Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Go to first new post v-39.net top arcae hits
Go to first new post Please check my log...Computer running S ...
Go to first new post Trojan virus
Go to first new post RunDLL error on startup after virus remo ...
Go to first new post Windows 8 running slowly
Go to first new post Computer running slowly
Go to first new post Memory upgrade problems.
Go to first new post Unable to turn on Windows Security Centr ...
Go to first new post What is findGala and why does my browser ...
Go to first new post Suspected Malware - Radio plays randomly ...
Go to first new post Windows Update not working
Go to first new post only command prompt apears on boot
Go to first new post Freezing Computer and beyond ridiculousl ...
Go to first new post virus n error loading problem
Go to first new post Unable to use HJT
Search Search
Search for:
Tech Support Guy Forums > > >

IE 9 keeps crashing on lots of sites and browsers, please help!

(In Progress)
(!)

Reply
Page 2 of 3 1 2 3
niknak2308's Avatar
Member with 25 posts.
THREAD STARTER
  
Join Date: Mar 2012
Experience: Beginner
18-Apr-2012, 11:07 AM #16
Hi and thanks so much for replying - I had nearly given up hope!

Here are my fresh logs I have literally just completed. Thanks again!

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Nikki at 15:53:18 on 2012-04-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2009.989 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Megacloud\VSSService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
C:\windows\System32\rundll32.exe
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Megacloud\Livedrive.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: BrowserHelper Class: {edf48a39-1442-463f-9f4e-f376a78d034a} - c:\program files\megacloud\LivedriveExplorerExtensions.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe"
uRun: [Livedrive] "c:\program files\megacloud\Livedrive.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DAAB7F87-EE1C-4F94-ABC6-0A3CC38C4B13} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DAAB7F87-EE1C-4F94-ABC6-0A3CC38C4B13}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs:
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidsehx.sys [2011-12-23 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-2-22 299472]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2012-4-18 146904]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-9-17 10752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-2-14 5104992]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 MegacloudVSSService;Megacloud VSS Service;c:\program files\megacloud\VSSService.exe [2012-3-16 157920]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-13 918880]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-17 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-1 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-28 253088]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-23 167264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-5-1 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-1 135664]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-21 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-1 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-04-18 14:34:14 -------- d-sh--w- C:\~LD
2012-04-18 14:26:44 146904 ----a-w- c:\windows\system32\drivers\cbfs.sys
2012-04-18 14:26:03 -------- d-----w- c:\users\nikki\appdata\local\Megacloud
2012-04-18 14:26:02 -------- d-----w- c:\program files\Megacloud
2012-04-13 02:02:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 02:02:00 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 02:02:00 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 02:02:00 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 02:01:20 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-13 02:01:20 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-29 20:12:28 -------- d-----w- c:\users\nikki\appdata\roaming\AVG
2012-03-29 19:59:14 -------- d-----w- c:\program files\Advanced PC Tweaker
2012-03-28 15:31:28 -------- d-----w- c:\users\nikki\appdata\local\Opera
2012-03-28 12:01:49 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{15af8ee1-6aaa-4397-bc78-75c000732cda}\mpengine.dll
2012-03-28 09:11:29 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-28 02:43:01 -------- d-----w- c:\users\nikki\appdata\roaming\FreeFileViewer
2012-03-28 01:43:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-28 01:32:09 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-27 20:11:43 -------- d-----w- c:\users\nikki\appdata\roaming\AVG2012
2012-03-27 20:08:45 -------- d-----w- c:\programdata\AVG2012
2012-03-22 00:24:21 -------- d-sh--w- C:\found.001
.
==================== Find3M ====================
.
2012-03-16 08:48:42 1734368 ----a-w- c:\windows\system32\LivedriveControlPanel.cpl
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 04:25:52 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 04:25:32 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 03:46:50 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
============= FINISH: 15:56:04.51 ===============
Deejay100six's Avatar
Deejay100six   (Dave) Deejay100six is offline Deejay100six has a Profile Picture
Computer Specs
Member with 490 posts.
  
Join Date: Sep 2011
Location: Doncaster, England
Experience: Intermediate
18-Apr-2012, 11:57 AM #17
Hi Nikki, my name is Dave and I will be helping you to clean any malware which may be present on your system.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.


  • Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.
  • If there is anything you don't understand, please ask BEFORE proceeding with the fixes.
  • Please ensure that you follow the instructions in the order I have them listed.
  • Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into your thread. If the logs are too big to post in one reply, please feel free to use more posts. Do NOT add them as attachments unless specifically instructed.
  • If I don't hear from you within 3 days from this initial or any subsequent post, I will have to unsubscribe from this thread, which means I will not recieve notifications of any further replies and will move on to assist someone else.


------------------------------------------------------------------------------------------------------

I notice that you may have been using a registry cleaner (Advanced PC Tweaker v4.2 and AVG PC Tuneup). Registry cleaners tend to present more problems than they solve, one false positive then more often than not, it means a re-installation of the operating system. The positive effects of registry cleaners are barely noticeable - if any. I recommend that you uninstall the product to minimize any risk to your system. I have placed a couple of links for you to read below in your own time.

Information from Bill Castner (MS-MVP) on why you should NOT use one here - http://aumha.net/viewtopic.php?t=28099
Information from miekiemoes (MS-MVP) on why you should NOT use one here - http://miekiemoes.blogspot.com/2008/...eaking_13.html

------------------------------------------------------------------

I see you have P2P software (BitTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Programs and Features >> Uninstall a Program. (for XP >>) Add or Remove Programs.

Note; If you choose not to uninstall, please refrain from using such programs until after your system has been declared clean.

------------------------------------------------------------------------

Combofix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please read all the information carefully!

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

Please include the log C:\ComboFix.txt in your next reply for further review.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
__________________
Regards, Dave.
niknak2308's Avatar
Member with 25 posts.
THREAD STARTER
  
Join Date: Mar 2012
Experience: Beginner
18-Apr-2012, 02:04 PM #18
And the text from the GMER scan:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-18 18:51:12
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG00
Running: q6nilzuw.exe; Driver: C:\Users\Nikki\AppData\Local\Temp\pgloqpoc.sys

---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x8EDD4004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x8EDD40D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x8EDD3D76]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x8EDD3E1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x8EDD3EBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x8EDD3F56]
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKey + 13BD 82C869D9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82CA6512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 161F 82CADA0C 8 Bytes [04, 40, DD, 8E, D4, 40, DD, ...] {ADD AL, 0x40; FISTTP QWORD [ESI-0x7122bf2c]}
.text ntoskrnl.exe!KeRemoveQueueEx + 1667 82CADA54 4 Bytes [76, 3D, DD, 8E]
.text ntoskrnl.exe!KeRemoveQueueEx + 1937 82CADD24 8 Bytes [1E, 3E, DD, 8E, BA, 3E, DD, ...] {PUSH DS; FISTTP QWORD DS:[ESI-0x7122c146]}
.text ntoskrnl.exe!KeRemoveQueueEx + 19AB 82CADD98 4 Bytes [56, 3F, DD, 8E]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 8EF8A000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 8EF8A123 488 Bytes [55, F8, 8E, FE, 05, 34, 55, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 529C 8EF8A30C 140 Bytes [3B, 08, 77, 04, 3B, CA, 73, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 8EF8A399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F 8EF8A3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE ...
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{CAF9FB67-43D3-E485-2E8D-2D6C0E4B9F7D}\qoeTfyoql@ JbgljHrcj`zWJT
Reg HKLM\SOFTWARE\Classes\CLSID\{CAF9FB67-43D3-E485-2E8D-2D6C0E4B9F7D}\XgqoavkoiCbmQ@ TvMQdG\}HimNZFO}
---- EOF - GMER 1.0.15 ----
niknak2308's Avatar
Member with 25 posts.
THREAD STARTER
  
Join Date: Mar 2012
Experience: Beginner
18-Apr-2012, 02:09 PM #19
If there's anything else you need, then please just ask! Thanks
Deejay100six's Avatar
Deejay100six   (Dave) Deejay100six is offline Deejay100six has a Profile Picture
Computer Specs
Member with 490 posts.
  
