SweetieLydia

Please help! Slow computer now?

22 posts in this topic

Alright, I was brought here from the ''Pre-HJT Post Instructions''. The main reason I came here is because after running the Malware Bytes scan and getting rid of the files in my Quarantine, my computer has started to run slower(Also, there seems to be some files that don't open like they used to, one of them being my control panel?). During the scan my computer did freeze. I am wondering if by deleting the things in my Quarantine, I might have deleted something important. I am not knowledgable at all with computers so every step of help would be greatly appreciated! I downloaded HijackThis, and here are my logs.

HijackThis Log:

Scan saved at 4:34:27 PM, on 29/04/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19190)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Opera\Opera.exe

C:\Windows\system32\conime.exe

C:\Program Files\PremierOpinion\pmropn.exe

C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files\aMSN\bin\wish.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Users\Amy\Desktop\Mozilla Firefox\firefox.exe

C:\Program Files\Alcohol Soft\Alcohol 120\AxShlExHlper.exe

C:\Program Files\Alcohol Soft\Alcohol 120\AxShlExHlper.exe

C:\Program Files\Alcohol Soft\Alcohol 120\AxShlExHlper.exe

C:\Program Files\Alcohol Soft\Alcohol 120\AxShlExHlper.exe

C:\Program Files\Alcohol Soft\Alcohol 120\AxShlExHlper.exe

C:\Program Files\Alcohol Soft\Alcohol 120\AxShlExHlper.exe

C:\Program Files\Alcohol Soft\Alcohol 120\AxShlExHlper.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Users\Amy\Desktop\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchFilterHost.exe

O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 2687 bytes

Malware Bytes Log:

2012/04/29 14:38:29 -0400 AMY-PC Amy MESSAGE Starting protection

2012/04/29 14:38:36 -0400 AMY-PC Amy MESSAGE Protection started successfully

2012/04/29 14:38:39 -0400 AMY-PC Amy MESSAGE Starting IP protection

2012/04/29 14:38:51 -0400 AMY-PC Amy MESSAGE IP Protection started successfully

2012/04/29 14:38:59 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent QUARANTINE

2012/04/29 14:39:00 -0400 AMY-PC Amy ERROR Quarantine failed: DeleteFile failed with error code 5

2012/04/29 14:39:24 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:39:50 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:40:15 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:40:40 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:41:05 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:41:25 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:41:30 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:41:36 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:41:55 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:42:05 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:42:20 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:42:45 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:43:10 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:43:35 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:44:00 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:44:25 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:44:50 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:45:15 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:45:40 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:46:05 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:46:31 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:46:56 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:47:21 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:47:46 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:48:11 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:48:36 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:49:01 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:49:26 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:49:51 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:50:16 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:50:41 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:51:06 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:51:26 -0400 AMY-PC Amy MESSAGE Executing scheduled update: Daily

2012/04/29 14:51:30 -0400 AMY-PC Amy MESSAGE Database already up-to-date

2012/04/29 14:51:31 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:51:32 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 54353, Process: svchost.exe)

2012/04/29 14:51:56 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:52:21 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:52:47 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:53:12 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:53:37 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:54:02 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:54:27 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:54:52 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:55:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:55:42 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:56:07 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:56:32 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:56:57 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:57:22 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:57:47 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:58:12 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:58:37 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:59:02 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:59:28 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 14:59:53 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:00:18 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:00:43 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:01:08 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:01:33 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:01:58 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:02:23 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:02:48 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:03:13 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:03:38 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:04:03 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:04:28 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:04:53 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:05:18 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:05:40 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 53607, Process: svchost.exe)

2012/04/29 15:05:43 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:06:08 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:06:34 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:06:59 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:07:24 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:07:49 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:08:14 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:08:39 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:09:03 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 64366, Process: svchost.exe)

2012/04/29 15:09:04 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:09:11 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 64366, Process: svchost.exe)

2012/04/29 15:09:11 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 64366, Process: svchost.exe)

2012/04/29 15:09:19 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 63646, Process: svchost.exe)

2012/04/29 15:09:27 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 63646, Process: svchost.exe)

2012/04/29 15:09:27 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 63646, Process: svchost.exe)

2012/04/29 15:09:29 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:09:35 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 59661, Process: svchost.exe)

2012/04/29 15:09:44 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 59661, Process: svchost.exe)

2012/04/29 15:09:52 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 56629, Process: svchost.exe)

2012/04/29 15:09:54 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:10:00 -0400 AMY-PC Amy IP-BLOCK 93.188.163.74 (Type: outgoing, Port: 56629, Process: svchost.exe)

2012/04/29 15:10:19 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:10:44 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:11:09 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:11:34 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:11:59 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:12:24 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:12:49 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:13:14 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:13:39 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:14:05 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:14:30 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:14:55 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:15:20 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:15:45 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:16:10 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:22:38 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent QUARANTINE

2012/04/29 15:22:40 -0400 AMY-PC Amy ERROR Quarantine failed: DeleteFile failed with error code 5

2012/04/29 15:22:50 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:22:51 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:23:01 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:23:18 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:24:25 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:24:31 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:24:49 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:25:44 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:25:54 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:25:54 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:26:02 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:26:13 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:27:45 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:27:52 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:27:54 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:29:21 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:30:15 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:30:16 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:30:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:31:36 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:31:36 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:31:37 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:31:53 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:31:54 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:40:43 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:40:44 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:41:13 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:41:13 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:41:15 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:41:16 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:41:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:41:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:41:18 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:41:19 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:41:20 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:41:21 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:41:22 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:41:23 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:41:28 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:41:29 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:41:31 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:41:35 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:41:36 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:41:39 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:41:40 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:41:49 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:41:51 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:41:55 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:41:59 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:42:01 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:44:07 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:44:24 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:07 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:08 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:09 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:10 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:11 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:14 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:15 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:16 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:18 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:25 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:27 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:35 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:36 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:37 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:38 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:39 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:41 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:42 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:43 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:44 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:45 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:46 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:47 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:47 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:49 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:49 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:50 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:52 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:45:53 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:46:23 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:46:24 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:47:52 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:48:03 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:48:03 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:48:04 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:48:11 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmropn.exe Trojan.Agent DENY

2012/04/29 15:48:13 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:48:14 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:48:14 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:48:15 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:48:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:48:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:48:22 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:48:23 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:48:24 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:48:24 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:48:25 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:48:26 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:48:26 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:48:27 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:52:54 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:52:59 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:53:06 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:57:52 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:57:56 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 15:58:04 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:00:29 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:00:33 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:00:40 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:00:50 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:00:53 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:01:02 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:01:13 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:01:16 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:01:25 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:10:05 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:10:09 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:10:15 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:15:53 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:15:57 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:16:05 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:16:28 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:16:31 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:16:38 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:16:46 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:16:48 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:16:56 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:21:52 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:21:56 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:22:04 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:22:12 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:22:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:22:23 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:22:33 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:22:35 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:22:42 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:32:04 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:32:08 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

2012/04/29 16:32:17 -0400 AMY-PC Amy DETECTION C:\Program Files\PremierOpinion\pmls.dll Trojan.Agent DENY

Share this post


Link to post
Share on other sites

Hello and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Share this post


Link to post
Share on other sites

Ok I did the scan with DDS. They said it should take about 3 minutes, but it took longer, about 10-15mins. (is that normal?) My AVG Anti-Virus wouldn't open at all. It seems to be running on my computer but I can't open it so I couldn't disable it but it seems like the scan was successful nonetheless. They said I should zip up the ''Attach.txt'' file but I am a bit unsure on how to do so. If you need that log posted as well, let me know and I will. Here are the logs:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19190

Run by Amy at 5:03:55 on 2012-04-30

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2814.1040 [GMT -4:00]

.

AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k Akamai

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\PremierOpinion\pmservice.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\SMINST\BLService.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

.

============== Pseudo HJT Report ===============

.

uSearch Page =

uSearch Bar =

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: H - No File

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll

mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll

mURLSearchHooks: H - No File

BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll

TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

TB: Astroburn Toolbar: {efeed92a-a33d-4873-ba8f-32baa631e54d} - c:\program files\astroburn toolbar\ABToolbar.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [msnmsgr] "c:\program files\windows live\messenger\msn.exe.exe" /background

uRun: [fsm]

uRun: [AdobeBridge]

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe

uRun: [Akamai NetSession Interface] "c:\users\amy\appdata\local\akamai\netsession_win.exe"

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [Gestionnaire Antidote.exe] c:\program files\druide\antidote\Gestionnaire Antidote.exe

uRun: [PlayNC Launcher]

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"

mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [updatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [PLFSetL] c:\windows\PLFSetL.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [Gestionnaire Antidote.exe] c:\progra~1\druide\antidote\Gestionnaire Antidote.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Save video on Savevid.com - c:\program files\savevid\redirect.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ca.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{550F16E0-85B5-4A81-A09D-D5A9D0FC9F3F} : DhcpNameServer = 192.168.175.2 142.166.86.18 142.166.86.19

TCP: Interfaces\{6FFC239B-7E66-4926-B155-8787E1E66132} : DhcpNameServer = 192.168.0.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

============= SERVICES / DRIVERS ===============

.

R? AVG Security Toolbar Service;AVG Security Toolbar Service

R? gupdate1ca58b169fd7b60;Google Update Service (gupdate1ca58b169fd7b60)

R? gupdatem;Google Update Service (gupdatem)

R? SkypeUpdate;Skype Updater

R? SwitchBoard;SwitchBoard

R? wlcrasvc;Windows Live Mesh remote connections service

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0

R? XDva393;XDva393

S? Akamai;Akamai NetSession Interface

S? AVGIDSAgent;AVGIDSAgent

S? AVGIDSDriver;AVGIDSDriver

S? AVGIDSEH;AVGIDSEH

S? AVGIDSFilter;AVGIDSFilter

S? AVGIDSShim;AVGIDSShim

S? Avgldx86;AVG AVI Loader Driver

S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield

S? Avgrkx86;AVG Anti-Rootkit Driver

S? Avgtdix;AVG TDI Driver

S? avgwd;AVG WatchDog

S? BHDrvx86;Symantec Heuristics Driver

S? ccHP;Symantec Hash Provider

S? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

S? Com4QLBEx;Com4QLBEx

S? FontCache;Windows Font Cache Service

S? IDSVix86;IDSVix86

S? MBAMProtector;MBAMProtector

S? MBAMService;MBAMService

S? Norton Internet Security;Norton Internet Security

S? NVHDA;Service for NVIDIA High Definition Audio Driver

S? PremierOpinion;PremierOpinion

S? Recovery Service for Windows;Recovery Service for Windows

S? StarWindServiceAE;StarWind AE Service

S? SymEFA;Symantec Extended File Attributes

S? SYMNDISV;Symantec Network Filter Driver

S? vToolbarUpdater10.2.0;vToolbarUpdater10.2.0

.

