 08:57:07.0540 4900 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 08:57:07.0555 4900 StarWindServiceAE - ok 08:57:07.0649 4900 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 08:57:07.0665 4900 stisvc - ok 08:57:07.0743 4900 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 08:57:07.0743 4900 swenum - ok 08:57:08.0320 4900 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 08:57:08.0429 4900 SwitchBoard - ok 08:57:08.0835 4900 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 08:57:08.0835 4900 swprv - ok 08:57:08.0850 4900 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 08:57:08.0866 4900 Symc8xx - ok 08:57:09.0037 4900 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 08:57:09.0037 4900 Sym_hi - ok 08:57:09.0178 4900 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 08:57:09.0178 4900 Sym_u3 - ok 08:57:09.0209 4900 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys 08:57:09.0225 4900 SynTP - ok 08:57:09.0271 4900 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 08:57:09.0287 4900 SysMain - ok 08:57:09.0318 4900 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 08:57:09.0334 4900 TabletInputService - ok 08:57:09.0365 4900 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 08:57:09.0365 4900 TapiSrv - ok 08:57:09.0396 4900 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 08:57:09.0396 4900 TBS - ok 08:57:09.0989 4900 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 08:57:10.0036 4900 Tcpip - ok 08:57:10.0051 4900 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 08:57:10.0067 4900 Tcpip6 - ok 08:57:10.0566 4900 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 08:57:10.0691 4900 tcpipreg - ok 08:57:10.0972 4900 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 08:57:10.0987 4900 TDPIPE - ok 08:57:11.0377 4900 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 08:57:11.0440 4900 TDTCP - ok 08:57:12.0033 4900 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 08:57:12.0469 4900 tdx - ok 08:57:12.0547 4900 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 08:57:12.0594 4900 TermDD - ok 08:57:13.0998 4900 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 08:57:13.0998 4900 TermService - ok 08:57:14.0591 4900 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll 08:57:15.0043 4900 Themes - ok 08:57:15.0418 4900 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 08:57:15.0433 4900 THREADORDER - ok 08:57:16.0369 4900 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 08:57:16.0494 4900 TrkWks - ok 08:57:16.0728 4900 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 08:57:16.0728 4900 TrustedInstaller - ok 08:57:16.0822 4900 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 08:57:16.0822 4900 tssecsrv - ok 08:57:16.0947 4900 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 08:57:16.0947 4900 tunmp - ok 08:57:16.0978 4900 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 08:57:16.0978 4900 tunnel - ok 08:57:18.0538 4900 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 08:57:18.0616 4900 uagp35 - ok 08:57:19.0037 4900 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 08:57:19.0068 4900 udfs - ok 08:57:19.0224 4900 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 08:57:19.0240 4900 UI0Detect - ok 08:57:19.0396 4900 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 08:57:19.0396 4900 uliagpkx - ok 08:57:19.0583 4900 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 08:57:20.0035 4900 uliahci - ok 08:57:20.0082 4900 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 08:57:20.0098 4900 UlSata - ok 08:57:20.0145 4900 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 08:57:20.0238 4900 ulsata2 - ok 08:57:20.0815 4900 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 08:57:20.0862 4900 umbus - ok 08:57:21.0018 4900 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 08:57:21.0034 4900 upnphost - ok 08:57:21.0081 4900 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys 08:57:21.0081 4900 USBAAPL - ok 08:57:21.0221 4900 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 08:57:21.0237 4900 usbaudio - ok 08:57:21.0315 4900 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 08:57:21.0315 4900 usbccgp - ok 08:57:21.0377 4900 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 08:57:21.0393 4900 usbcir - ok 08:57:21.0486 4900 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 08:57:21.0595 4900 usbehci - ok 08:57:21.0627 4900 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 08:57:21.0642 4900 usbhub - ok 08:57:21.0689 4900 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 08:57:21.0689 4900 usbohci - ok 08:57:21.0892 4900 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 08:57:21.0954 4900 usbprint - ok 08:57:22.0048 4900 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 08:57:22.0048 4900 USBSTOR - ok 08:57:22.0095 4900 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 08:57:22.0204 4900 usbuhci - ok 08:57:22.0251 4900 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 08:57:22.0251 4900 usbvideo - ok 08:57:22.0282 4900 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll 08:57:22.0282 4900 UxSms - ok 08:57:22.0313 4900 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe 08:57:22.0453 4900 vds - ok 08:57:22.0485 4900 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 08:57:22.0485 4900 vga - ok 08:57:22.0531 4900 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 08:57:22.0531 4900 VgaSave - ok 08:57:22.0563 4900 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 08:57:22.0563 4900 viaagp - ok 08:57:22.0594 4900 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 08:57:22.0594 4900 ViaC7 - ok 08:57:22.0641 4900 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys 08:57:22.0734 4900 viaide - ok 08:57:22.0921 4900 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 08:57:22.0921 4900 volmgr - ok 08:57:23.0374 4900 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 08:57:23.0452 4900 volmgrx - ok 08:57:23.0935 4900 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 08:57:24.0201 4900 volsnap - ok 08:57:24.0372 4900 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 08:57:24.0388 4900 vsmraid - ok 08:57:24.0731 4900 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe 08:57:24.0918 4900 VSS - ok 08:57:25.0542 