Join Date: Sep 2011
Location: Doncaster, England
Experience: Intermediate
18-Apr-2012, 03:04 PM #20
No, thats fine for now but did you get my last post?
niknak2308's Avatar
Member with 25 posts.
THREAD STARTER
  
Join Date: Mar 2012
Experience: Beginner
18-Apr-2012, 04:44 PM #21
Ah we cross-posted! Thank you for all the info - I shall work through all the instructions and hopefully we will be getting somewhere! Thanks again for your help and advice.
Deejay100six's Avatar
Deejay100six   (Dave) Deejay100six is offline Deejay100six has a Profile Picture
Computer Specs
Member with 490 posts.
  
Join Date: Sep 2011
Location: Doncaster, England
Experience: Intermediate
18-Apr-2012, 04:47 PM #22
No worries.
niknak2308's Avatar
Member with 25 posts.
THREAD STARTER
  
Join Date: Mar 2012
Experience: Beginner
18-Apr-2012, 05:27 PM #23
Ok, I followed your instructions to a tee... I have uninstalled both registry cleaners, along with BitTorrent.

Here's the log from combofix :

ComboFix 12-04-18.02 - Nikki 18/04/2012 22:10:59.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2009.1080 [GMT 1:00]
Running from: c:\users\Nikki\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Nikki\AppData\Roaming\Local
c:\users\Nikki\AppData\Roaming\Local\Temp\DDM\Settings\(2).ddr
c:\users\Nikki\AppData\Roaming\Local\Temp\DDM\Settings\(3).ddr
c:\users\Nikki\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\Nikki\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Nikki\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Nikki\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Nikki\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Nikki\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)
c:\users\Nikki\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3)
c:\users\Nikki\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\windows\system32\SET11D2.tmp
c:\windows\system32\SETC4B5.tmp
c:\windows\system32\SETCB90.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-18 21:20 . 2012-04-18 21:20 -------- d-----w- c:\users\Nikki\AppData\Local\temp
2012-04-18 21:20 . 2012-04-18 21:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 14:34 . 2012-04-18 14:34 -------- d-----w- C:\~LD
2012-04-18 14:26 . 2010-02-16 11:44 146904 ----a-w- c:\windows\system32\drivers\cbfs.sys
2012-04-18 14:26 . 2012-04-18 14:33 -------- d-----w- c:\users\Nikki\AppData\Local\Megacloud
2012-04-18 14:26 . 2012-04-18 14:26 -------- d-----w- c:\program files\Megacloud
2012-04-13 02:02 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 02:02 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 02:02 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 02:02 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 02:01 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-13 02:01 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-29 20:12 . 2012-03-29 20:12 -------- d-----w- c:\users\Nikki\AppData\Roaming\AVG
2012-03-28 15:31 . 2012-03-28 15:31 -------- d-----w- c:\users\Nikki\AppData\Local\Opera
2012-03-28 15:31 . 2012-03-28 15:31 -------- d-----w- c:\program files\Opera
2012-03-28 12:01 . 2012-03-20 02:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{15AF8EE1-6AAA-4397-BC78-75C000732CDA}\mpengine.dll
2012-03-28 09:11 . 2012-04-14 20:12 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-28 02:43 . 2012-03-28 02:43 -------- d-----w- c:\users\Nikki\AppData\Roaming\FreeFileViewer
2012-03-28 01:43 . 2012-03-28 01:43 -------- d-----w- c:\program files\Common Files\Java
2012-03-28 01:43 . 2012-03-28 01:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-28 01:32 . 2012-04-14 20:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-27 20:08 . 2012-03-27 20:31 -------- d-----w- c:\programdata\AVG2012
2012-03-22 00:24 . 2012-03-22 00:24 -------- d-----w- C:\found.001
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-16 08:48 . 2012-03-16 08:48 1734368 ----a-w- c:\windows\system32\LivedriveControlPanel.cpl
2012-03-06 11:44 . 2012-03-06 11:44 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-01 20:56 . 2012-03-01 20:56 9216 ----a-r- c:\users\Nikki\AppData\Roaming\Microsoft\Installer\{7426428E-71D4-452C-BA13-B14E5EB52859}\Icon7426428E16.exe
2012-02-23 08:18 . 2011-02-01 22:35 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 04:25 . 2012-02-22 04:25 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 04:25 . 2012-02-22 04:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-02-17 05:34 . 2012-03-14 08:00 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 08:00 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 08:00 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38 . 2012-03-14 08:01 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54 . 2012-03-14 08:01 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 03:46 . 2012-01-31 03:46 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-01-25 05:32 . 2012-03-14 08:00 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-14 08:00 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-14 08:00 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-27 20:12 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-27 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\BackupOverlay]
@="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}"
[HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}]
2012-03-16 08:48 1008328 ----a-w- c:\program files\Megacloud\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\LivedriveDownloadOverlay]
@="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}"
[HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}]
2012-03-16 08:48 1008328 ----a-w- c:\program files\Megacloud\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\LivedriveSharedOverlay]
@="{84CEF1E4-1356-4063-845F-05047F4DD52C}"
[HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}]
2012-03-16 08:48 1008328 ----a-w- c:\program files\Megacloud\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\LivedriveSyncedOverlay]
@="{42058329-2FBF-4B33-8E52-3BE5754DE0C1}"
[HKEY_CLASSES_ROOT\CLSID\{42058329-2FBF-4B33-8E52-3BE5754DE0C1}]
2012-03-16 08:48 1008328 ----a-w- c:\program files\Megacloud\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\LivedriveUploadOverlay]
@="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}"
[HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}]
2012-03-16 08:48 1008328 ----a-w- c:\program files\Megacloud\LivedriveExtensions.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Livedrive"="c:\program files\Megacloud\Livedrive.exe" [2012-03-16 1636864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Nikki^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Nikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2012-02-16 03:57 2575712 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-02-11 18:26 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-02-11 18:26 137752 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 01:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-02-11 18:26 172568 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-08-19 03:15 7711264 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-07-14 23:14 1541416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-02-25 13:40 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2012-03-27 20:12 982880 ----a-w- c:\program files\AVG Secure Search\vprot.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 135664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-01 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidsehx.sys [2011-12-23 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-02-22 299472]
S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-02-16 146904]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 MegacloudVSSService;Megacloud VSS Service;c:\program files\Megacloud\VSSService.exe [2012-03-16 157920]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-13 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - pgloqpoc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 20:12]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 23:28]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 23:28]
.
2012-04-16 c:\windows\Tasks\Norton Security Scan for Nikki.job
- c:\program files\Norton Security Scan\Engine\3.0.0.103\Nss.exe [2011-02-01 07:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\BitTorrent.exe
MSConfigStartUp-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-18 22:23:18
ComboFix-quarantined-files.txt 2012-04-18 21:23
.
Pre-Run: 35,380,199,424 bytes free
Post-Run: 35,482,546,176 bytes free
.
- - End Of File - - FFA5FDE11B79693D1E611F7FBF8E3A5A


Thanks
Deejay100six's Avatar
Deejay100six   (Dave) Deejay100six is offline Deejay100six has a Profile Picture
Computer Specs
Member with 490 posts.
  
Join Date: Sep 2011
Location: Doncaster, England
Experience: Intermediate
21-Apr-2012, 12:17 PM #24
Hi,

I believe this C:\found.001 to be a backup created by chkdsk and which would only usually be present if bad clusters have been found on your hard drive. This could be an indication that your hard drive is on its way out and for that reason, I would advise you to backup all important data to a safe place, just in case.

--------------------------------------------------------------------------------

Please download TDSSKiller.zip and extract TDSSKiller.exe to your desktop.

Execute TDSSKiller.exe by doubleclicking on it. Press Start Scan.



  • If Malicious objects are found, ensure Cure is selected (it should be by default)

  • Click Continue then click Reboot now

  • Once complete, a log will be produced at the root drive which is typically C:\

    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.


Please copy and paste that log into your next reply.
__________________
Regards, Dave.
niknak2308's Avatar
Member with 25 posts.
THREAD STARTER
  
Join Date: Mar 2012
Experience: Beginner
21-Apr-2012, 07:39 PM #25
Hi, Thanks for your reply. I am in the process of backing up my folders as recommended.