=============== Created Last 30 ================

.

2012-04-29 19:52:40 -------- d-----w- c:\program files\Trend Micro

2012-04-29 18:34:13 -------- d-----w- c:\users\amy\appdata\roaming\Malwarebytes

2012-04-26 19:15:30 -------- d-----w- c:\users\amy\appdata\roaming\yess

2012-04-23 12:59:34 -------- d-----w- c:\users\amy\appdata\local\assembly

2012-04-23 12:58:42 -------- d-----w- c:\program files\NCSoft

2012-04-20 07:29:12 -------- d-----w- c:\program files\World of Warcraft Beta

2012-04-17 16:48:05 -------- d-----w- c:\users\amy\appdata\roaming\Digiarty

2012-04-17 16:47:48 -------- d-----w- c:\program files\Digiarty

2012-04-17 16:37:48 -------- d-----w- c:\users\amy\appdata\roaming\Apowersoft

2012-04-17 16:26:16 -------- d-----w- c:\users\amy\appdata\roaming\NCH Software

2012-04-13 12:42:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-13 06:00:51 -------- d-----w- c:\programdata\Battle.net

2012-04-03 22:08:51 15712 ----a-w- c:\program files\common files\windows live\.cache\5807e0d01cd11e604\MeshBetaRemover.exe

2012-04-03 22:07:59 89944 ----a-w- c:\program files\common files\windows live\.cache\38f096b01cd11e603\DSETUP.dll

2012-04-03 22:07:59 537432 ----a-w- c:\program files\common files\windows live\.cache\38f096b01cd11e603\DXSETUP.exe

2012-04-03 22:07:59 1801048 ----a-w- c:\program files\common files\windows live\.cache\38f096b01cd11e603\dsetup32.dll

2012-04-03 22:07:44 94040 ----a-w- c:\program files\common files\windows live\.cache\2e4061f01cd11e602\DSETUP.dll

2012-04-03 22:07:44 525656 ----a-w- c:\program files\common files\windows live\.cache\2e4061f01cd11e602\DXSETUP.exe

2012-04-03 22:07:44 1691480 ----a-w- c:\program files\common files\windows live\.cache\2e4061f01cd11e602\dsetup32.dll

2012-04-02 08:02:12 230752 ----a-w- c:\windows\patchw32.dll

2012-04-02 07:39:55 -------- d-----w- c:\program files\Outspark

2012-04-02 06:03:06 -------- d-----w- c:\users\amy\appdata\local\PMB Files

2012-04-02 06:02:47 -------- d-----w- c:\programdata\PMB Files

2012-04-02 06:01:52 -------- d-----w- c:\program files\Pando Networks

.

==================== Find3M ====================

.

2012-04-19 19:28:24 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-09 20:03:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-08 22:50:28 49016 ----a-w- c:\windows\system32\sirenacm.dll

2012-02-02 18:57:40 808440 ----a-w- c:\windows\system32\CDDBUI.dll

2012-02-02 18:57:40 796152 ----a-w- c:\windows\system32\CDDBControl.dll

2012-02-02 18:57:40 169464 ----a-w- c:\windows\system32\CddbLangRU.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.0.6002 Disk: ST9250320AS rev.HP07 -> Harddisk0\DR0 -> \Device\Ide\IdePort3 P3T0L0-5

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85BFEEC5]<<

_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0xb6c6e872; SUB DWORD [EBP-0x4], 0xb6c6e12e; PUSH EDI; CALL 0xffffffffffffdf33; }

1 ntkrnlpa!IofCallDriver[0x81E7A912] -> \Device\Harddisk0\DR0[0x8662A838]

3 CLASSPNP[0x82CCB8B3] -> ntkrnlpa!IofCallDriver[0x81E7A912] -> [0x85B94F08]

5 acpi[0x807266BC] -> ntkrnlpa!IofCallDriver[0x81E7A912] -> [0x851E5B98]

[0x86C78E48] -> IRP_MJ_CREATE -> 0x85BFEEC5

kernel: MBR read successfully

_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x6c; }

detected disk devices:

\Device\Ide\IdeDeviceP3T0L0-5 -> \??\IDE#DiskST9250320AS_____________________________HP07____#5&8eb2ae7&0&1.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x85BFEAEA

\Driver\atapi -> 0x85b3d1e8

user & kernel MBR OK

sectors 488397166 (+255): user != kernel

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 5:23:13.43 ===============

Share this post


Link to post
Share on other sites

Hi again,

It looks like you have Norton AV remnants on your computer. Lets get rid of those first.

Please click HERE and follow the instructions in STEP 2 to download and run the norton removal tool.

DDS shows rootkit activity so lets see if we can confirm that.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Share this post


Link to post
Share on other sites

Before I continue, on the Norton site, I had to make a new account. I have no idea whether the one on my computer right now was registered on a Norton account since this is a laptop my sister has given to me about 2 years ago. I signed up and it said there is no product or services. Should I continue the removal process of Norton, if I am unable to get my Product Key?

Share this post


Link to post
Share on other sites

Yes, you can just continue the removal, as you don't need to reinstall it afterwards (AVG is already on the machine, which is enough).

Share this post


Link to post
Share on other sites

08:54:40.0541 5304 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43

08:54:41.0415 5304 ============================================================

08:54:41.0415 5304 Current date / time: 2012/04/30 08:54:41.0415

08:54:41.0415 5304 SystemInfo:

08:54:41.0415 5304

08:54:41.0415 5304 OS Version: 6.0.6002 ServicePack: 2.0

08:54:41.0415 5304 Product type: Workstation

08:54:41.0415 5304 ComputerName: AMY-PC

08:54:41.0415 5304 UserName: Amy

08:54:41.0415 5304 Windows directory: C:\Windows

08:54:41.0415 5304 System windows directory: C:\Windows

08:54:41.0415 5304 Processor architecture: Intel x86

08:54:41.0415 5304 Number of processors: 2

08:54:41.0415 5304 Page size: 0x1000

08:54:41.0415 5304 Boot type: Normal boot

08:54:41.0415 5304 ============================================================

08:54:50.0151 5304 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

08:54:50.0182 5304 ============================================================

08:54:50.0182 5304 \Device\Harddisk0\DR0:

08:54:50.0197 5304 MBR partitions:

08:54:50.0197 5304 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BC55000

08:54:50.0197 5304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BC55800, BlocksNum 0x156E800

08:54:50.0197 5304 ============================================================

08:54:50.0775 5304 C: <-> \Device\Harddisk0\DR0\Partition0

08:54:51.0414 5304 D: <-> \Device\Harddisk0\DR0\Partition1

08:54:51.0414 5304 ============================================================

08:54:51.0414 5304 Initialize success

08:54:51.0414 5304 ============================================================

08:55:32.0317 4900 ============================================================

08:55:32.0317 4900 Scan started

08:55:32.0317 4900 Mode: Manual;

08:55:32.0317 4900 ============================================================

08:55:36.0389 4900 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

08:55:36.0405 4900 ACPI - ok

08:55:36.0561 4900 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

08:55:36.0654 4900 adp94xx - ok

08:55:36.0779 4900 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

08:55:36.0826 4900 adpahci - ok

08:55:36.0841 4900 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

08:55:36.0841 4900 adpu160m - ok

08:55:36.0857 4900 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

08:55:36.0857 4900 adpu320 - ok

08:55:36.0904 4900 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

08:55:36.0904 4900 AeLookupSvc - ok

08:55:37.0044 4900 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

08:55:37.0091 4900 AFD - ok

08:55:37.0278 4900 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

08:55:37.0325 4900 agp440 - ok

08:55:37.0356 4900 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

08:55:37.0356 4900 aic78xx - ok

08:55:39.0946 4900 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files\common files\akamai/netsession_win_6c825ce.dll

08:55:39.0946 4900 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7

08:55:39.0961 4900 Akamai ( HiddenFile.Multi.Generic ) - warning

08:55:39.0961 4900 Akamai - detected HiddenFile.Multi.Generic (1)

08:55:40.0383 4900 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

08:55:40.0383 4900 ALG - ok

08:55:40.0476 4900 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys

08:55:40.0554 4900 aliide - ok

08:55:40.0897 4900 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

08:55:40.0913 4900 amdagp - ok

08:55:41.0116 4900 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys

08:55:41.0116 4900 amdide - ok

08:55:41.0163 4900 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

08:55:41.0178 4900 AmdK7 - ok

08:55:41.0350 4900 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

08:55:41.0397 4900 AmdK8 - ok

08:55:41.0459 4900 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

08:55:41.0459 4900 Appinfo - ok

08:55:43.0503 4900 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

08:55:43.0518 4900 Apple Mobile Device - ok

08:55:43.0893 4900 arc (df9daabdc58cb616af5396088d402482) C:\Windows\system32\drivers\arc.sys

08:55:43.0893 4900 Suspicious file (Forged): C:\Windows\system32\drivers\arc.sys. Real md5: df9daabdc58cb616af5396088d402482, Fake md5: 5d2888182fb46632511acee92fdad522

08:55:43.0893 4900 arc ( Rootkit.Win32.TDSS.tdl3 ) - infected

08:55:43.0893 4900 arc - detected Rootkit.Win32.TDSS.tdl3 (0)

08:55:44.0111 4900 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

08:55:44.0127 4900 arcsas - ok

08:55:44.0142 4900 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

08:55:44.0158 4900 AsyncMac - ok

08:55:44.0205 4900 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

08:55:44.0220 4900 atapi - ok

08:55:44.0891 4900 athr (02d34ac487df3da4e3f01874e61eb619) C:\Windows\system32\DRIVERS\athr.sys