4900 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe 08:57:25.0605 4900 vToolbarUpdater10.2.0 - ok 08:57:26.0431 4900 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll 08:57:26.0431 4900 W32Time - ok 08:57:26.0619 4900 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 08:57:26.0619 4900 WacomPen - ok 08:57:26.0790 4900 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 08:57:26.0868 4900 Wanarp - ok 08:57:26.0884 4900 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 08:57:26.0884 4900 Wanarpv6 - ok 08:57:27.0071 4900 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll 08:57:27.0445 4900 wcncsvc - ok 08:57:27.0508 4900 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 08:57:27.0508 4900 WcsPlugInService - ok 08:57:27.0679 4900 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 08:57:27.0679 4900 Wd - ok 08:57:27.0820 4900 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 08:57:28.0007 4900 Wdf01000 - ok 08:57:28.0023 4900 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 08:57:28.0023 4900 WdiServiceHost - ok 08:57:28.0038 4900 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 08:57:28.0038 4900 WdiSystemHost - ok 08:57:28.0085 4900 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll 08:57:28.0101 4900 WebClient - ok 08:57:28.0444 4900 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll 08:57:28.0475 4900 Wecsvc - ok 08:57:28.0506 4900 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 08:57:28.0506 4900 wercplsupport - ok 08:57:28.0912 4900 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll 08:57:28.0959 4900 WerSvc - ok 08:57:29.0130 4900 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 08:57:29.0161 4900 winachsf - ok 08:57:30.0082 4900 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll 08:57:30.0097 4900 WinDefend - ok 08:57:30.0113 4900 WinHttpAutoProxySvc - ok 08:57:30.0316 4900 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll 08:57:30.0316 4900 Winmgmt - ok 08:57:32.0313 4900 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll 08:57:32.0531 4900 WinRM - ok 08:57:33.0139 4900 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll 08:57:33.0186 4900 Wlansvc - ok 08:57:33.0685 4900 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 08:57:33.0701 4900 wlcrasvc - ok 08:57:34.0341 4900 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 08:57:34.0450 4900 wlidsvc - ok 08:57:34.0731 4900 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 08:57:34.0731 4900 WmiAcpi - ok 08:57:35.0308 4900 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe 08:57:35.0417 4900 wmiApSrv - ok 08:57:36.0041 4900 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 08:57:36.0088 4900 WMPNetworkSvc - ok 08:57:36.0181 4900 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll 08:57:36.0275 4900 WPCSvc - ok 08:57:36.0400 4900 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll 08:57:36.0400 4900 WPDBusEnum - ok 08:57:36.0649 4900 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 08:57:36.0743 4900 WpdUsb - ok 08:57:37.0289 4900 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 08:57:37.0429 4900 WPFFontCache_v0400 - ok 08:57:37.0476 4900 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 08:57:37.0492 4900 ws2ifsl - ok 08:57:37.0632 4900 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll 08:57:37.0632 4900 wscsvc - ok 08:57:37.0648 4900 WSearch - ok 08:57:38.0241 4900 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll 08:57:38.0256 4900 wuauserv - ok 08:57:38.0755 4900 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 08:57:38.0787 4900 wudfsvc - ok 08:57:38.0880 4900 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys 08:57:38.0989 4900 XAudio - ok 08:57:39.0036 4900 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe 08:57:39.0208 4900 XAudioService - ok 08:57:39.0239 4900 XDva393 - ok 08:57:39.0598 4900 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys 08:57:39.0645 4900 yukonwlh - ok 08:57:39.0785 4900 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0 08:57:39.0863 4900 \Device\Harddisk0\DR0 - ok 08:57:39.0957 4900 Boot (0x1200) (9f4cf0f1aa52631794d20a3e083fba49) \Device\Harddisk0\DR0\Partition0 08:57:39.0972 4900 \Device\Harddisk0\DR0\Partition0 - ok 08:57:40.0035 4900 Boot (0x1200) (118f8ff060c1de8d16782d5e3b1c42e2) \Device\Harddisk0\DR0\Partition1 08:57:40.0035 4900 \Device\Harddisk0\DR0\Partition1 - ok 08:57:40.0035 4900 ============================================================ 08:57:40.0035 4900 Scan finished 08:57:40.0035 4900 ============================================================ 08:57:40.0050 4312 Detected object count: 3 08:57:40.0050 4312 Actual detected object count: 3 08:58:30.0360 4312 Akamai ( HiddenFile.Multi.Generic ) - skipped by user 08:58:30.0360 4312 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 08:58:30.0469 4312 C:\Windows\system32\drivers\arc.sys - copied to quarantine 08:58:30.0657 4312 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 08:58:30.0672 4312 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine 08:58:30.0672 4312 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine 08:58:30.0797 4312 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine 08:58:31.0093 4312 Backup copy found, using it.. 08:58:31.0156 4312 C:\Windows\system32\drivers\arc.sys - will be cured on reboot 08:58:31.0156 4312 arc ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure 08:58:31.0171 4312 sptd ( LockedFile.Multi.Generic ) - skipped by user 08:58:31.0171 4312 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 08:58:39.0720 5424 Deinitialize success
  9. Before I continue, on the Norton site, I had to make a new account. I have no idea whether the one on my computer right now was registered on a Norton account since this is a laptop my sister has given to me about 2 years ago. I signed up and it said there is no product or services. Should I continue the removal process of Norton, if I am unable to get my Product Key?