I ran the TDDSKiller and here is the log that was generated:

00:34:04.0799 5092 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
00:34:06.0858 5092 ============================================================
00:34:06.0858 5092 Current date / time: 2012/04/22 00:34:06.0858
00:34:06.0858 5092 SystemInfo:
00:34:06.0858 5092
00:34:06.0858 5092 OS Version: 6.1.7601 ServicePack: 1.0
00:34:06.0858 5092 Product type: Workstation
00:34:06.0858 5092 ComputerName: NIKKI-PC
00:34:06.0858 5092 UserName: Nikki
00:34:06.0858 5092 Windows directory: C:\windows
00:34:06.0858 5092 System windows directory: C:\windows
00:34:06.0858 5092 Processor architecture: Intel x86
00:34:06.0858 5092 Number of processors: 2
00:34:06.0858 5092 Page size: 0x1000
00:34:06.0858 5092 Boot type: Normal boot
00:34:06.0858 5092 ============================================================
00:34:11.0678 5092 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:34:11.0678 5092 \Device\Harddisk0\DR0:
00:34:11.0678 5092 MBR partitions:
00:34:11.0678 5092 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
00:34:11.0678 5092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0xD9C8800
00:34:11.0678 5092 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF7FB000, BlocksNum 0xD9CA000
00:34:11.0709 5092 C: <-> \Device\Harddisk0\DR0\Partition1
00:34:11.0772 5092 D: <-> \Device\Harddisk0\DR0\Partition2
00:34:11.0803 5092 Initialize success
00:34:11.0803 5092 ============================================================
00:34:23.0331 4368 ============================================================
00:34:23.0331 4368 Scan started
00:34:23.0331 4368 Mode: Manual;
00:34:23.0331 4368 ============================================================
00:34:25.0952 4368 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
00:34:25.0952 4368 1394ohci - ok
00:34:26.0155 4368 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
00:34:26.0155 4368 ACPI - ok
00:34:26.0295 4368 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
00:34:26.0295 4368 AcpiPmi - ok
00:34:26.0420 4368 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
00:34:26.0420 4368 AdobeARMservice - ok
00:34:26.0654 4368 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:34:26.0654 4368 AdobeFlashPlayerUpdateSvc - ok
00:34:26.0826 4368 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
00:34:26.0841 4368 adp94xx - ok
00:34:26.0982 4368 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
00:34:26.0997 4368 adpahci - ok
00:34:27.0107 4368 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
00:34:27.0107 4368 adpu320 - ok
00:34:27.0216 4368 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
00:34:27.0216 4368 AeLookupSvc - ok
00:34:27.0341 4368 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
00:34:27.0356 4368 AFD - ok
00:34:27.0387 4368 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
00:34:27.0387 4368 agp440 - ok
00:34:27.0528 4368 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
00:34:27.0528 4368 aic78xx - ok
00:34:27.0668 4368 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
00:34:27.0668 4368 ALG - ok
00:34:27.0824 4368 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
00:34:27.0824 4368 aliide - ok
00:34:27.0918 4368 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
00:34:27.0933 4368 amdagp - ok
00:34:28.0058 4368 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
00:34:28.0058 4368 amdide - ok
00:34:28.0167 4368 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
00:34:28.0167 4368 AmdK8 - ok
00:34:28.0214 4368 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
00:34:28.0214 4368 AmdPPM - ok
00:34:28.0339 4368 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
00:34:28.0339 4368 amdsata - ok
00:34:28.0448 4368 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
00:34:28.0464 4368 amdsbs - ok
00:34:30.0273 4368 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
00:34:30.0273 4368 amdxata - ok
00:34:30.0398 4368 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
00:34:30.0398 4368 AppID - ok
00:34:30.0507 4368 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
00:34:30.0523 4368 AppIDSvc - ok
00:34:30.0632 4368 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
00:34:30.0632 4368 Appinfo - ok
00:34:30.0757 4368 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:34:30.0773 4368 Apple Mobile Device - ok
00:34:30.0897 4368 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
00:34:30.0897 4368 arc - ok
00:34:30.0913 4368 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
00:34:30.0913 4368 arcsas - ok
00:34:31.0100 4368 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
00:34:31.0100 4368 AsyncMac - ok
00:34:31.0287 4368 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
00:34:31.0287 4368 atapi - ok
00:34:31.0443 4368 athr (2eb96571fe865f07ed1fd6017575026f) C:\windows\system32\DRIVERS\athr.sys
00:34:31.0459 4368 athr - ok
00:34:31.0677 4368 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
00:34:31.0693 4368 AudioEndpointBuilder - ok
00:34:31.0693 4368 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
00:34:31.0709 4368 Audiosrv - ok
00:34:31.0865 4368 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
00:34:31.0989 4368 AVG Security Toolbar Service - ok
00:34:32.0348 4368 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files\AVG\AVG2012\avgidsagent.exe
00:34:32.0489 4368 AVGIDSAgent - ok
00:34:32.0629 4368 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\windows\system32\DRIVERS\avgidsdriverx.sys
00:34:32.0629 4368 AVGIDSDriver - ok
00:34:32.0769 4368 AVGIDSEH (f4050c31e6a83cf1e4cdc80d165f7f08) C:\windows\system32\DRIVERS\avgidsehx.sys
00:34:32.0785 4368 AVGIDSEH - ok
00:34:32.0910 4368 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\windows\system32\DRIVERS\avgidsfilterx.sys
00:34:32.0910 4368 AVGIDSFilter - ok
00:34:33.0035 4368 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\windows\system32\DRIVERS\avgidsshimx.sys
00:34:33.0035 4368 AVGIDSShim - ok
00:34:33.0191 4368 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\windows\system32\DRIVERS\avgldx86.sys
00:34:33.0206 4368 Avgldx86 - ok
00:34:33.0362 4368 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\windows\system32\DRIVERS\avgmfx86.sys
00:34:33.0362 4368 Avgmfx86 - ok
00:34:33.0503 4368 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\windows\system32\DRIVERS\avgrkx86.sys
00:34:33.0518 4368 Avgrkx86 - ok
00:34:33.0612 4368 Avgtdix (b2fc9d4de6a2e57a4dfb5a11440c5b85) C:\windows\system32\DRIVERS\avgtdix.sys
00:34:33.0627 4368 Avgtdix - ok
00:34:33.0737 4368 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
00:34:33.0737 4368 avgwd - ok
00:34:33.0861 4368 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
00:34:33.0861 4368 AxInstSV - ok
00:34:33.0986 4368 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
00:34:34.0002 4368 b06bdrv - ok
00:34:34.0158 4368 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
00:34:34.0158 4368 b57nd60x - ok
00:34:34.0298 4368 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
00:34:34.0314 4368 BDESVC - ok
00:34:34.0454 4368 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
00:34:34.0454 4368 Beep - ok
00:34:34.0595 4368 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
00:34:34.0610 4368 BFE - ok
00:34:34.0704 4368 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\system32\qmgr.dll
00:34:34.0704 4368 BITS - ok
00:34:34.0813 4368 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
00:34:34.0813 4368 blbdrive - ok
00:34:34.0953 4368 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
00:34:34.0953 4368 bowser - ok
00:34:35.0063 4368 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
00:34:35.0063 4368 BrFiltLo - ok
00:34:35.0078 4368 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
00:34:35.0078 4368 BrFiltUp - ok
00:34:35.0172 4368 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
00:34:35.0172 4368 BridgeMP - ok
00:34:37.0200 4368 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
00:34:37.0200 4368 Browser - ok
00:34:37.0278 4368 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
00:34:37.0278 4368 Brserid - ok
00:34:37.0356 4368 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
00:34:37.0356 4368 BrSerWdm - ok
00:34:37.0418 4368 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
00:34:37.0418 4368 BrUsbMdm - ok
00:34:37.0496 4368 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
00:34:37.0496 4368 BrUsbSer - ok
00:34:37.0543 4368 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
00:34:37.0543 4368 BTHMODEM - ok
00:34:37.0668 4368 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
00:34:37.0668 4368 bthserv - ok
00:34:37.0871 4368 catchme - ok
00:34:38.0058 4368 CbFs (a975187f3c8867f8d00a698a5282672b) C:\windows\system32\drivers\cbfs.sys
00:34:38.0058 4368 CbFs - ok
00:34:38.0183 4368 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
00:34:38.0183 4368 cdfs - ok
00:34:38.0307 4368 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
00:34:38.0323 4368 cdrom - ok
00:34:38.0448 4368 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
00:34:38.0448 4368 CertPropSvc - ok
00:34:38.0510 4368 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