08:55:44.0938 4900 athr - ok

08:55:44.0969 4900 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

08:55:44.0969 4900 AudioEndpointBuilder - ok

08:55:44.0985 4900 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

08:55:44.0985 4900 Audiosrv - ok

08:55:45.0546 4900 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

08:55:45.0655 4900 AVG Security Toolbar Service - ok

08:55:48.0931 4900 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

08:55:49.0321 4900 AVGIDSAgent - ok

08:55:50.0039 4900 AVGIDSDriver (1c8d965bbcaa9ee5defdb54743437086) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

08:55:50.0055 4900 AVGIDSDriver - ok

08:55:50.0226 4900 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

08:55:50.0226 4900 AVGIDSEH - ok

08:55:50.0429 4900 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

08:55:50.0445 4900 AVGIDSFilter - ok

08:55:50.0554 4900 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys

08:55:50.0569 4900 AVGIDSShim - ok

08:55:50.0632 4900 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys

08:55:50.0632 4900 Avgldx86 - ok

08:55:50.0913 4900 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys

08:55:50.0913 4900 Avgmfx86 - ok

08:55:50.0959 4900 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys

08:55:50.0975 4900 Avgrkx86 - ok

08:55:51.0396 4900 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys

08:55:51.0661 4900 Avgtdix - ok

08:55:52.0254 4900 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files\AVG\AVG10\avgwdsvc.exe

08:55:52.0254 4900 avgwd - ok

08:55:53.0081 4900 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

08:55:53.0284 4900 Beep - ok

08:55:53.0923 4900 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

08:55:54.0095 4900 BFE - ok

08:55:55.0000 4900 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll

08:55:55.0187 4900 BITS - ok

08:55:55.0296 4900 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

08:55:55.0296 4900 blbdrive - ok

08:55:55.0920 4900 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

08:55:55.0983 4900 Bonjour Service - ok

08:55:56.0076 4900 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

08:55:56.0201 4900 bowser - ok

08:55:56.0373 4900 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

08:55:56.0373 4900 BrFiltLo - ok

08:55:56.0404 4900 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

08:55:56.0404 4900 BrFiltUp - ok

08:55:56.0513 4900 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

08:55:56.0513 4900 Browser - ok

08:55:56.0560 4900 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

08:55:56.0575 4900 Brserid - ok

08:55:56.0622 4900 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

08:55:56.0622 4900 BrSerWdm - ok

08:55:56.0638 4900 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

08:55:56.0653 4900 BrUsbMdm - ok

08:55:56.0669 4900 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

08:55:56.0669 4900 BrUsbSer - ok

08:55:56.0731 4900 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

08:55:56.0825 4900 BTHMODEM - ok

08:55:56.0950 4900 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

08:55:56.0950 4900 cdfs - ok

08:55:56.0997 4900 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

08:55:56.0997 4900 cdrom - ok

08:55:57.0012 4900 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

08:55:57.0012 4900 CertPropSvc - ok

08:55:57.0043 4900 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

08:55:57.0043 4900 circlass - ok

08:55:57.0090 4900 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

08:55:57.0184 4900 CLFS - ok

08:55:57.0262 4900 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:55:57.0262 4900 clr_optimization_v2.0.50727_32 - ok

08:55:58.0042 4900 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

08:55:58.0167 4900 clr_optimization_v4.0.30319_32 - ok

08:55:58.0213 4900 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

08:55:58.0245 4900 CmBatt - ok

08:55:58.0276 4900 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys

08:55:58.0276 4900 cmdide - ok

08:55:58.0494 4900 CnxtHdAudService (1adf6f4852e7d7e2e8ac481bdb970586) C:\Windows\system32\drivers\CHDRT32.sys

08:55:58.0588 4900 CnxtHdAudService - ok

08:55:58.0822 4900 Com4QLBEx (7795f8cebc284a426b53f541e538695f) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

08:55:58.0822 4900 Com4QLBEx - ok

08:55:58.0869 4900 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

08:55:58.0869 4900 Compbatt - ok

08:55:58.0884 4900 COMSysApp - ok

08:55:58.0884 4900 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

08:55:58.0900 4900 crcdisk - ok

08:55:58.0931 4900 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

08:55:58.0931 4900 Crusoe - ok

08:55:59.0103 4900 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

08:55:59.0103 4900 CryptSvc - ok

08:55:59.0181 4900 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

08:55:59.0181 4900 DcomLaunch - ok

08:55:59.0274 4900 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

08:55:59.0274 4900 DfsC - ok

08:55:59.0586 4900 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

08:55:59.0805 4900 DFSR - ok

08:56:00.0132 4900 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

08:56:00.0132 4900 Dhcp - ok

08:56:00.0241 4900 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

08:56:00.0273 4900 disk - ok

08:56:00.0366 4900 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

08:56:00.0366 4900 Dnscache - ok

08:56:00.0413 4900 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

08:56:00.0413 4900 dot3svc - ok

08:56:00.0475 4900 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

08:56:00.0475 4900 DPS - ok

08:56:00.0585 4900 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

08:56:00.0600 4900 drmkaud - ok

08:56:00.0678 4900 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

08:56:01.0006 4900 DXGKrnl - ok

08:56:01.0131 4900 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

08:56:01.0131 4900 E1G60 - ok

08:56:01.0162 4900 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

08:56:01.0162 4900 EapHost - ok

08:56:01.0645 4900 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

08:56:01.0755 4900 Ecache - ok

08:56:02.0051 4900 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

08:56:02.0160 4900 ehRecvr - ok

08:56:02.0347 4900 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

08:56:02.0363 4900 ehSched - ok

08:56:02.0488 4900 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

08:56:02.0488 4900 ehstart - ok

08:56:02.0597 4900 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

08:56:02.0675 4900 elxstor - ok

08:56:02.0862 4900 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

08:56:02.0862 4900 EMDMgmt - ok

08:56:02.0893 4900 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

08:56:02.0909 4900 ErrDev - ok

08:56:03.0003 4900 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

08:56:03.0003 4900 EventSystem - ok

08:56:03.0783 4900 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

08:56:03.0985 4900 exfat - ok

08:56:04.0719 4900 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

08:56:04.0937 4900 fastfat - ok

08:56:05.0171 4900 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

08:56:05.0171 4900 fdc - ok

08:56:05.0327 4900 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

08:56:05.0374 4900 fdPHost - ok

08:56:05.0623 4900 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

08:56:05.0623 4900 FDResPub - ok

08:56:06.0216 4900 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

08:56:06.0279 4900 FileInfo - ok

08:56:06.0653 4900 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

08:56:06.0715 4900 Filetrace - ok

08:56:09.0165 4900 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

08:56:09.0258 4900 FLEXnet Licensing Service - ok

08:56:09.0274 4900 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

08:56:09.0289 4900 flpydisk - ok

08:56:09.0399 4900 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

08:56:09.0508 4900 FltMgr - ok

08:56:10.0662 4900 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

08:56:10.0803 4900 FontCache - ok

08:56:10.0943 4900 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

08:56:10.0959 4900 FontCache3.0.0.0 - ok

08:56:11.0099 4900 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys

08:56:11.0099 4900 Fs_Rec - ok

08:56:11.0255 4900 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

08:56:11.0255 4900 gagp30kx - ok

08:56:11.0817 4900 GameConsoleService (6858c318e8daa40e747e6fb9b214e104) C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

08:56:11.0817 4900 GameConsoleService - ok

08:56:11.0926 4900 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

08:56:11.0988 4900 GEARAspiWDM - ok

08:56:12.0175 4900 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

08:56:12.0253 4900 gpsvc - ok

08:56:12.0909 4900 gupdate1ca58b169fd7b60 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

08:56:12.0924 4900 gupdate1ca58b169fd7b60 - ok

08:56:13.0080 4900 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

08:56:13.0080 4900 gupdatem - ok

08:56:13.0205 4900 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

08:56:13.0314 4900 gusvc - ok

08:56:13.0361 4900 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

08:56:13.0439 4900 HdAudAddService - ok

08:56:13.0501 4900 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

08:56:13.0595 4900 HDAudBus - ok

08:56:13.0611 4900 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

08:56:13.0611 4900 HidBth - ok

08:56:13.0642 4900 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

08:56:13.0642 4900 HidIr - ok

08:56:13.0673 4900 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll

08:56:13.0673 4900 hidserv - ok

08:56:13.0735 4900 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

08:56:13.0735 4900 HidUsb - ok

08:56:13.0923 4900 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

08:56:13.0923 4900 hkmsvc - ok

08:56:14.0547 4900 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

08:56:14.0547 4900 HP Health Check Service - ok

08:56:14.0640 4900 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

08:56:14.0640 4900 HpCISSs - ok

08:56:14.0812 4900 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

08:56:14.0827 4900 HpqKbFiltr - ok

08:56:14.0952 4900 hpqwmiex (1665c7121a026df10c903db9bc5e9d43) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

08:56:14.0968 4900 hpqwmiex - ok

08:56:15.0342 4900 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys

08:56:15.0514 4900 HSF_DPV - ok

08:56:15.0529 4900 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

08:56:15.0545 4900 HSXHWAZL - ok

08:56:15.0717 4900 HTTP (4d6eb87dcabfd66221822f49cfd79077) C:\Windows\system32\drivers\HTTP.sys

08:56:15.0810 4900 HTTP - ok

08:56:15.0841 4900 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

08:56:15.0841 4900 i2omp - ok

08:56:15.0951 4900 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

08:56:16.0060 4900 i8042prt - ok

08:56:16.0200 4900 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

08:56:16.0325 4900 iaStorV - ok

08:56:16.0809 4900 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

08:56:16.0887 4900 IDriverT - ok

08:56:17.0557 4900 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

08:56:17.0713 4900 idsvc - ok

08:56:17.0760 4900 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

08:56:17.0760 4900 iirsp - ok

08:56:17.0807 4900 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

08:56:17.0916 4900 IKEEXT - ok

08:56:17.0932 4900 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys

08:56:17.0947 4900 intelide - ok

08:56:17.0963 4900 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

08:56:17.0979 4900 intelppm - ok

08:56:18.0025 4900 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

08:56:18.0025 4900 IPBusEnum - ok

08:56:18.0072 4900 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:56:18.0088 4900 IpFilterDriver - ok