  10. Ok I did the scan with DDS. They said it should take about 3 minutes, but it took longer, about 10-15mins. (is that normal?) My AVG Anti-Virus wouldn't open at all. It seems to be running on my computer but I can't open it so I couldn't disable it but it seems like the scan was successful nonetheless. They said I should zip up the ''Attach.txt'' file but I am a bit unsure on how to do so. If you need that log posted as well, let me know and I will. Here are the logs: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.19190 Run by Amy at 5:03:55 on 2012-04-30 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2814.1040 [GMT -4:00] . AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k Akamai C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\PremierOpinion\pmservice.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\SMINST\BLService.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE . ============== Pseudo HJT Report =============== . uSearch Page = uSearch Bar = uInternet Settings,ProxyOverride = <local> uURLSearchHooks: H - No File uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll mURLSearchHooks: H - No File BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll TB: Astroburn Toolbar: {efeed92a-a33d-4873-ba8f-32baa631e54d} - c:\program files\astroburn toolbar\ABToolbar.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} uRun: [msnmsgr] "c:\program files\windows live\messenger\msn.exe.exe" /background uRun: [fsm] uRun: [AdobeBridge] uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe uRun: [Akamai NetSession Interface] "c:\users\amy\appdata\local\akamai\netsession_win.exe" uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun uRun: [Gestionnaire Antidote.exe] c:\program files\druide\antidote\Gestionnaire Antidote.exe uRun: [PlayNC Launcher] mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5" mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter" mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0" mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0" mRun: [updatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0" mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [PLFSetL] c:\windows\PLFSetL.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [vProt] "c:\program files\avg secure search\vprot.exe" mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [Gestionnaire Antidote.exe] c:\progra~1\druide\antidote\Gestionnaire Antidote.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Save video on Savevid.com - c:\program files\savevid\redirect.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ca.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{550F16E0-85B5-4A81-A09D-D5A9D0FC9F3F} : DhcpNameServer = 192.168.175.2 142.166.86.18 142.166.86.19 TCP: Interfaces\{6FFC239B-7E66-4926-B155-8787E1E66132} : DhcpNameServer = 192.168.0.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ============= SERVICES / DRIVERS =============== . R? AVG Security Toolbar Service;AVG Security Toolbar Service R? gupdate1ca58b169fd7b60;Google Update Service (gupdate1ca58b169fd7b60) R? gupdatem;Google Update Service (gupdatem) R? SkypeUpdate;Skype Updater R? SwitchBoard;SwitchBoard R? wlcrasvc;Windows Live Mesh remote connections service R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0 R? XDva393;XDva393 S? Akamai;Akamai NetSession Interface S? AVGIDSAgent;AVGIDSAgent S? AVGIDSDriver;AVGIDSDriver S? AVGIDSEH;AVGIDSEH S? AVGIDSFilter;AVGIDSFilter S? AVGIDSShim;AVGIDSShim S? Avgldx86;AVG AVI Loader Driver S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield S? Avgrkx86;AVG Anti-Rootkit Driver S? Avgtdix;AVG TDI Driver S? avgwd;AVG WatchDog S? BHDrvx86;Symantec Heuristics Driver S? ccHP;Symantec Hash Provider S? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 S? Com4QLBEx;Com4QLBEx S? FontCache;Windows Font Cache Service S? IDSVix86;IDSVix86 S? MBAMProtector;MBAMProtector S? MBAMService;MBAMService S? Norton Internet Security;Norton Internet Security S? NVHDA;Service for NVIDIA High Definition Audio Driver S? PremierOpinion;PremierOpinion S? Recovery Service for Windows;Recovery Service for Windows S? StarWindServiceAE;StarWind AE Service S? SymEFA;Symantec Extended File Attributes S? SYMNDISV;Symantec Network Filter Driver S? vToolbarUpdater10.2.0;vToolbarUpdater10.2.0 . =============== Created Last 30 ================ . 2012-04-29 19:52:40 -------- d-----w- c:\program files\Trend Micro 2012-04-29 18:34:13 -------- d-----w- c:\users\amy\appdata\roaming\Malwarebytes 2012-04-26 19:15:30 -------- d-----w- c:\users\amy\appdata\roaming\yess 2012-04-23 12:59:34 -------- d-----w- c:\users\amy\appdata\local\assembly 2012-04-23 12:58:42 -------- d-----w- c:\program files\NCSoft 2012-04-20 07:29:12 -------- d-----w- c:\program files\World of Warcraft Beta 2012-04-17 16:48:05 -------- d-----w- c:\users\amy\appdata\roaming\Digiarty 2012-04-17 16:47:48 -------- d-----w- c:\program files\Digiarty 2012-04-17 16:37:48 -------- d-----w- c:\users\amy\appdata\roaming\Apowersoft 2012-04-17 16:26:16 -------- d-----w- c:\users\amy\appdata\roaming\NCH Software 2012-04-13 12:42:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-13 06:00:51 -------- d-----w- c:\programdata\Battle.net 2012-04-03 22:08:51 15712 ----a-w- c:\program files\common files\windows live\.cache\5807e0d01cd11e604\MeshBetaRemover.exe 2012-04-03 22:07:59 89944 ----a-w- c:\program files\common files\windows live\.cache\38f096b01cd11e603\DSETUP.dll 2012-04-03 22:07:59 537432 ----a-w- c:\program files\common files\windows live\.cache\38f096b01cd11e603\DXSETUP.exe 2012-04-03 22:07:59 1801048 ----a-w- c:\program files\common files\windows live\.cache\38f096b01cd11e603\dsetup32.dll 2012-04-03 22:07:44 94040 ----a-w- c:\program files\common files\windows live\.cache\2e4061f01cd11e602\DSETUP.dll 2012-04-03 22:07:44 525656 ----a-w- c:\program files\common files\windows live\.cache\2e4061f01cd11e602\DXSETUP.exe 2012-04-03 22:07:44 1691480 ----a-w- c:\program files\common files\windows live\.cache\2e4061f01cd11e602\dsetup32.dll 2012-04-02 08:02:12 230752 ----a-w- c:\windows\patchw32.dll 2012-04-02 07:39:55 -------- d-----w- c:\program files\Outspark 2012-04-02 06:03:06 -------- d-----w- c:\users\amy\appdata\local\PMB Files 2012-04-02 06:02:47 -------- d-----w- c:\programdata\PMB Files 2012-04-02 06:01:52 -------- d-----w- c:\program files\Pando Networks . ==================== Find3M ==================== . 2012-04-19 19:28:24 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-09 20:03:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-08 22:50:28 49016 ----a-w- c:\windows\system32\sirenacm.dll 2012-02-02 18:57:40 808440 ----a-w- c:\windows\system32\CDDBUI.dll 2012-02-02 18:57:40 796152 ----a-w- c:\windows\system32\CDDBControl.dll 2012-02-02 18:57:40 169464 ----a-w- c:\windows\system32\CddbLangRU.dll . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.0.6002 Disk: ST9250320AS rev.HP07 -> Harddisk0\DR0 -> \Device\Ide\IdePort3 P3T0L0-5 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85BFEEC5]<< _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0xb6c6e872; SUB DWORD [EBP-0x4], 0xb6c6e12e; PUSH EDI; CALL 0xffffffffffffdf33; } 1 ntkrnlpa!IofCallDriver[0x81E7A912] -> \Device\Harddisk0\DR0[0x8662A838] 3 CLASSPNP[0x82CCB8B3] -> ntkrnlpa!IofCallDriver[0x81E7A912] -> [0x85B94F08] 5 acpi[0x807266BC] -> ntkrnlpa!IofCallDriver[0x81E7A912] -> [0x851E5B98] [0x86C78E48] -> IRP_MJ_CREATE -> 0x85BFEEC5 kernel: MBR read successfully _asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x6c; } detected disk devices: \Device\Ide\IdeDeviceP3T0L0-5 -> \??\IDE#DiskST9250320AS_____________________________HP07____#5&8eb2ae7&0&1.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\atapi DriverStartIo -> 0x85BFEAEA \Driver\atapi -> 0x85b3d1e8 user & kernel MBR OK sectors 488397166 (+255): user != kernel Warning: possible TDL3 rootkit infection ! . ============= FINISH: 5:23:13.43 ===============
  11. Alright, I was brought here from the ''Pre-HJT Post Instructions''. The main reason I came here is because after running the Malware Bytes scan and getting rid of the files in my Quarantine, my computer has started to run slower(Also, there seems to be some files that don't open like they used to, one of them being my control panel?). During the scan my computer did freeze. I am wondering if by deleting the things in my Quarantine, I might have deleted something important. I am not knowledgable at all with computers so every step of help would be greatly appreciated! I downloaded HijackThis, and here are my logs. HijackThis Log: Scan saved at 4:34:27 PM, on 29/04/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19190) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Opera\Opera.exe C:\Windows\system32\conime.exe C:\Program Files\PremierOpinion\pmropn.exe C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files\aMSN\bin\wish.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Users\Amy\Desktop\Mozilla Firefox\firefox.exe C:\Program Files\Alcohol Soft\Alcohol 120\AxShlExHlper.exe C:\Program Files\Alcohol Soft\Alcohol 120\AxShlExHlper.exe C:\Program Files\Alcohol Soft\Alcohol 120\AxShlExHlper.exe C:\Program Files\Alcohol Soft\Alcohol 120\AxShlExHlper.exe C:\Program Files\Alcohol Soft\Alcohol 120\AxShlExHlper.exe C:\Program Files\Alcohol Soft\Alcohol 120\AxShlExHlper.exe C:\Program Files\Alcohol Soft\Alcohol 120\AxShlExHlper.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Users\Amy\Desktop\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchFilterHost.exe O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 2687 bytes Malware Bytes Log: 2012/04/29 14:38:29 -0400 AMY-PC Amy MESSAGE Starting protection 2012/04/29 14:38:36 -0400 AMY-PC Amy MESSAGE Protection started successfully 2012/04/29 14:38:39 -0400 AMY-PC Amy MESSAGE Starting IP protection 2012/04/29 14:38:51 -0400 AMY-PC Amy MESSAGE IP Protection started successfully 2012/04/29 14:38:59 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent QUARANTINE 2012/04/29 14:39:00 -0400 AMY-PC Amy ERROR Quarantine failed: DeleteFile failed with error code 5 2012/04/29 14:39:24 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:39:50 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:40:15 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:40:40 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:41:05 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:41:25 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:41:30 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:41:36 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:41:55 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:42:05 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:42:20 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:42:45 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:43:10 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:43:35 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:44:00 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:44:25 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:44:50 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:45:15 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:45:40 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:46:05 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:46:31 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:46:56 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:47:21 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:47:46 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:48:11 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:48:36 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:49:01 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:49:26 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:49:51 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:50:16 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:50:41 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:51:06 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:51:26 -0400 AMY-PC Amy MESSAGE Executing scheduled update: Daily 2012/04/29 14:51:30 -0400 AMY-PC Amy MESSAGE Database already up-to-date 2012/04/29 14:51:31 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:51:32 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 54353, Process: svchost.exe) 2012/04/29 14:51:56 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:52:21 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:52:47 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:53:12 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:53:37 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:54:02 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:54:27 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:54:52 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:55:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:55:42 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:56:07 