00:34:38.0510 4368 circlass - ok
00:34:38.0604 4368 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
00:34:38.0619 4368 CLFS - ok
00:34:38.0744 4368 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:34:38.0744 4368 clr_optimization_v2.0.50727_32 - ok
00:34:38.0900 4368 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:34:38.0978 4368 clr_optimization_v4.0.30319_32 - ok
00:34:39.0134 4368 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
00:34:39.0150 4368 CmBatt - ok
00:34:39.0275 4368 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
00:34:39.0275 4368 cmdide - ok
00:34:39.0415 4368 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
00:34:39.0415 4368 CNG - ok
00:34:39.0540 4368 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
00:34:39.0540 4368 Compbatt - ok
00:34:39.0665 4368 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
00:34:39.0665 4368 CompositeBus - ok
00:34:39.0743 4368 COMSysApp - ok
00:34:39.0789 4368 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
00:34:39.0789 4368 crcdisk - ok
00:34:39.0930 4368 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll
00:34:39.0930 4368 CryptSvc - ok
00:34:40.0070 4368 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
00:34:40.0070 4368 DcomLaunch - ok
00:34:40.0211 4368 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
00:34:40.0211 4368 defragsvc - ok
00:34:40.0335 4368 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
00:34:40.0335 4368 DfsC - ok
00:34:40.0476 4368 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
00:34:40.0476 4368 Dhcp - ok
00:34:40.0538 4368 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
00:34:40.0538 4368 discache - ok
00:34:40.0757 4368 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
00:34:40.0757 4368 Disk - ok
00:34:40.0866 4368 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
00:34:40.0866 4368 Dnscache - ok
00:34:40.0959 4368 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
00:34:40.0959 4368 dot3svc - ok
00:34:41.0069 4368 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
00:34:41.0084 4368 DPS - ok
00:34:41.0209 4368 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
00:34:41.0209 4368 drmkaud - ok
00:34:41.0303 4368 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
00:34:41.0303 4368 DXGKrnl - ok
00:34:41.0443 4368 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
00:34:41.0443 4368 EapHost - ok
00:34:41.0661 4368 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
00:34:41.0708 4368 ebdrv - ok
00:34:41.0802 4368 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
00:34:41.0802 4368 EFS - ok
00:34:41.0895 4368 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
00:34:41.0895 4368 ehRecvr - ok
00:34:41.0973 4368 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
00:34:41.0989 4368 ehSched - ok
00:34:42.0114 4368 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
00:34:42.0114 4368 elxstor - ok
00:34:43.0955 4368 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
00:34:43.0955 4368 ErrDev - ok
00:34:44.0064 4368 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
00:34:44.0064 4368 EventSystem - ok
00:34:44.0173 4368 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
00:34:44.0173 4368 exfat - ok
00:34:44.0313 4368 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
00:34:44.0313 4368 fastfat - ok
00:34:44.0438 4368 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
00:34:44.0454 4368 Fax - ok
00:34:44.0532 4368 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
00:34:44.0532 4368 fdc - ok
00:34:44.0610 4368 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
00:34:44.0610 4368 fdPHost - ok
00:34:44.0657 4368 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
00:34:44.0657 4368 FDResPub - ok
00:34:44.0703 4368 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
00:34:44.0703 4368 FileInfo - ok
00:34:44.0859 4368 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
00:34:44.0859 4368 Filetrace - ok
00:34:44.0953 4368 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
00:34:44.0953 4368 flpydisk - ok
00:34:45.0031 4368 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
00:34:45.0031 4368 FltMgr - ok
00:34:45.0078 4368 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
00:34:45.0078 4368 FontCache - ok
00:34:45.0187 4368 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:34:45.0187 4368 FontCache3.0.0.0 - ok
00:34:45.0296 4368 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
00:34:45.0296 4368 FsDepends - ok
00:34:45.0421 4368 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys
00:34:45.0421 4368 fssfltr - ok
00:34:45.0577 4368 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
00:34:45.0593 4368 fsssvc - ok
00:34:45.0686 4368 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
00:34:45.0686 4368 Fs_Rec - ok
00:34:45.0795 4368 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
00:34:45.0795 4368 fvevol - ok
00:34:45.0936 4368 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
00:34:45.0936 4368 gagp30kx - ok
00:34:46.0029 4368 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
00:34:46.0029 4368 gpsvc - ok
00:34:46.0185 4368 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
00:34:46.0185 4368 gupdate - ok
00:34:46.0217 4368 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
00:34:46.0217 4368 gupdatem - ok
00:34:46.0341 4368 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
00:34:46.0341 4368 hcw85cir - ok
00:34:46.0451 4368 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
00:34:46.0451 4368 HdAudAddService - ok
00:34:46.0575 4368 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
00:34:46.0575 4368 HDAudBus - ok
00:34:46.0653 4368 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
00:34:46.0653 4368 HidBatt - ok
00:34:46.0669 4368 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
00:34:46.0685 4368 HidBth - ok
00:34:46.0809 4368 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
00:34:46.0809 4368 HidIr - ok
00:34:46.0887 4368 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll
00:34:46.0887 4368 hidserv - ok
00:34:46.0997 4368 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
00:34:46.0997 4368 HidUsb - ok
00:34:47.0090 4368 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
00:34:47.0090 4368 hkmsvc - ok
00:34:47.0121 4368 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
00:34:47.0137 4368 HomeGroupListener - ok
00:34:47.0246 4368 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
00:34:47.0246 4368 HomeGroupProvider - ok
00:34:47.0371 4368 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
00:34:47.0371 4368 HpSAMD - ok
00:34:47.0496 4368 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
00:34:47.0496 4368 HTTP - ok
00:34:47.0605 4368 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
00:34:47.0605 4368 hwpolicy - ok
00:34:47.0730 4368 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
00:34:47.0730 4368 i8042prt - ok
00:34:47.0839 4368 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
00:34:47.0839 4368 iaStor - ok
00:34:47.0995 4368 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
00:34:47.0995 4368 iaStorV - ok
00:34:48.0182 4368 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:34:48.0213 4368 idsvc - ok
00:34:48.0588 4368 igfx (dce0b53570703cce580d066f89ef58cd) C:\windows\system32\DRIVERS\igdkmd32.sys
00:34:48.0775 4368 igfx - ok
00:34:48.0900 4368 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
00:34:48.0900 4368 iirsp - ok
00:34:49.0009 4368 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
00:34:49.0025 4368 IKEEXT - ok
00:34:49.0259 4368 IntcAzAudAddService (5ceef2cccb4fe00d3ffbfeb12bcfa07f) C:\windows\system32\drivers\RTKVHDA.sys
00:34:50.0990 4368 IntcAzAudAddService - ok
00:34:51.0240 4368 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
00:34:51.0255 4368 intelide - ok
00:34:51.0380 4368 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
00:34:51.0380 4368 intelppm - ok
00:34:51.0567 4368 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
00:34:51.0567 4368 IPBusEnum - ok
00:34:51.0692 4368 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
00:34:51.0692 4368 IpFilterDriver - ok
00:34:51.0817 4368 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
00:34:51.0833 4368 iphlpsvc - ok
00:34:51.0957 4368 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
00:34:51.0957 4368 IPMIDRV - ok
00:34:52.0098 4368 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
00:34:52.0098 4368 IPNAT - ok
00:34:52.0223 4368 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
00:34:52.0238 4368 IRENUM - ok
00:34:52.0379 4368 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
00:34:52.0379 4368 isapnp - ok
00:34:52.0488 4368 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
00:34:52.0488 4368 iScsiPrt - ok
00:34:52.0613 4368 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
00:34:52.0613 4368 kbdclass - ok
00:34:52.0753 4368 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
00:34:52.0753 4368 kbdhid - ok
00:34:52.0862 4368 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
00:34:52.0862 4368 KeyIso - ok
00:34:53.0018 4368 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