08:56:18.0400 4900 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

08:56:18.0415 4900 iphlpsvc - ok

08:56:18.0447 4900 IpInIp - ok

08:56:18.0634 4900 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

08:56:18.0759 4900 IPMIDRV - ok

08:56:18.0790 4900 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

08:56:18.0790 4900 IPNAT - ok

08:56:19.0133 4900 iPod Service (6e27978a4755f4789f912f5f49392f7c) C:\Program Files\iPod\bin\iPodService.exe

08:56:19.0320 4900 iPod Service - ok

08:56:19.0336 4900 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

08:56:19.0351 4900 IRENUM - ok

08:56:19.0414 4900 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

08:56:19.0570 4900 isapnp - ok

08:56:19.0601 4900 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

08:56:19.0601 4900 iScsiPrt - ok

08:56:19.0617 4900 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

08:56:19.0632 4900 iteatapi - ok

08:56:19.0648 4900 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

08:56:19.0663 4900 iteraid - ok

08:56:19.0679 4900 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

08:56:19.0679 4900 kbdclass - ok

08:56:19.0710 4900 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys

08:56:19.0710 4900 kbdhid - ok

08:56:19.0851 4900 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

08:56:19.0866 4900 KeyIso - ok

08:56:19.0913 4900 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

08:56:19.0929 4900 KSecDD - ok

08:56:19.0975 4900 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

08:56:19.0991 4900 KtmRm - ok

08:56:20.0209 4900 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll

08:56:20.0209 4900 LanmanServer - ok

08:56:20.0381 4900 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

08:56:20.0428 4900 LanmanWorkstation - ok

08:56:21.0239 4900 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

08:56:21.0255 4900 LightScribeService - ok

08:56:21.0364 4900 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

08:56:21.0395 4900 lltdio - ok

08:56:21.0879 4900 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

08:56:21.0941 4900 lltdsvc - ok

08:56:22.0035 4900 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

08:56:22.0128 4900 lmhosts - ok

08:56:22.0206 4900 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

08:56:22.0393 4900 LSI_FC - ok

08:56:22.0409 4900 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

08:56:22.0425 4900 LSI_SAS - ok

08:56:22.0440 4900 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

08:56:22.0440 4900 LSI_SCSI - ok

08:56:22.0456 4900 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

08:56:22.0471 4900 luafv - ok

08:56:22.0534 4900 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys

08:56:22.0549 4900 MBAMProtector - ok

08:56:22.0768 4900 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

08:56:22.0908 4900 MBAMService - ok

08:56:22.0955 4900 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

08:56:22.0971 4900 Mcx2Svc - ok

08:56:23.0080 4900 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

08:56:23.0080 4900 mdmxsdk - ok

08:56:23.0205 4900 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

08:56:23.0220 4900 megasas - ok

08:56:23.0797 4900 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

08:56:24.0016 4900 MegaSR - ok

08:56:24.0078 4900 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

08:56:24.0172 4900 MMCSS - ok

08:56:24.0250 4900 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

08:56:24.0265 4900 Modem - ok

08:56:24.0312 4900 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

08:56:24.0328 4900 monitor - ok

08:56:24.0421 4900 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

08:56:24.0546 4900 mouclass - ok

08:56:24.0593 4900 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

08:56:24.0593 4900 mouhid - ok

08:56:24.0640 4900 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

08:56:24.0655 4900 MountMgr - ok

08:56:24.0765 4900 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

08:56:24.0889 4900 mpio - ok

08:56:24.0905 4900 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

08:56:24.0921 4900 mpsdrv - ok

08:56:24.0983 4900 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

08:56:25.0186 4900 MpsSvc - ok

08:56:25.0201 4900 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

08:56:25.0201 4900 Mraid35x - ok

08:56:25.0279 4900 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

08:56:25.0295 4900 MRxDAV - ok

08:56:25.0373 4900 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

08:56:25.0373 4900 mrxsmb - ok

08:56:25.0482 4900 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:56:25.0513 4900 mrxsmb10 - ok

08:56:25.0576 4900 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:56:25.0685 4900 mrxsmb20 - ok

08:56:25.0716 4900 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys

08:56:25.0716 4900 msahci - ok

08:56:25.0732 4900 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

08:56:25.0747 4900 msdsm - ok

08:56:25.0779 4900 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

08:56:25.0888 4900 MSDTC - ok

08:56:25.0935 4900 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

08:56:25.0935 4900 Msfs - ok

08:56:25.0950 4900 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

08:56:25.0966 4900 msisadrv - ok

08:56:25.0997 4900 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

08:56:26.0013 4900 MSiSCSI - ok

08:56:26.0013 4900 msiserver - ok

08:56:26.0044 4900 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

08:56:26.0059 4900 MSKSSRV - ok

08:56:26.0091 4900 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

08:56:26.0106 4900 MSPCLOCK - ok

08:56:26.0153 4900 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

08:56:26.0153 4900 MSPQM - ok

08:56:26.0278 4900 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

08:56:26.0293 4900 MsRPC - ok

08:56:26.0418 4900 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

08:56:26.0418 4900 mssmbios - ok

08:56:26.0637 4900 MSSQL$SONY_MEDIAMGR - ok

08:56:26.0746 4900 MSSQLServerADHelper (cb7524c21727404bd3140dca32deb7de) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe

08:56:26.0808 4900 MSSQLServerADHelper - ok

08:56:26.0871 4900 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

08:56:26.0871 4900 MSTEE - ok

08:56:26.0902 4900 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

08:56:26.0902 4900 Mup - ok

08:56:27.0089 4900 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

08:56:27.0105 4900 napagent - ok

08:56:27.0323 4900 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

08:56:27.0417 4900 NativeWifiP - ok

08:56:27.0635 4900 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

08:56:27.0744 4900 NDIS - ok

08:56:27.0838 4900 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

08:56:27.0853 4900 NdisTapi - ok

08:56:27.0963 4900 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

08:56:27.0963 4900 Ndisuio - ok

08:56:28.0009 4900 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

08:56:28.0119 4900 NdisWan - ok

08:56:28.0212 4900 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

08:56:28.0212 4900 NDProxy - ok

08:56:28.0321 4900 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

08:56:28.0415 4900 NetBIOS - ok

08:56:28.0571 4900 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

08:56:28.0696 4900 netbt - ok

08:56:28.0789 4900 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

08:56:28.0789 4900 Netlogon - ok

08:56:29.0117 4900 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

08:56:29.0382 4900 Netman - ok

08:56:29.0491 4900 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

08:56:29.0491 4900 netprofm - ok

08:56:30.0084 4900 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

08:56:30.0100 4900 NetTcpPortSharing - ok

08:56:30.0724 4900 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys

08:56:30.0849 4900 NETw3v32 - ok

08:56:31.0644 4900 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

08:56:31.0769 4900 nfrd960 - ok

08:56:31.0816 4900 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

08:56:31.0831 4900 NlaSvc - ok

08:56:31.0863 4900 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

08:56:31.0863 4900 Npfs - ok

08:56:31.0894 4900 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

08:56:31.0894 4900 nsi - ok

08:56:31.0925 4900 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

08:56:31.0925 4900 nsiproxy - ok

08:56:32.0143 4900 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

08:56:32.0424 4900 Ntfs - ok

08:56:32.0518 4900 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

08:56:32.0518 4900 ntrigdigi - ok

08:56:32.0549 4900 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

08:56:32.0565 4900 Null - ok

08:56:32.0908 4900 NVENETFD (ae78a7285df03a277415fc62f8ce8f24) C:\Windows\system32\DRIVERS\nvmfdx32.sys

08:56:33.0126 4900 NVENETFD - ok

08:56:33.0173 4900 NVHDA (b0dd52428bf564f5fc5ee331060be2a6) C:\Windows\system32\drivers\nvhda32v.sys

08:56:33.0173 4900 NVHDA - ok

08:56:35.0731 4900 nvlddmkm (9dac05d828e56801fd6ce5fdfced64af) C:\Windows\system32\DRIVERS\nvlddmkm.sys

08:56:36.0496 4900 nvlddmkm - ok

08:56:37.0822 4900 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

08:56:37.0837 4900 nvraid - ok

08:56:37.0884 4900 nvsmu (0fb6bf3ab170fc5bd403d25e134eafde) C:\Windows\system32\DRIVERS\nvsmu.sys

08:56:37.0900 4900 nvsmu - ok

08:56:38.0134 4900 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

08:56:38.0165 4900 nvstor - ok

08:56:38.0524 4900 nvsvc (51e7f2c26b6ece61c5241f1f731eab2b) C:\Windows\system32\nvvsvc.exe