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:56:32 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:56:57 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:57:22 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:57:47 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:58:12 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:58:37 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:59:02 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:59:28 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 14:59:53 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:00:18 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:00:43 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:01:08 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:01:33 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:01:58 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:02:23 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:02:48 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:03:13 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:03:38 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:04:03 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:04:28 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:04:53 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:05:18 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:05:40 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 53607, Process: svchost.exe) 2012/04/29 15:05:43 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:06:08 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:06:34 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:06:59 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:07:24 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:07:49 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:08:14 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:08:39 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:09:03 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 64366, Process: svchost.exe) 2012/04/29 15:09:04 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:09:11 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 64366, Process: svchost.exe) 2012/04/29 15:09:11 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 64366, Process: svchost.exe) 2012/04/29 15:09:19 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 63646, Process: svchost.exe) 2012/04/29 15:09:27 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 63646, Process: svchost.exe) 2012/04/29 15:09:27 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 63646, Process: svchost.exe) 2012/04/29 15:09:29 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:09:35 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 59661, Process: svchost.exe) 2012/04/29 15:09:44 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 59661, Process: svchost.exe) 2012/04/29 15:09:52 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 56629, Process: svchost.exe) 2012/04/29 15:09:54 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:10:00 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 56629, Process: svchost.exe) 2012/04/29 15:10:19 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:10:44 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:11:09 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:11:34 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:11:59 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:12:24 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:12:49 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:13:14 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:13:39 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:14:05 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:14:30 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:14:55 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:15:20 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:15:45 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:16:10 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:22:38 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent QUARANTINE 2012/04/29 15:22:40 -0400 AMY-PC Amy ERROR Quarantine failed: DeleteFile failed with error code 5 2012/04/29 15:22:50 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:22:51 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:23:01 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:23:18 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:24:25 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:24:31 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:24:49 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:25:44 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:25:54 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:25:54 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:26:02 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:26:13 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:27:45 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:27:52 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:27:54 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:29:21 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:30:15 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:30:16 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:30:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:31:36 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:31:36 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:31:37 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:31:53 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:31:54 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:40:43 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:40:44 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:41:13 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:41:13 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:41:15 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:41:16 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:41:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:41:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:41:18 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:41:19 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:41:20 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:41:21 