00:34:53.0018 4368 KSecDD - ok
00:34:53.0174 4368 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
00:34:53.0174 4368 KSecPkg - ok
00:34:53.0268 4368 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
00:34:53.0283 4368 KtmRm - ok
00:34:53.0393 4368 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\System32\srvsvc.dll
00:34:53.0393 4368 LanmanServer - ok
00:34:53.0486 4368 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
00:34:53.0502 4368 LanmanWorkstation - ok
00:34:53.0595 4368 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
00:34:53.0595 4368 lltdio - ok
00:34:53.0689 4368 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
00:34:53.0689 4368 lltdsvc - ok
00:34:53.0783 4368 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
00:34:53.0783 4368 lmhosts - ok
00:34:53.0861 4368 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
00:34:53.0861 4368 LSI_FC - ok
00:34:53.0985 4368 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
00:34:53.0985 4368 LSI_SAS - ok
00:34:54.0173 4368 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
00:34:54.0173 4368 LSI_SAS2 - ok
00:34:54.0251 4368 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
00:34:54.0251 4368 LSI_SCSI - ok
00:34:54.0360 4368 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
00:34:54.0360 4368 luafv - ok
00:34:54.0485 4368 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
00:34:54.0485 4368 Mcx2Svc - ok
00:34:54.0641 4368 MegacloudVSSService (cf4f14c068e9393f6321198ab9c7adbb) C:\Program Files\Megacloud\VSSService.exe
00:34:54.0641 4368 MegacloudVSSService - ok
00:34:54.0734 4368 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
00:34:54.0734 4368 megasas - ok
00:34:54.0859 4368 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
00:34:54.0859 4368 MegaSR - ok
00:34:54.0953 4368 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
00:34:54.0953 4368 MMCSS - ok
00:34:55.0062 4368 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
00:34:55.0062 4368 Modem - ok
00:34:55.0171 4368 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
00:34:55.0171 4368 monitor - ok
00:34:55.0327 4368 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
00:34:55.0327 4368 mouclass - ok
00:34:55.0452 4368 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
00:34:55.0452 4368 mouhid - ok
00:34:55.0561 4368 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
00:34:55.0561 4368 mountmgr - ok
00:34:55.0686 4368 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
00:34:55.0686 4368 mpio - ok
00:34:55.0826 4368 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
00:34:55.0826 4368 mpsdrv - ok
00:34:55.0873 4368 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
00:34:55.0889 4368 MpsSvc - ok
00:34:56.0029 4368 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
00:34:56.0029 4368 MRxDAV - ok
00:34:56.0185 4368 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
00:34:56.0185 4368 mrxsmb - ok
00:34:58.0166 4368 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
00:34:58.0197 4368 mrxsmb10 - ok
00:34:58.0291 4368 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
00:34:58.0307 4368 mrxsmb20 - ok
00:34:58.0353 4368 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
00:34:58.0353 4368 msahci - ok
00:34:58.0463 4368 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
00:34:58.0463 4368 msdsm - ok
00:34:58.0509 4368 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
00:34:58.0509 4368 MSDTC - ok
00:34:58.0743 4368 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
00:34:58.0759 4368 Msfs - ok
00:34:58.0853 4368 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
00:34:58.0853 4368 mshidkmdf - ok
00:34:58.0946 4368 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
00:34:58.0946 4368 msisadrv - ok
00:34:59.0055 4368 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
00:34:59.0087 4368 MSiSCSI - ok
00:34:59.0087 4368 msiserver - ok
00:34:59.0243 4368 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
00:34:59.0243 4368 MSKSSRV - ok
00:34:59.0289 4368 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
00:34:59.0289 4368 MSPCLOCK - ok
00:34:59.0414 4368 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
00:34:59.0414 4368 MSPQM - ok
00:34:59.0508 4368 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
00:34:59.0508 4368 MsRPC - ok
00:34:59.0633 4368 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
00:34:59.0633 4368 mssmbios - ok
00:34:59.0773 4368 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
00:34:59.0773 4368 MSTEE - ok
00:34:59.0898 4368 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
00:34:59.0913 4368 MTConfig - ok
00:35:00.0007 4368 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
00:35:00.0023 4368 Mup - ok
00:35:00.0132 4368 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
00:35:00.0132 4368 napagent - ok
00:35:00.0288 4368 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
00:35:00.0288 4368 NativeWifiP - ok
00:35:00.0444 4368 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
00:35:00.0444 4368 NDIS - ok
00:35:00.0569 4368 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
00:35:00.0569 4368 NdisCap - ok
00:35:00.0709 4368 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
00:35:00.0725 4368 NdisTapi - ok
00:35:00.0912 4368 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
00:35:00.0912 4368 Ndisuio - ok
00:35:01.0037 4368 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
00:35:01.0037 4368 NdisWan - ok
00:35:01.0161 4368 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
00:35:01.0161 4368 NDProxy - ok
00:35:01.0317 4368 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
00:35:01.0317 4368 NetBIOS - ok
00:35:01.0411 4368 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
00:35:01.0427 4368 NetBT - ok
00:35:01.0520 4368 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
00:35:01.0520 4368 Netlogon - ok
00:35:01.0598 4368 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
00:35:01.0598 4368 Netman - ok
00:35:01.0692 4368 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
00:35:01.0707 4368 netprofm - ok
00:35:01.0848 4368 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:35:01.0848 4368 NetTcpPortSharing - ok
00:35:01.0973 4368 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
00:35:01.0973 4368 nfrd960 - ok
00:35:02.0066 4368 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
00:35:02.0082 4368 NlaSvc - ok
00:35:02.0191 4368 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
00:35:02.0191 4368 Npfs - ok
00:35:02.0285 4368 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
00:35:02.0285 4368 nsi - ok
00:35:02.0331 4368 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
00:35:02.0331 4368 nsiproxy - ok
00:35:02.0441 4368 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
00:35:02.0456 4368 Ntfs - ok
00:35:02.0581 4368 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
00:35:02.0581 4368 Null - ok
00:35:02.0784 4368 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
00:35:02.0784 4368 nvraid - ok
00:35:02.0924 4368 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
00:35:04.0562 4368 nvstor - ok
00:35:04.0749 4368 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
00:35:04.0749 4368 nv_agp - ok
00:35:04.0983 4368 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:35:05.0093 4368 odserv - ok
00:35:05.0249 4368 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
00:35:05.0249 4368 ohci1394 - ok
00:35:05.0420 4368 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:35:05.0420 4368 ose - ok
00:35:05.0654 4368 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
00:35:05.0654 4368 p2pimsvc - ok
00:35:05.0810 4368 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
00:35:05.0826 4368 p2psvc - ok
00:35:05.0966 4368 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
00:35:05.0966 4368 Parport - ok
00:35:06.0138 4368 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
00:35:06.0138 4368 partmgr - ok
00:35:06.0263 4368 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
00:35:06.0263 4368 Parvdm - ok
00:35:06.0434 4368 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
00:35:06.0434 4368 PcaSvc - ok
00:35:06.0621 4368 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
00:35:06.0637 4368 pci - ok
00:35:06.0809 4368 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
00:35:06.0809 4368 pciide - ok
00:35:06.0965 4368 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
00:35:06.0965 4368 pcmcia - ok
00:35:07.0136 4368 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
00:35:07.0136 4368 pcw - ok
00:35:07.0355 4368 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
00:35:07.0355 4368 PEAUTH - ok
00:35:07.0682 4368 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
00:35:07.0745 4368 pla - ok
00:35:07.0916 4368 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
00:35:07.0916 4368 PlugPlay - ok
00:35:08.0072 4368 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
00:35:08.0072 4368 PNRPAutoReg - ok
00:35:08.0228 4368 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
00:35:08.0228 4368 PNRPsvc - ok