08:56:38.0664 4900 nvsvc - ok

08:56:38.0758 4900 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

08:56:38.0773 4900 nv_agp - ok

08:56:38.0773 4900 NwlnkFlt - ok

08:56:38.0789 4900 NwlnkFwd - ok

08:56:39.0444 4900 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

08:56:39.0959 4900 odserv - ok

08:56:40.0255 4900 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys

08:56:40.0271 4900 ohci1394 - ok

08:56:40.0614 4900 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

08:56:40.0645 4900 ose - ok

08:56:41.0503 4900 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

08:56:41.0644 4900 p2pimsvc - ok

08:56:41.0659 4900 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

08:56:41.0675 4900 p2psvc - ok

08:56:41.0909 4900 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

08:56:41.0925 4900 Parport - ok

08:56:42.0034 4900 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

08:56:42.0049 4900 partmgr - ok

08:56:42.0096 4900 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

08:56:42.0096 4900 Parvdm - ok

08:56:42.0174 4900 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

08:56:42.0174 4900 PcaSvc - ok

08:56:42.0439 4900 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

08:56:42.0455 4900 pci - ok

08:56:42.0580 4900 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

08:56:42.0595 4900 pciide - ok

08:56:42.0798 4900 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

08:56:42.0829 4900 pcmcia - ok

08:56:43.0266 4900 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

08:56:43.0329 4900 PEAUTH - ok

08:56:44.0483 4900 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

08:56:44.0935 4900 pla - ok

08:56:46.0511 4900 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

08:56:46.0511 4900 PlugPlay - ok

08:56:46.0870 4900 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

08:56:46.0870 4900 PNRPAutoReg - ok

08:56:46.0901 4900 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

08:56:46.0917 4900 PNRPsvc - ok

08:56:47.0166 4900 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

08:56:47.0244 4900 PolicyAgent - ok

08:56:47.0400 4900 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

08:56:47.0416 4900 PptpMiniport - ok

08:56:47.0541 4900 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys

08:56:47.0541 4900 Processor - ok

08:56:47.0697 4900 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

08:56:47.0712 4900 ProfSvc - ok

08:56:47.0790 4900 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

08:56:47.0806 4900 ProtectedStorage - ok

08:56:47.0899 4900 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

08:56:47.0915 4900 PSched - ok

08:56:48.0539 4900 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

08:56:48.0695 4900 ql2300 - ok

08:56:48.0851 4900 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

08:56:48.0913 4900 ql40xx - ok

08:56:49.0101 4900 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

08:56:49.0132 4900 QWAVE - ok

08:56:49.0210 4900 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

08:56:49.0210 4900 QWAVEdrv - ok

08:56:49.0257 4900 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

08:56:49.0303 4900 RasAcd - ok

08:56:49.0475 4900 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

08:56:49.0537 4900 RasAuto - ok

08:56:49.0615 4900 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

08:56:49.0662 4900 Rasl2tp - ok

08:56:49.0912 4900 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

08:56:49.0974 4900 RasMan - ok

08:56:50.0005 4900 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

08:56:50.0005 4900 RasPppoe - ok

08:56:50.0161 4900 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

08:56:50.0286 4900 RasSstp - ok

08:56:50.0692 4900 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

08:56:50.0895 4900 rdbss - ok

08:56:50.0926 4900 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

08:56:50.0941 4900 RDPCDD - ok

08:56:53.0032 4900 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

08:56:53.0110 4900 rdpdr - ok

08:56:53.0141 4900 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

08:56:53.0188 4900 RDPENCDD - ok

08:56:53.0578 4900 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys

08:56:53.0656 4900 RDPWD - ok

08:56:54.0280 4900 Recovery Service for Windows (0d362785bef9bdf5a6e1f4628d06716d) C:\Program Files\SMINST\BLService.exe

08:56:54.0311 4900 Recovery Service for Windows - ok

08:56:54.0373 4900 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

08:56:54.0373 4900 RemoteAccess - ok

08:56:54.0483 4900 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

08:56:54.0498 4900 RemoteRegistry - ok

08:56:55.0122 4900 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files\CyberLink\Shared files\RichVideo.exe

08:56:55.0138 4900 RichVideo - ok

08:56:55.0309 4900 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

08:56:55.0372 4900 RpcLocator - ok

08:56:57.0727 4900 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

08:56:57.0743 4900 RpcSs - ok

08:56:58.0055 4900 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

08:56:58.0071 4900 rspndr - ok

08:56:58.0211 4900 RTSTOR (8dab5975b5c7923d61506a48e251dbad) C:\Windows\system32\drivers\RTSTOR.SYS

08:56:58.0211 4900 RTSTOR - ok

08:56:58.0336 4900 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

08:56:58.0383 4900 SamSs - ok

08:56:58.0554 4900 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

08:56:58.0632 4900 sbp2port - ok

08:56:58.0741 4900 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

08:56:58.0804 4900 SCardSvr - ok

08:56:59.0241 4900 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

08:56:59.0319 4900 Schedule - ok

08:56:59.0365 4900 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

08:56:59.0365 4900 SCPolicySvc - ok

08:56:59.0428 4900 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys

08:56:59.0443 4900 sdbus - ok

08:56:59.0599 4900 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

08:56:59.0662 4900 SDRSVC - ok

08:56:59.0755 4900 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

08:56:59.0755 4900 secdrv - ok

08:56:59.0896 4900 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

08:56:59.0911 4900 seclogon - ok

08:56:59.0989 4900 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

08:57:00.0005 4900 SENS - ok

08:57:00.0052 4900 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

08:57:00.0052 4900 Serenum - ok

08:57:00.0192 4900 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

08:57:00.0208 4900 Serial - ok

08:57:00.0223 4900 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

08:57:00.0223 4900 sermouse - ok

08:57:00.0333 4900 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

08:57:00.0348 4900 SessionEnv - ok

08:57:00.0379 4900 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

08:57:00.0426 4900 sffdisk - ok

08:57:00.0520 4900 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

08:57:00.0582 4900 sffp_mmc - ok

08:57:00.0832 4900 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

08:57:00.0847 4900 sffp_sd - ok

08:57:00.0941 4900 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

08:57:00.0941 4900 sfloppy - ok

08:57:01.0113 4900 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

08:57:01.0128 4900 SharedAccess - ok

08:57:01.0222 4900 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

08:57:01.0331 4900 ShellHWDetection - ok

08:57:01.0471 4900 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

08:57:01.0487 4900 sisagp - ok

08:57:01.0518 4900 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

08:57:01.0518 4900 SiSRaid2 - ok

08:57:01.0549 4900 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

08:57:01.0565 4900 SiSRaid4 - ok

08:57:01.0877 4900 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe

08:57:02.0064 4900 SkypeUpdate - ok

08:57:03.0889 4900 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

08:57:04.0217 4900 slsvc - ok

08:57:04.0810 4900 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

08:57:04.0810 4900 SLUINotify - ok

08:57:04.0981 4900 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

08:57:04.0981 4900 Smb - ok

08:57:05.0091 4900 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

08:57:05.0091 4900 SNMPTRAP - ok

08:57:05.0106 4900 SNP2UVC - ok

08:57:05.0262 4900 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

08:57:05.0262 4900 spldr - ok

08:57:05.0356 4900 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

08:57:05.0371 4900 Spooler - ok

08:57:05.0449 4900 sptd (8ea0fd60a5b047e0c734d51aace531c9) C:\Windows\System32\Drivers\sptd.sys

08:57:05.0465 4900 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 8ea0fd60a5b047e0c734d51aace531c9

08:57:05.0465 4900 sptd ( LockedFile.Multi.Generic ) - warning

08:57:05.0465 4900 sptd - detected LockedFile.Multi.Generic (1)

08:57:05.0793 4900 SQLAgent$SONY_MEDIAMGR - ok

08:57:06.0089 4900 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

08:57:06.0105 4900 srv - ok

08:57:06.0339 4900 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

08:57:06.0339 4900 srv2 - ok

08:57:06.0354 4900 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

08:57:06.0370 4900 srvnet - ok

08:57:06.0853 4900 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

08:57:07.0009 4900 SSDPSRV - ok

08:57:07.0212 4900 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

08:57:07.0212 4900 SstpSvc - ok

08:57:07.0540 4900 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

08:57:07.0555 4900 StarWindServiceAE - ok

08:57:07.0649 4900 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

08:57:07.0665 4900 stisvc - ok

08:57:07.0743 4900 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

08:57:07.0743 4900 swenum - ok

08:57:08.0320 4900 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

08:57:08.0429 4900 SwitchBoard - ok

08:57:08.0835 4900 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

08:57:08.0835 4900 swprv - ok

08:57:08.0850 4900 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

08:57:08.0866 4900 Symc8xx - ok

08:57:09.0037 4900 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

08:57:09.0037 4900 Sym_hi - ok

08:57:09.0178 4900 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

08:57:09.0178 4900 Sym_u3 - ok

08:57:09.0209 4900 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys

08:57:09.0225 4900 SynTP - ok

08:57:09.0271 4900 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

08:57:09.0287 4900 SysMain - ok

08:57:09.0318 4900 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

08:57:09.0334 4900 TabletInputService - ok

08:57:09.0365 4900 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

08:57:09.0365 4900 TapiSrv - ok

08:57:09.0396 4900 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

08:57:09.0396 4900 TBS - ok

08:57:09.0989 4900 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

08:57:10.0036 4900 Tcpip - ok

08:57:10.0051 4900 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

08:57:10.0067 4900 Tcpip6 - ok

08:57:10.0566 4900 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

08:57:10.0691 4900 tcpipreg - ok

08:57:10.0972 4900 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

08:57:10.0987 4900 TDPIPE - ok

08:57:11.0377 4900 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

08:57:11.0440 4900 TDTCP - ok

08:57:12.0033 4900 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

08:57:12.0469 4900 tdx - ok

08:57:12.0547 4900 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

08:57:12.0594 4900 TermDD - ok

08:57:13.0998 4900 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

08:57:13.0998 4900 TermService - ok

08:57:14.0591 4900 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

08:57:15.0043 4900 Themes - ok

08:57:15.0418 4900 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

08:57:15.0433 4900 THREADORDER - ok

08:57:16.0369 4900 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

08:57:16.0494 4900 TrkWks - ok

08:57:16.0728 4900 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

08:57:16.0728 4900 TrustedInstaller - ok

08:57:16.0822 4900 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

08:57:16.0822 4900 tssecsrv - ok

08:57:16.0947 4900 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

08:57:16.0947 4900 tunmp - ok

08:57:16.0978 4900 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

08:57:16.0978 4900 tunnel - ok

08:57:18.0538 4900 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

08:57:18.0616 4900 uagp35 - ok

08:57:19.0037 4900 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

08:57:19.0068 4900 udfs - ok

08:57:19.0224 4900 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

08:57:19.0240 4900 UI0Detect - ok

08:57:19.0396 4900 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

08:57:19.0396 4900 uliagpkx - ok

08:57:19.0583 4900 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

08:57:20.0035 4900 uliahci - ok

08:57:20.0082 4900 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

08:57:20.0098 4900 UlSata - ok

08:57:20.0145 4900 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

08:57:20.0238 4900 ulsata2 - ok

08:57:20.0815 4900 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

08:57:20.0862 4900 umbus - ok

08:57:21.0018 4900 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

08:57:21.0034 4900 upnphost - ok

08:57:21.0081 4900 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys

08:57:21.0081 4900 USBAAPL - ok

08:57:21.0221 4900 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

08:57:21.0237 4900 usbaudio - ok

08:57:21.0315 4900 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

08:57:21.0315 4900 usbccgp - ok

08:57:21.0377 4900 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

08:57:21.0393 4900 usbcir - ok

08:57:21.0486 4900 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

08:57:21.0595 4900 usbehci - ok

08:57:21.0627 4900 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

08:57:21.0642 4900 usbhub - ok

08:57:21.0689 4900 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

08:57:21.0689 4900 usbohci - ok

08:57:21.0892 4900 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

08:57:21.0954 4900 usbprint - ok

08:57:22.0048 4900 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:57:22.0048 4900 USBSTOR - ok