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:41:22 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:41:23 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:41:28 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:41:29 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:41:31 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:41:35 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:41:36 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:41:39 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:41:40 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:41:49 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:41:51 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:41:55 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:41:59 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:42:01 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:44:07 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:44:24 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:07 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:08 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:09 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:10 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:11 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:14 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:15 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:16 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:18 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:25 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:27 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:35 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:36 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:37 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:38 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:39 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:41 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:42 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:43 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:44 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:45 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:46 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:47 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:47 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:49 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:49 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:50 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:52 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:45:53 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:46:23 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:46:24 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:47:52 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:48:03 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:48:03 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:48:04 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:48:11 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY 2012/04/29 15:48:13 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:48:14 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:48:14 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:48:15 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:48:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:48:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:48:22 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:48:23 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:48:24 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:48:24 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:48:25 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:48:26 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:48:26 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:48:27 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:52:54 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:52:59 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:53:06 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:57:52 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:57:56 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 15:58:04 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:00:29 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:00:33 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:00:40 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:00:50 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:00:53 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:01:02 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:01:13 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:01:16 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:01:25 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:10:05 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:10:09 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:10:15 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:15:53 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:15:57 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:16:05 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:16:28 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:16:31 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:16:38 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:16:46 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:16:48 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:16:56 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:21:52 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:21:56 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:22:04 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:22:12 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:22:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:22:23 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:22:33 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:22:35 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:22:42 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:32:04 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:32:08 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY 2012/04/29 16:32:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.