00:35:08.0415 4368 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
00:35:08.0415 4368 PolicyAgent - ok
00:35:08.0540 4368 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
00:35:08.0540 4368 Power - ok
00:35:08.0696 4368 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
00:35:08.0696 4368 PptpMiniport - ok
00:35:08.0852 4368 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
00:35:08.0852 4368 Processor - ok
00:35:08.0946 4368 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll
00:35:08.0961 4368 ProfSvc - ok
00:35:09.0024 4368 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
00:35:09.0024 4368 ProtectedStorage - ok
00:35:09.0195 4368 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
00:35:09.0211 4368 Psched - ok
00:35:09.0383 4368 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
00:35:09.0398 4368 ql2300 - ok
00:35:09.0570 4368 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
00:35:09.0585 4368 ql40xx - ok
00:35:09.0679 4368 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
00:35:11.0395 4368 QWAVE - ok
00:35:11.0504 4368 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
00:35:11.0504 4368 QWAVEdrv - ok
00:35:11.0613 4368 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
00:35:11.0613 4368 RasAcd - ok
00:35:11.0754 4368 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
00:35:11.0754 4368 RasAgileVpn - ok
00:35:11.0847 4368 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
00:35:11.0847 4368 RasAuto - ok
00:35:11.0988 4368 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
00:35:11.0988 4368 Rasl2tp - ok
00:35:12.0097 4368 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
00:35:12.0097 4368 RasMan - ok
00:35:12.0237 4368 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
00:35:12.0237 4368 RasPppoe - ok
00:35:12.0487 4368 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
00:35:12.0487 4368 RasSstp - ok
00:35:12.0861 4368 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
00:35:12.0861 4368 rdbss - ok
00:35:12.0971 4368 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
00:35:12.0971 4368 rdpbus - ok
00:35:13.0064 4368 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
00:35:13.0064 4368 RDPCDD - ok
00:35:13.0189 4368 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
00:35:13.0189 4368 RDPENCDD - ok
00:35:13.0267 4368 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
00:35:13.0267 4368 RDPREFMP - ok
00:35:13.0314 4368 RDPWD (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys
00:35:13.0314 4368 RDPWD - ok
00:35:13.0454 4368 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
00:35:13.0454 4368 rdyboost - ok
00:35:13.0548 4368 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
00:35:13.0548 4368 RemoteAccess - ok
00:35:13.0641 4368 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
00:35:13.0641 4368 RemoteRegistry - ok
00:35:13.0719 4368 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
00:35:13.0719 4368 RpcEptMapper - ok
00:35:13.0813 4368 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
00:35:13.0813 4368 RpcLocator - ok
00:35:13.0891 4368 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
00:35:13.0891 4368 RpcSs - ok
00:35:14.0000 4368 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
00:35:14.0000 4368 rspndr - ok
00:35:14.0109 4368 RTL8167 (6465166dd9b2f841dabad16abdadbe98) C:\windows\system32\DRIVERS\Rt86win7.sys
00:35:14.0109 4368 RTL8167 - ok
00:35:14.0234 4368 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
00:35:14.0234 4368 SABI - ok
00:35:14.0328 4368 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
00:35:14.0328 4368 SamSs - ok
00:35:14.0468 4368 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
00:35:14.0468 4368 sbp2port - ok
00:35:14.0546 4368 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
00:35:14.0562 4368 SCardSvr - ok
00:35:14.0687 4368 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
00:35:14.0687 4368 scfilter - ok
00:35:14.0811 4368 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
00:35:14.0811 4368 Schedule - ok
00:35:14.0921 4368 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
00:35:14.0921 4368 SCPolicySvc - ok
00:35:14.0967 4368 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
00:35:14.0967 4368 SDRSVC - ok
00:35:15.0077 4368 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
00:35:15.0077 4368 secdrv - ok
00:35:15.0108 4368 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
00:35:15.0108 4368 seclogon - ok
00:35:15.0139 4368 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\system32\sens.dll
00:35:15.0155 4368 SENS - ok
00:35:15.0248 4368 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
00:35:15.0248 4368 SensrSvc - ok
00:35:15.0295 4368 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
00:35:15.0295 4368 Serenum - ok
00:35:15.0404 4368 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
00:35:15.0404 4368 Serial - ok
00:35:15.0498 4368 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
00:35:15.0498 4368 sermouse - ok
00:35:15.0591 4368 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
00:35:15.0607 4368 SessionEnv - ok
00:35:15.0685 4368 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
00:35:15.0685 4368 sffdisk - ok
00:35:15.0779 4368 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
00:35:15.0779 4368 sffp_mmc - ok
00:35:15.0841 4368 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
00:35:15.0841 4368 sffp_sd - ok
00:35:15.0935 4368 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
00:35:15.0935 4368 sfloppy - ok
00:35:16.0044 4368 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
00:35:16.0044 4368 SharedAccess - ok
00:35:16.0091 4368 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
00:35:16.0106 4368 ShellHWDetection - ok
00:35:16.0200 4368 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
00:35:16.0200 4368 sisagp - ok
00:35:16.0293 4368 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
00:35:16.0293 4368 SiSRaid2 - ok
00:35:16.0340 4368 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
00:35:16.0340 4368 SiSRaid4 - ok
00:35:16.0418 4368 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
00:35:16.0418 4368 Smb - ok
00:35:16.0527 4368 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
00:35:16.0543 4368 SNMPTRAP - ok
00:35:16.0574 4368 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
00:35:16.0590 4368 spldr - ok
00:35:16.0683 4368 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
00:35:18.0353 4368 Spooler - ok
00:35:18.0493 4368 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
00:35:18.0602 4368 sppsvc - ok
00:35:18.0758 4368 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
00:35:18.0758 4368 sppuinotify - ok
00:35:18.0852 4368 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
00:35:18.0852 4368 SQLWriter - ok
00:35:18.0961 4368 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
00:35:18.0961 4368 srv - ok
00:35:19.0008 4368 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
00:35:19.0023 4368 srv2 - ok
00:35:19.0133 4368 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
00:35:19.0133 4368 srvnet - ok
00:35:19.0211 4368 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
00:35:19.0226 4368 SSDPSRV - ok
00:35:19.0242 4368 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
00:35:19.0242 4368 SstpSvc - ok
00:35:19.0351 4368 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
00:35:19.0351 4368 stexstor - ok
00:35:19.0491 4368 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
00:35:19.0491 4368 StiSvc - ok
00:35:19.0663 4368 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
00:35:19.0663 4368 swenum - ok
00:35:19.0788 4368 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
00:35:19.0803 4368 swprv - ok
00:35:19.0928 4368 SynTP (7a9025d8f7852b06d6d08ed536135e7e) C:\windows\system32\DRIVERS\SynTP.sys
00:35:19.0928 4368 SynTP - ok
00:35:20.0053 4368 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
00:35:20.0069 4368 SysMain - ok
00:35:20.0162 4368 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
00:35:20.0162 4368 TabletInputService - ok
00:35:20.0209 4368 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
00:35:20.0209 4368 TapiSrv - ok
00:35:20.0287 4368 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
00:35:20.0303 4368 TBS - ok
00:35:20.0427 4368 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
00:35:20.0443 4368 Tcpip - ok
00:35:20.0646 4368 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
00:35:20.0661 4368 TCPIP6 - ok
00:35:20.0802 4368 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
00:35:20.0802 4368 tcpipreg - ok
00:35:20.0895 4368 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
00:35:20.0895 4368 TDPIPE - ok
00:35:21.0005 4368 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
00:35:21.0005 4368 TDTCP - ok
00:35:21.0098 4368 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
00:35:21.0098 4368 tdx - ok
00:35:21.0192 4368 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
00:35:21.0192 4368 TermDD - ok
00:35:21.0270 4368 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
00:35:21.0270 4368 TermService - ok
00:35:21.0348 4368 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