08:57:22.0095 4900 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

08:57:22.0204 4900 usbuhci - ok

08:57:22.0251 4900 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

08:57:22.0251 4900 usbvideo - ok

08:57:22.0282 4900 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

08:57:22.0282 4900 UxSms - ok

08:57:22.0313 4900 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

08:57:22.0453 4900 vds - ok

08:57:22.0485 4900 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

08:57:22.0485 4900 vga - ok

08:57:22.0531 4900 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

08:57:22.0531 4900 VgaSave - ok

08:57:22.0563 4900 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

08:57:22.0563 4900 viaagp - ok

08:57:22.0594 4900 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

08:57:22.0594 4900 ViaC7 - ok

08:57:22.0641 4900 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys

08:57:22.0734 4900 viaide - ok

08:57:22.0921 4900 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

08:57:22.0921 4900 volmgr - ok

08:57:23.0374 4900 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

08:57:23.0452 4900 volmgrx - ok

08:57:23.0935 4900 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

08:57:24.0201 4900 volsnap - ok

08:57:24.0372 4900 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

08:57:24.0388 4900 vsmraid - ok

08:57:24.0731 4900 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

08:57:24.0918 4900 VSS - ok

08:57:25.0542 4900 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

08:57:25.0605 4900 vToolbarUpdater10.2.0 - ok

08:57:26.0431 4900 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

08:57:26.0431 4900 W32Time - ok

08:57:26.0619 4900 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

08:57:26.0619 4900 WacomPen - ok

08:57:26.0790 4900 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

08:57:26.0868 4900 Wanarp - ok

08:57:26.0884 4900 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

08:57:26.0884 4900 Wanarpv6 - ok

08:57:27.0071 4900 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

08:57:27.0445 4900 wcncsvc - ok

08:57:27.0508 4900 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

08:57:27.0508 4900 WcsPlugInService - ok

08:57:27.0679 4900 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

08:57:27.0679 4900 Wd - ok

08:57:27.0820 4900 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

08:57:28.0007 4900 Wdf01000 - ok

08:57:28.0023 4900 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

08:57:28.0023 4900 WdiServiceHost - ok

08:57:28.0038 4900 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

08:57:28.0038 4900 WdiSystemHost - ok

08:57:28.0085 4900 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

08:57:28.0101 4900 WebClient - ok

08:57:28.0444 4900 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

08:57:28.0475 4900 Wecsvc - ok

08:57:28.0506 4900 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

08:57:28.0506 4900 wercplsupport - ok

08:57:28.0912 4900 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

08:57:28.0959 4900 WerSvc - ok

08:57:29.0130 4900 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

08:57:29.0161 4900 winachsf - ok

08:57:30.0082 4900 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

08:57:30.0097 4900 WinDefend - ok

08:57:30.0113 4900 WinHttpAutoProxySvc - ok

08:57:30.0316 4900 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

08:57:30.0316 4900 Winmgmt - ok

08:57:32.0313 4900 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

08:57:32.0531 4900 WinRM - ok

08:57:33.0139 4900 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

08:57:33.0186 4900 Wlansvc - ok

08:57:33.0685 4900 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

08:57:33.0701 4900 wlcrasvc - ok

08:57:34.0341 4900 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

08:57:34.0450 4900 wlidsvc - ok

08:57:34.0731 4900 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

08:57:34.0731 4900 WmiAcpi - ok

08:57:35.0308 4900 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

08:57:35.0417 4900 wmiApSrv - ok

08:57:36.0041 4900 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

08:57:36.0088 4900 WMPNetworkSvc - ok

08:57:36.0181 4900 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

08:57:36.0275 4900 WPCSvc - ok

08:57:36.0400 4900 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

08:57:36.0400 4900 WPDBusEnum - ok

08:57:36.0649 4900 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

08:57:36.0743 4900 WpdUsb - ok

08:57:37.0289 4900 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

08:57:37.0429 4900 WPFFontCache_v0400 - ok

08:57:37.0476 4900 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

08:57:37.0492 4900 ws2ifsl - ok

08:57:37.0632 4900 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll

08:57:37.0632 4900 wscsvc - ok

08:57:37.0648 4900 WSearch - ok

08:57:38.0241 4900 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

08:57:38.0256 4900 wuauserv - ok

08:57:38.0755 4900 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

08:57:38.0787 4900 wudfsvc - ok

08:57:38.0880 4900 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys

08:57:38.0989 4900 XAudio - ok

08:57:39.0036 4900 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe

08:57:39.0208 4900 XAudioService - ok

08:57:39.0239 4900 XDva393 - ok

08:57:39.0598 4900 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys

08:57:39.0645 4900 yukonwlh - ok

08:57:39.0785 4900 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0

08:57:39.0863 4900 \Device\Harddisk0\DR0 - ok

08:57:39.0957 4900 Boot (0x1200) (9f4cf0f1aa52631794d20a3e083fba49) \Device\Harddisk0\DR0\Partition0

08:57:39.0972 4900 \Device\Harddisk0\DR0\Partition0 - ok

08:57:40.0035 4900 Boot (0x1200) (118f8ff060c1de8d16782d5e3b1c42e2) \Device\Harddisk0\DR0\Partition1

08:57:40.0035 4900 \Device\Harddisk0\DR0\Partition1 - ok

08:57:40.0035 4900 ============================================================

08:57:40.0035 4900 Scan finished

08:57:40.0035 4900 ============================================================

08:57:40.0050 4312 Detected object count: 3

08:57:40.0050 4312 Actual detected object count: 3

08:58:30.0360 4312 Akamai ( HiddenFile.Multi.Generic ) - skipped by user

08:58:30.0360 4312 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

08:58:30.0469 4312 C:\Windows\system32\drivers\arc.sys - copied to quarantine

08:58:30.0657 4312 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

08:58:30.0672 4312 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine

08:58:30.0672 4312 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine

08:58:30.0797 4312 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine

08:58:31.0093 4312 Backup copy found, using it..

08:58:31.0156 4312 C:\Windows\system32\drivers\arc.sys - will be cured on reboot

08:58:31.0156 4312 arc ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure

08:58:31.0171 4312 sptd ( LockedFile.Multi.Generic ) - skipped by user

08:58:31.0171 4312 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

08:58:39.0720 5424 Deinitialize success

Share this post


Link to post
Share on other sites

That confirmed indeed the rootkit. While it is gone now, please read the following information before continuing.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and cleaned, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Share this post


Link to post
Share on other sites

Hmmm I'm a little unsure on what to do. My computer doesn't have high ''private'' information except for my debit card account. I do believe a re-instal and reformat would be good. I've been having these problems for a while and to be honest, haha I just want to get rid of it all and start over. I'm not too sure how that works though. That's re-installing everything right? The laptop I am using right now has a broken screen, so I am forced to use a separate screen connected to it that only ''activates'' on log in. I've tried re-installing Vista and everything in the past but with the separate screen, I can't see the first screens where the ''install'' would show normally.

Also, I'm assuming that would require the original disc I downloaded Vista with on my computer? What do you believe I should do about the screen issue. Is there a way to re-instal and re-format while using my separate screen? If yes, any more information you could give?

Share this post


Link to post
Share on other sites

In that case the best option would be to go for the cleanup at this point. Once the computer is clean you can always decide to do a reformat/reinstall. I'm not sure there is anything you can do about the screen issue though.

Share this post


Link to post
Share on other sites

Ok ! I did the clean up with Combofix and here is my log:

ComboFix 12-04-31.02 - Amy 30/04/2012 10:33:26.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2814.1622 [GMT -4:00]

Running from: c:\users\Amy\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\program files\premieropinion

c:\program files\premieropinion\asmcf.dat

c:\program files\premieropinion\ncncf.dat

c:\program files\premieropinion\nscf.dat

c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar

c:\programdata\Microsoft\Windows\Start Menu\Programs\PremierOpinion

c:\users\Amy\AppData\Local\.#

c:\users\Amy\AppData\Local\assembly\tmp

c:\users\Amy\AppData\Roaming\app

c:\users\Amy\AppData\Roaming\app\Jerakine_lang.dat

c:\users\Amy\AppData\Roaming\app\Jerakine_lang_vesrion.dat

c:\users\Amy\AppData\Roaming\RIFT

c:\users\Amy\AppData\Roaming\RIFT\rift.cfg

c:\users\Amy\AppData\Roaming\WeatherDPA

c:\users\Amy\Documents\~WRL0430.tmp

c:\users\Amy\Documents\~WRL0440.tmp

c:\users\Amy\Documents\~WRL0616.tmp

c:\users\Amy\Documents\~WRL1002.tmp

c:\users\Amy\Documents\~WRL1029.tmp

c:\users\Amy\Documents\~WRL1966.tmp

c:\users\Amy\Documents\~WRL2188.tmp

c:\users\Amy\Documents\~WRL2256.tmp

c:\users\Amy\Documents\~WRL2391.tmp

c:\users\Amy\Documents\~WRL2677.tmp

c:\users\Amy\Documents\~WRL2759.tmp

c:\users\Amy\Documents\~WRL2766.tmp

c:\users\Amy\Documents\~WRL2932.tmp

c:\users\Amy\Documents\~WRL3112.tmp

c:\users\Amy\Documents\~WRL3191.tmp

c:\users\Amy\Documents\~WRL3611.tmp

c:\users\Amy\Documents\~WRL3627.tmp

c:\users\Amy\Documents\~WRL3786.tmp

c:\users\Amy\Documents\~WRL3950.tmp

c:\users\Amy\Documents\~WRL4082.tmp

c:\windows\system32\spsys.log

.

.

((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-30 )))))))))))))))))))))))))))))))

.

.