00:35:21.0363 4368 Themes - ok
00:35:21.0395 4368 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
00:35:21.0395 4368 THREADORDER - ok
00:35:21.0488 4368 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
00:35:21.0488 4368 TrkWks - ok
00:35:21.0566 4368 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
00:35:21.0582 4368 TrustedInstaller - ok
00:35:21.0691 4368 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
00:35:21.0691 4368 tssecsrv - ok
00:35:21.0894 4368 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
00:35:21.0894 4368 TsUsbFlt - ok
00:35:22.0081 4368 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
00:35:22.0081 4368 tunnel - ok
00:35:22.0175 4368 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
00:35:22.0175 4368 uagp35 - ok
00:35:22.0268 4368 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
00:35:22.0268 4368 udfs - ok
00:35:22.0315 4368 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
00:35:22.0315 4368 UI0Detect - ok
00:35:22.0455 4368 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
00:35:22.0471 4368 uliagpkx - ok
00:35:22.0580 4368 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
00:35:22.0596 4368 umbus - ok
00:35:22.0705 4368 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
00:35:22.0705 4368 UmPass - ok
00:35:22.0814 4368 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
00:35:22.0814 4368 upnphost - ok
00:35:22.0923 4368 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
00:35:22.0923 4368 usbccgp - ok
00:35:23.0033 4368 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
00:35:23.0033 4368 usbcir - ok
00:35:23.0157 4368 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
00:35:23.0157 4368 usbehci - ok
00:35:23.0298 4368 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
00:35:23.0298 4368 usbhub - ok
00:35:25.0107 4368 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
00:35:25.0107 4368 usbohci - ok
00:35:25.0232 4368 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
00:35:25.0232 4368 usbprint - ok
00:35:25.0341 4368 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
00:35:25.0341 4368 USBSTOR - ok
00:35:25.0373 4368 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\DRIVERS\usbuhci.sys
00:35:25.0373 4368 usbuhci - ok
00:35:25.0513 4368 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
00:35:25.0529 4368 usbvideo - ok
00:35:25.0622 4368 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
00:35:25.0622 4368 UxSms - ok
00:35:25.0669 4368 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
00:35:25.0669 4368 VaultSvc - ok
00:35:25.0809 4368 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
00:35:25.0825 4368 vdrvroot - ok
00:35:25.0934 4368 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
00:35:25.0950 4368 vds - ok
00:35:26.0090 4368 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
00:35:26.0090 4368 vga - ok
00:35:26.0262 4368 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
00:35:26.0262 4368 VgaSave - ok
00:35:26.0387 4368 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
00:35:26.0387 4368 vhdmp - ok
00:35:26.0558 4368 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
00:35:26.0558 4368 viaagp - ok
00:35:26.0667 4368 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
00:35:26.0667 4368 ViaC7 - ok
00:35:26.0777 4368 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
00:35:26.0777 4368 viaide - ok
00:35:26.0870 4368 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
00:35:26.0870 4368 volmgr - ok
00:35:26.0933 4368 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
00:35:26.0933 4368 volmgrx - ok
00:35:27.0182 4368 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
00:35:27.0182 4368 volsnap - ok
00:35:27.0354 4368 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
00:35:27.0354 4368 vsmraid - ok
00:35:27.0525 4368 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
00:35:27.0541 4368 VSS - ok
00:35:27.0728 4368 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
00:35:27.0744 4368 vToolbarUpdater10.2.0 - ok
00:35:27.0837 4368 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
00:35:27.0853 4368 vwifibus - ok
00:35:27.0962 4368 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
00:35:27.0962 4368 vwififlt - ok
00:35:28.0071 4368 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
00:35:28.0071 4368 W32Time - ok
00:35:28.0181 4368 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
00:35:28.0181 4368 WacomPen - ok
00:35:28.0383 4368 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
00:35:28.0383 4368 WANARP - ok
00:35:28.0399 4368 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
00:35:28.0399 4368 Wanarpv6 - ok
00:35:28.0571 4368 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\windows\system32\Wat\WatAdminSvc.exe
00:35:28.0586 4368 WatAdminSvc - ok
00:35:28.0742 4368 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
00:35:28.0758 4368 wbengine - ok
00:35:28.0836 4368 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
00:35:28.0851 4368 WbioSrvc - ok
00:35:28.0883 4368 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
00:35:28.0898 4368 wcncsvc - ok
00:35:28.0976 4368 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
00:35:28.0976 4368 WcsPlugInService - ok
00:35:29.0023 4368 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
00:35:29.0023 4368 Wd - ok
00:35:29.0117 4368 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
00:35:29.0117 4368 Wdf01000 - ok
00:35:29.0148 4368 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
00:35:29.0163 4368 WdiServiceHost - ok
00:35:29.0163 4368 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
00:35:29.0163 4368 WdiSystemHost - ok
00:35:29.0273 4368 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
00:35:29.0273 4368 WebClient - ok
00:35:29.0444 4368 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
00:35:29.0460 4368 Wecsvc - ok
00:35:29.0709 4368 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
00:35:29.0725 4368 wercplsupport - ok
00:35:29.0959 4368 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
00:35:29.0959 4368 WerSvc - ok
00:35:30.0131 4368 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
00:35:30.0131 4368 WfpLwf - ok
00:35:30.0240 4368 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
00:35:30.0240 4368 WIMMount - ok
00:35:32.0127 4368 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
00:35:32.0127 4368 WinDefend - ok
00:35:32.0143 4368 WinHttpAutoProxySvc - ok
00:35:32.0299 4368 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
00:35:32.0330 4368 Winmgmt - ok
00:35:32.0471 4368 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
00:35:32.0486 4368 WinRM - ok
00:35:32.0611 4368 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
00:35:32.0627 4368 Wlansvc - ok
00:35:32.0751 4368 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:35:32.0751 4368 wlcrasvc - ok
00:35:32.0923 4368 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:35:32.0939 4368 wlidsvc - ok
00:35:33.0095 4368 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
00:35:33.0095 4368 WmiAcpi - ok
00:35:33.0235 4368 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
00:35:33.0235 4368 wmiApSrv - ok
00:35:33.0329 4368 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
00:35:33.0344 4368 WMPNetworkSvc - ok
00:35:33.0453 4368 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
00:35:33.0453 4368 WPCSvc - ok
00:35:33.0531 4368 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
00:35:33.0531 4368 WPDBusEnum - ok
00:35:33.0609 4368 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
00:35:33.0609 4368 ws2ifsl - ok
00:35:33.0687 4368 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\system32\wscsvc.dll
00:35:33.0703 4368 wscsvc - ok
00:35:33.0734 4368 WSearch - ok
00:35:33.0812 4368 wuauserv (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
00:35:33.0843 4368 wuauserv - ok
00:35:33.0968 4368 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
00:35:33.0984 4368 WudfPf - ok
00:35:34.0093 4368 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
00:35:34.0093 4368 WUDFRd - ok
00:35:34.0202 4368 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
00:35:34.0202 4368 wudfsvc - ok
00:35:34.0280 4368 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
00:35:34.0280 4368 WwanSvc - ok
00:35:34.0343 4368 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
00:35:34.0561 4368 \Device\Harddisk0\DR0 - ok
00:35:34.0561 4368 Boot (0x1200) (95dc27f13cc8f8692d5f73f9c9c3adca) \Device\Harddisk0\DR0\Partition0
00:35:34.0577 4368 \Device\Harddisk0\DR0\Partition0 - ok
00:35:34.0577 4368 Boot (0x1200) (2f0987d179267177dd65fac1e7ea3e37) \Device\Harddisk0\DR0\Partition1
00:35:34.0592 4368 \Device\Harddisk0\DR0\Partition1 - ok
00:35:34.0608 4368 Boot (0x1200) (40a1b0a9971b4885a0cdbf8acb67a80a) \Device\Harddisk0\DR0\Partition2
00:35:34.0608 4368 \Device\Harddisk0\DR0\Partition2 - ok
00:35:34.0608 4368 ============================================================
00:35:34.0608 4368 Scan finished
00:35:34.0608 4368 ============================================================
00:35:34.0623 5896 Detected object count: 0
00:35:34.0623 5896 Actual detected object count: 0