2012-04-30 15:01 . 2012-04-30 15:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-30 15:01 . 2012-04-30 15:01 -------- d-----w- c:\users\Shamrock Produktions\AppData\Local\temp

2012-04-30 12:58 . 2012-04-30 12:58 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-30 02:00 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-30 02:00 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll

2012-04-30 02:00 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-30 02:00 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-30 01:58 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-30 01:58 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-30 01:48 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys

2012-04-30 01:48 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll

2012-04-30 01:48 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-30 01:48 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2012-04-30 01:41 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll

2012-04-30 01:41 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-04-30 01:41 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2012-04-30 01:41 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll

2012-04-30 01:40 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2012-04-29 19:52 . 2012-04-29 19:52 -------- d-----w- c:\program files\Trend Micro

2012-04-29 18:34 . 2012-04-29 18:34 -------- d-----w- c:\users\Amy\AppData\Roaming\Malwarebytes

2012-04-26 19:15 . 2012-04-26 19:15 -------- d-----w- c:\users\Amy\AppData\Roaming\yess

2012-04-23 12:59 . 2012-04-30 15:00 -------- d-----w- c:\users\Amy\AppData\Local\assembly

2012-04-23 12:58 . 2012-04-23 17:10 -------- d-----w- c:\program files\NCSoft

2012-04-23 12:55 . 2012-04-23 12:55 -------- d-----w- c:\users\Amy\AppData\Roaming\InstallShield

2012-04-20 07:29 . 2012-04-29 18:19 -------- d-----w- c:\program files\World of Warcraft Beta

2012-04-17 16:48 . 2012-04-17 16:50 -------- d-----w- c:\users\Amy\AppData\Roaming\Digiarty

2012-04-17 16:47 . 2012-04-17 16:50 -------- d-----w- c:\program files\Digiarty

2012-04-17 16:37 . 2012-04-17 16:37 -------- d-----w- c:\users\Amy\AppData\Roaming\Apowersoft

2012-04-17 16:26 . 2012-04-17 16:26 -------- d-----w- c:\programdata\NCH Software

2012-04-17 16:26 . 2012-04-17 16:27 -------- d-----w- c:\users\Amy\AppData\Roaming\NCH Software

2012-04-13 12:42 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-13 06:00 . 2012-04-13 06:02 -------- d-----w- c:\programdata\Battle.net

2012-04-03 22:08 . 2012-04-03 22:08 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\5807e0d01cd11e604\MeshBetaRemover.exe

2012-04-03 22:07 . 2012-04-03 22:07 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\38f096b01cd11e603\DSETUP.dll

2012-04-03 22:07 . 2012-04-03 22:07 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\38f096b01cd11e603\DXSETUP.exe

2012-04-03 22:07 . 2012-04-03 22:07 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\38f096b01cd11e603\dsetup32.dll

2012-04-03 22:07 . 2012-04-03 22:07 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\2e4061f01cd11e602\DSETUP.dll

2012-04-03 22:07 . 2012-04-03 22:07 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\2e4061f01cd11e602\DXSETUP.exe

2012-04-03 22:07 . 2012-04-03 22:07 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\2e4061f01cd11e602\dsetup32.dll

2012-04-02 13:18 . 2012-04-02 13:18 -------- d-----w- c:\program files\Common Files\Skype

2012-04-02 08:02 . 2010-01-13 20:48 230752 ----a-w- c:\windows\patchw32.dll

2012-04-02 07:39 . 2012-04-20 08:17 -------- d-----w- c:\program files\Outspark

2012-04-02 06:03 . 2012-04-11 00:22 -------- d-----w- c:\users\Amy\AppData\Local\PMB Files

2012-04-02 06:02 . 2012-04-02 06:03 -------- d-----w- c:\programdata\PMB Files

2012-04-02 06:01 . 2012-04-02 06:02 -------- d-----w- c:\program files\Pando Networks

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-30 13:00 . 2006-11-02 07:36 79416 ----a-w- c:\windows\system32\drivers\arc.sys

2012-04-19 19:28 . 2010-10-07 21:49 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-29 22:45 . 2011-03-28 22:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-03-09 20:03 . 2011-07-11 23:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\system32\sirenacm.dll

2012-02-04 01:20 . 2012-02-04 01:20 0 ---ha-w- c:\users\Amy\AppData\Local\BIT4060.tmp

2012-02-04 01:18 . 2012-02-04 01:18 0 ---ha-w- c:\users\Amy\AppData\Local\BIT31CC.tmp

2012-02-04 01:18 . 2012-02-04 01:18 0 ---ha-w- c:\users\Amy\AppData\Local\BIT1382.tmp

2012-02-04 01:12 . 2012-02-04 01:12 0 ---ha-w- c:\users\Amy\AppData\Local\BITF9B.tmp

2012-02-04 01:12 . 2012-02-04 01:12 0 ---ha-w- c:\users\Amy\AppData\Local\BIT1289.tmp

2012-02-02 18:57 . 2012-02-02 18:57 808440 ----a-w- c:\windows\system32\CDDBUI.dll

2012-02-02 18:57 . 2012-02-02 18:57 796152 ----a-w- c:\windows\system32\CDDBControl.dll

2012-02-02 18:57 . 2012-02-02 18:57 169464 ----a-w- c:\windows\system32\CddbLangRU.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

2011-01-17 14:54 175912 ----a-w- c:\program files\Freecorder\prxtbFre0.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-03-13 03:10 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-02-04 21:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]

"{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"= "c:\program files\Astroburn Toolbar\ABToolbar.dll" [2011-05-23 1000768]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CLASSES_ROOT\clsid\{efeed92a-a33d-4873-ba8f-32baa631e54d}]

[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1]

[HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}]

[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]

"{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"= "c:\program files\Astroburn Toolbar\ABToolbar.dll" [2011-05-23 1000768]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

.

[HKEY_CLASSES_ROOT\clsid\{efeed92a-a33d-4873-ba8f-32baa631e54d}]

[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1]

[HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}]

[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-15 39408]

"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]

"Akamai NetSession Interface"="c:\users\Amy\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]

"Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2008-12-03 542136]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-13 982880]

"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-05 928096]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Gestionnaire Antidote.exe"="c:\progra~1\Druide\Antidote\Gestionnaire Antidote.exe" [2008-12-03 542136]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 90611446

*Deregistered* - 90611446

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

Akamai REG_MULTI_SZ Akamai

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd09fc6922bb47.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-29 16:03]

.

2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc4fb9b1e3d4eb.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-29 16:03]

.

2011-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-171740006-2288968661-193012664-1000Core1cc6ed19e0acd30.job

- c:\users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-13 06:22]

.

2012-04-30 c:\windows\Tasks\HPCeeScheduleForAmy.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-20 18:34]

.

2011-06-20 c:\windows\Tasks\{00C89A4D-BFCA-4C33-B8FF-A508499176F5}.job

- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]

.

2011-09-10 c:\windows\Tasks\{783DD85C-1A5E-4A67-8897-EBE35CDC7725}.job

- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]

.

2011-09-19 c:\windows\Tasks\{79F2124E-BEF3-4197-AE52-380354712124}.job

- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]

.

2011-10-16 c:\windows\Tasks\{99FA5890-163B-4958-B01E-E89675AB52FD}.job

- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]

.

2011-08-23 c:\windows\Tasks\{B732499B-DD1D-4805-9608-65F11F731AE5}.job

- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]

.

2011-10-07 c:\windows\Tasks\{E879C9BF-E54D-416E-BF81-FBAAB9AA589A}.job

- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Save video on Savevid.com - c:\program files\Savevid\redirect.htm

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

HKCU-Run-fsm - (no file)

HKCU-Run-AdobeBridge - (no file)

HKCU-Run-PlayNC Launcher - (no file)

HKLM-Run-PLFSetL - c:\windows\PLFSetL.exe

SafeBoot-90611446.sys

AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-30 11:06

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]

@Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000)

@Denied: (2) (LocalSystem)

"Progid"="SafariDownload"

.

[HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000)

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000)

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]

@Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000)

@Denied: (2) (LocalSystem)

"Progid"="SafariExtension"

.

[HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000)

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]

@Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000)

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]

@Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000)

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000)

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000)

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-171740006-2288968661-193012664-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]

@Denied: (2) (S-1-5-21-171740006-2288968661-193012664-1000)

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-04-30 11:14:15

ComboFix-quarantined-files.txt 2012-04-30 15:13

.

Pre-Run: 17,921,880,064 bytes free

Post-Run: 33,289,764,864 bytes free

.

- - End Of File - - 44F2085D41F63BCEC729FCEB7CE37717

Share this post


Link to post
Share on other sites

That is looking good, how is everything running at this point?

I recommend you to uninstall Freecorder toolbar, as it is a questionable program and cane in some cases slow down your browser. You can uninstall this program using Programs and Features in Control Panel.

Can you please rerun DDS and post me attach.txt (no need for dds.txt).

Share this post


Link to post
Share on other sites

Things are definitely running much faster now :) I uninstalled the Freecorder Toolbar. Here is the attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/09/2009 6:22:15 AM

System Uptime: 30/04/2012 9:00:04 AM (2 hours ago)

.

Motherboard: Wistron | | 303C

Processor: AMD Athlon Dual-Core QL-64 | Socket A | 1050/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 222 GiB total, 31.32 GiB free.

D: is FIXED (NTFS) - 11 GiB total, 1.457 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0006

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter

PNP Device ID: ROOT\*ISATAP\0006

Service: tunnel

.

Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}

Description:

Device ID: ROOT\SYSTEM\0001

Manufacturer:

Name:

PNP Device ID: ROOT\SYSTEM\0001

Service:

.

==== System Restore Points ===================

.