It didn't say it detected any problems so I didn't need to do the Cure bit.
Deejay100six's Avatar
Deejay100six   (Dave) Deejay100six is offline Deejay100six has a Profile Picture
Computer Specs
Member with 490 posts.
  
Join Date: Sep 2011
Location: Doncaster, England
Experience: Intermediate
23-Apr-2012, 10:25 AM #26
Hi Nikki,

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

Code:
Registry::
-HKLM\SOFTWARE\Classes\CLSID\{CAF9FB67-43D3-E485-2E8D-2D6C0E4B9F7D}
Save this as CFScript.txt, in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

Very Important! --> If you receive a prompt saying there is an updated version of ComboFix available, please allow it to update.

Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

----------------------------------------------------------------------------------

Download Malwarebytes' Anti-Malware to your desktop.


  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

----------------------------------------------------------------------------------

Download Security Check by screen317 from here or here.


  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
__________________
Regards, Dave.
niknak2308's Avatar
Member with 25 posts.
THREAD STARTER
  
Join Date: Mar 2012
Experience: Beginner
23-Apr-2012, 05:30 PM #27
Hi,

So I followed your instructions about creating and dragging the notepad file over to ComboFix on my desktop, however it said that it had expired and would run only in reduced functionality mode. There was no apparent link or instructions to obtain the latest version. I let it run anyway and have pasted the log below. If it is insufficient then obviously please let me know what to do next.

ComboFix 12-04-18.02 - Nikki 23/04/2012 21:49:21.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2009.1226 [GMT 1:00]
Running from: c:\users\Nikki\Desktop\ComboFix.exe
Command switches used :: c:\users\Nikki\Documents\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nikki\AppData\Local\Temp\{A75ECD15-DAAF-44D0-BF13-9AD1B90EFE25}\fpb.tmp
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))
.
.
2012-04-23 20:51 . 2012-04-23 20:51 -------- d-----w- c:\users\Nikki\AppData\Local\temp
2012-04-23 20:51 . 2012-04-23 20:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 14:34 . 2012-04-18 14:34 -------- d-----w- C:\~LD
2012-04-18 14:26 . 2010-02-16 11:44 146904 ----a-w- c:\windows\system32\drivers\cbfs.sys
2012-04-18 14:26 . 2012-04-18 14:33 -------- d-----w- c:\users\Nikki\AppData\Local\Megacloud
2012-04-18 14:26 . 2012-04-18 14:26 -------- d-----w- c:\program files\Megacloud
2012-04-13 02:02 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 02:02 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 02:02 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 02:02 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 02:01 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-13 02:01 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-29 20:12 . 2012-03-29 20:12 -------- d-----w- c:\users\Nikki\AppData\Roaming\AVG
2012-03-28 15:31 . 2012-03-28 15:31 -------- d-----w- c:\users\Nikki\AppData\Local\Opera
2012-03-28 15:31 . 2012-03-28 15:31 -------- d-----w- c:\program files\Opera
2012-03-28 12:01 . 2012-03-20 02:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{15AF8EE1-6AAA-4397-BC78-75C000732CDA}\mpengine.dll
2012-03-28 09:11 . 2012-04-14 20:12 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-28 02:43 . 2012-03-28 02:43 -------- d-----w- c:\users\Nikki\AppData\Roaming\FreeFileViewer
2012-03-28 01:43 . 2012-03-28 01:43 -------- d-----w- c:\program files\Common Files\Java
2012-03-28 01:43 . 2012-03-28 01:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-28 01:32 . 2012-04-14 20:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-27 20:08 . 2012-03-27 20:31 -------- d-----w- c:\programdata\AVG2012
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-16 08:48 . 2012-03-16 08:48 1734368 ----a-w- c:\windows\system32\LivedriveControlPanel.cpl
2012-03-06 11:44 . 2012-03-06 11:44 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-01 20:56 . 2012-03-01 20:56 9216 ----a-r- c:\users\Nikki\AppData\Roaming\Microsoft\Installer\{7426428E-71D4-452C-BA13-B14E5EB52859}\Icon7426428E16.exe
2012-02-23 08:18 . 2011-02-01 22:35 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 04:25 . 2012-02-22 04:25 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 04:25 . 2012-02-22 04:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-02-17 05:34 . 2012-03-14 08:00 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 08:00 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 08:00 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38 . 2012-03-14 08:01 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54 . 2012-03-14 08:01 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 03:46 . 2012-01-31 03:46 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-01-25 05:32 . 2012-03-14 08:00 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-14 08:00 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-14 08:00 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-27 20:12 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-27 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\BackupOverlay]
@="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}"
[HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}]
2012-03-16 08:48 1008328 ----a-w- c:\program files\Megacloud\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\LivedriveDownloadOverlay]
@="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}"
[HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}]
2012-03-16 08:48 1008328 ----a-w- c:\program files\Megacloud\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\LivedriveSharedOverlay]
@="{84CEF1E4-1356-4063-845F-05047F4DD52C}"
[HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}]
2012-03-16 08:48 1008328 ----a-w- c:\program files\Megacloud\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\LivedriveSyncedOverlay]
@="{42058329-2FBF-4B33-8E52-3BE5754DE0C1}"
[HKEY_CLASSES_ROOT\CLSID\{42058329-2FBF-4B33-8E52-3BE5754DE0C1}]
2012-03-16 08:48 1008328 ----a-w- c:\program files\Megacloud\LivedriveExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\LivedriveUploadOverlay]
@="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}"
[HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}]
2012-03-16 08:48 1008328 ----a-w- c:\program files\Megacloud\LivedriveExtensions.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Livedrive"="c:\program files\Megacloud\Livedrive.exe" [2012-03-16 1636864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Nikki^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Nikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2012-02-16 03:57 2575712 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-02-11 18:26 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-02-11 18:26 137752 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 01:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-02-11 18:26 172568 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-08-19 03:15 7711264 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-07-14 23:14 1541416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-02-25 13:40 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2012-03-27 20:12 982880 ----a-w- c:\program files\AVG Secure Search\vprot.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 135664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-01 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidsehx.sys [2011-12-23 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-02-22 299472]
S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-02-16 146904]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 MegacloudVSSService;Megacloud VSS Service;c:\program files\Megacloud\VSSService.exe [2012-03-16 157920]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-13 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 20:12]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 23:28]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 23:28]
.
2012-04-22 c:\windows\Tasks\Norton Security Scan for Nikki.job
- c:\program files\Norton Security Scan\Engine\3.0.0.103\Nss.exe [2011-02-01 07:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-23 21:53:09
ComboFix-quarantined-files.txt 2012-04-23 20:53
ComboFix2.txt 2012-04-18 21:23
.
Pre-Run: 60,325,830,656 bytes free
Post-Run: 60,232,396,800 bytes free
.
- - End Of File - - 5003413D86BD31218E3EF7DD71A23391




This is the log from the Malwarebytes' Anti-Malware that was created. It detected one error which was Adware.Skymedia which it then removed. The log is as follows:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.23.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Nikki :: NIKKI-PC [administrator]
23/04/2012 22:07:59
mbam-log-2012-04-23 (22-07-59).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191665
Time elapsed: 6 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\Software\SkyMedia (Adware.SkyMedia) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)



Finally, this is the notepad created by the Security Check:

Results of screen317's Security Check version 0.99.32
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 31
Adobe Flash Player 11.2.202.233
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````




Thanks once again for your help.
Glaswegian's Avatar
Glaswegian   (Iain) Glaswegian is offline Glaswegian is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 3,825 posts.
  
Join Date: Dec 2004
Location: Erm...Glasgow?
24-Apr-2012, 02:54 PM #28
Hi

Deejay100six is not available and I will continue to help you.

Can you tell me how your system is running now?
niknak2308's Avatar
Member with 25 posts.
THREAD STARTER
  
Join Date: Mar 2012
Experience: Beginner
24-Apr-2012, 03:18 PM #29
Hi, Thanks for your help.

My system still refuses to open a lot of internet explorer pages, and will still crash if I try another browser (eg Mozilla). It seems to be only internet related problems, all other computer functions seem to be fine.

Quite often when the computer completely crashes, which is normally after I've tried loading pages that don't want to load, I'll get a blue screen, and then when it tries to restart, it will say it can't find the Operating System, and I'll have to press CtrlAltDel several times before it will find it again.

It dislikes starting up with any CD in the drive too.

I've copied my vital docs and pics to cds, and created a System Repair disc. I also tried creating a System Image (I think that's what it was called) - it took 6.5hrs and 5 discs, and then told me it didn't complete the fullbackup.

Thank you for helping.
Glaswegian's Avatar
Glaswegian   (Iain) Glaswegian is offline Glaswegian is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 3,825 posts.
  
Join Date: Dec 2004
Location: Erm...Glasgow?
24-Apr-2012, 03:28 PM #30
Hi

Is there any message when the blue screen appears? Often these are related to bad drivers.

Have you tried installing Chrome? > > https://www.google.com/chrome

It's a rather good browser. I'd be interested to see if you have the same problems.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 2 of 3 1 2 3
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

Tags
bsod, crash, internet explorer 9, windows 7

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 12:10 PM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

Trusted Website Back to the Top ↑