RP640: 30/04/2012 9:18:22 AM - Language Pack Removal

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

7-Zip 4.65

ACID Pro 7.0

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

ActiveCheck component for HP Active Support Library

Adobe After Effects CS4

Adobe After Effects CS4 Presets

Adobe After Effects CS4 Third Party Content

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color Video Profiles AE CS4

Adobe Community Help

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Dynamiclink Support

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Media Encoder CS4

Adobe Media Encoder CS4 Additional Exporter

Adobe Media Encoder CS4 Exporter

Adobe Media Player

Adobe MotionPicture Color Files CS4

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS5

Adobe Reader 9.5.0

Adobe Setup

Adobe Shockwave Player

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe XMP Panels CS4

Akamai NetSession Interface

Akamai NetSession Interface Service

aMSN 0.98.4

Antidote RX v7

Any Video Converter 3.0.6

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASIO4ALL

Ask Toolbar

Astroburn Lite

Astroburn Toolbar

Atheros Driver Installation Program

Audacity 1.3.12 (Unicode)

Audio Player ActiveX

AVG 2011

Bonjour

Boris Continuum Complete 7 for Avid

CamStudio OSS Desktop Recorder

Camtasia Studio 6

Compatibility Pack for the 2007 Office system

Conexant HD Audio

CyberLink DVD Suite

CyberLink YouCam

D3DX10

DAEMON Tools Lite

ESU for Microsoft Vista

Express Burn Disc Burning Software

Finale NotePad 2011

FL Studio 9

Fraps (remove only)

Fwink

GOM Player

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Graboid Video 3.05

HDAUDIO Soft Data Fax Modem with SmartCP

Hotel Dash Suite Success

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Customer Experience Enhancements

HP Doc Viewer

HP DVD Play 3.7

HP Games

HP Help and Support

HP Pavilion Webcam Driver for Vista v061.001.00006

HP Product Detection

HP Quick Launch Buttons 6.40 H2

HP Total Care Advisor

HP Total Care Setup

HP Update

HP User Guides 0118

HP Wireless Assistant

HPAsset component for HP Active Support Library

HPNetworkAssistant

IL Download Manager

iTunes

Java Auto Updater

Java 6 Update 31

Java 6 Update 7

Junk Mail filter update

LabelPrint

LightScribe System Software 1.14.17.1

Malwarebytes Anti-Malware version 1.61.0.1400

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft DirectX SDK (April 2007)

Microsoft Live Search Toolbar

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Edition 2003

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

MixPad Audio Mixer

MSVCRT

MSVCRT Redists

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee Reveal

My Tribe

NCsoft Launcher

NetWaiting

NetZero Preloader

NVIDIA Drivers

Opera 11.62

Pando Media Booster

Passport to Paradise

PDF Settings CS5

Photoshop Camera Raw

Pixel Bender Toolkit

PoiZone

Power2Go

PowerDirector

PVSonyDll

QuickTime

Realtek USB 2.0 Card Reader

Rosetta Stone Version 3

Safari

SaveVid Plug-in

Sawer

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Segoe UI

Skype Click to Call

Skype™ 5.8

Software Informer 1.0 BETA

Sony ACID Pro 6.0

Sony Media Manager 2.2

Suite Shared Configuration CS4

Super Mp3 Recorder Professional v6.2

Synaptics Pointing Device Driver

System Requirements Lab

Toxic Biohazard

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Vegas Movie Studio HD 9.0

Vegas Pro 11.0

Ventrilo Client

VirtualDJ Home FREE

VLC media player 1.0.1

WavePad Sound Editor

Web Games Player Plugin

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.00 beta 3 (32-bit)

WinX HD Video Converter Deluxe 3.12.2

WinX Video Converter 4.5.11

World of Warcraft

World of Warcraft Beta

Xvid Video Codec

.

==== Event Viewer Messages From Past Week ========

.

30/04/2012 9:20:17 AM, Error: Microsoft-Windows-LanguagePackSetup [1003] - CBS error 0x800f0825 reported while operating on UI Language Pack for fr-FR

30/04/2012 9:02:08 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

30/04/2012 8:59:18 AM, Error: Microsoft-Windows-LanguagePackSetup [1003] - CBS error 0x800706ba reported while operating on UI Language Pack for fr-FR

30/04/2012 8:47:54 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Skype Updater service to connect.

30/04/2012 8:47:54 AM, Error: Service Control Manager [7000] - The Skype Updater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

30/04/2012 8:47:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service SkypeUpdate with arguments "/ComService" in order to run the server: {CC957078-B838-47C4-A7CF-626E7A82FC58}

30/04/2012 8:45:55 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate1ca58b169fd7b60) service to connect.

30/04/2012 8:45:55 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate1ca58b169fd7b60) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

30/04/2012 8:45:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate1ca58b169fd7b60 with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

30/04/2012 8:43:27 AM, Error: EventLog [6008] - The previous system shutdown at 8:38:56 AM on 30/04/2012 was unexpected.

30/04/2012 8:37:14 AM, Error: EventLog [6008] - The previous system shutdown at 8:34:10 AM on 30/04/2012 was unexpected.

30/04/2012 8:31:06 AM, Error: EventLog [6008] - The previous system shutdown at 8:28:01 AM on 30/04/2012 was unexpected.

30/04/2012 7:35:08 AM, Error: Service Control Manager [7031] - The Norton Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

30/04/2012 11:05:50 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

30/04/2012 10:31:47 AM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).

29/04/2012 6:34:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.

29/04/2012 6:34:27 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

29/04/2012 6:34:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

28/04/2012 3:20:32 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

28/04/2012 3:19:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.

28/04/2012 3:19:36 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

28/04/2012 3:19:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

28/04/2012 3:14:44 AM, Error: EventLog [6008] - The previous system shutdown at 3:11:48 AM on 28/04/2012 was unexpected.

24/04/2012 11:14:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the hpqwmiex service to connect.

24/04/2012 11:14:20 AM, Error: Service Control Manager [7000] - The hpqwmiex service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

24/04/2012 11:14:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}

24/04/2012 11:13:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

24/04/2012 11:13:36 AM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.

24/04/2012 11:08:07 AM, Error: EventLog [6008] - The previous system shutdown at 11:05:36 AM on 24/04/2012 was unexpected.

24/04/2012 10:59:56 AM, Error: EventLog [6008] - The previous system shutdown at 10:56:27 AM on 24/04/2012 was unexpected.

24/04/2012 10:53:00 AM, Error: EventLog [6008] - The previous system shutdown at 10:49:33 AM on 24/04/2012 was unexpected.

24/04/2012 10:47:12 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Com4QLBEx service to connect.

24/04/2012 10:47:12 AM, Error: Service Control Manager [7000] - The Com4QLBEx service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

24/04/2012 10:47:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service Com4QLBEx with arguments "" in order to run the server: {DB536E5D-10F7-4B34-B443-140161048E2E}

24/04/2012 10:43:53 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Cyberlink RichVideo Service(CRVS) service to connect.

24/04/2012 10:43:53 AM, Error: Service Control Manager [7000] - The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

24/04/2012 10:40:50 AM, Error: EventLog [6008] - The previous system shutdown at 10:25:22 AM on 24/04/2012 was unexpected.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Good to hear that! :)

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 7u3.
  • Look for "JDK 7u3 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

Please launch MBAM, update it and run a full scan. Post me the resulting log.

Share this post


Link to post
Share on other sites

Did everything :) Here is the MBAM log:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.30.03

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19190

Amy :: AMY-PC [administrator]

Protection: Enabled

30/04/2012 12:52:20 PM

mbam-log-2012-04-30 (12-52-20).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 597761

Time elapsed: 7 hour(s), 27 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Users\Amy\Downloads\Sony Vegas Movie Studio HD Platinum 10.0.179 + Keygen [RH]\SV.MST.HD.PE.10.0.179_[RH]\Sony Vegas Movie Studio HD Platinum 10.0.179\Keygen\Patch (Extra included)\Patch_Vegas.Movie.Studio.HD.Platinum.10.0.exe (PUP.Hacktool.Patcher) -> No action taken.

C:\Program Files\Mystery Case Files - Dire Grove Collector's Edition\Uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.

C:\Users\Amy\Downloads\Warcraft 3\warcraft3 keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Share this post


Link to post
Share on other sites

Looks good, however keep in mind that using pirated software isn't only illegal, but also quite likely to get a computer infected with all latest nasties.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Share this post


Link to post
Share on other sites

Ok, even more reasons to rid of it. Here is the results of ESETScan:

C:\ProgramData\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}\SavevidSetupV2.res a variant of Win32/Toolbar.SearchSuite application deleted - quarantined

C:\TDSSKiller_Quarantine\30.04.2012_08.54.41\rtkt0000\svc0000\tsk0000.dta Win32/Olmarik.ZC trojan cleaned - quarantined

C:\TDSSKiller_Quarantine\30.04.2012_08.54.41\rtkt0000\tdlfs0000\tsk0003.dta Win32/Olmarik.YR trojan cleaned by deleting - quarantined

C:\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\177237ca-60599f86 multiple threats deleted - quarantined

C:\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\53b3d6cd-4f530223 multiple threats deleted - quarantined

C:\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\47b9e491-5b934651 multiple threats deleted - quarantined

C:\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\63ff10c2-24c45853 multiple threats deleted - quarantined

C:\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\4808c9f2-37e8c2a5 multiple threats deleted - quarantined

C:\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\2606caba-295732bf multiple threats deleted - quarantined

C:\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\551652ba-44709b88 multiple threats deleted - quarantined

C:\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\5ebe80bd-7ccc9759 multiple threats deleted - quarantined

C:\Users\Amy\Documents\Raph^_^\Adobe After Effects CS4.exe BAT/HostsChanger.A application deleted - quarantined

C:\Users\Amy\Documents\Raph^_^\flstudio_9.0_final.exe Win32/OpenCandy application deleted - quarantined

C:\Users\Amy\Documents\Raph^_^\Adobe After Effects CS4\Activation & Instructions\Activation Blocker.cmd BAT/HostsChanger.A application cleaned by deleting - quarantined

C:\Users\Amy\Downloads\flstudio_9.0.exe Win32/OpenCandy application deleted - quarantined

C:\Users\Amy\Downloads\SoftonicDownloader_for_particleillusion.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined

C:\Users\Amy\Downloads\Sony Vegas Pro 10 Keygen.rar a variant of Win32/Packed.VMProtect.AAD trojan deleted - quarantined

Share this post


Link to post
Share on other sites

Yes, indeed, its safer to stay away from them.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Share this post


Link to post
Share on other sites

Perfect :) Thank you so much! One last question, do I remove HijackThis?

Share this post


Link to post
Share on other sites

Yes, Hijackthis can be uninstalled and any other tool you still have can be deleted (the same goes for logs). Only be sure you uninstall combofix as instructed above. :)

I will request this topic to be closed.

Share this post


Link to post
Share on other sites

Alright ok :) Thank you so much for sticking with me through this. I really owe it to you for fixing this problem haha. Take care!

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.