Major virus Trojan Horse Generic27.BTAL

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Major virus Trojan Horse Generic27.BTAL

Post by jcarp on Sun 20 May 2012, 10:44 pm

Hello, my name is Joe and I have come here because I have a very bad Trojan which I cannot get rid of. I even researched online and one site told me to download and run SpeedyPC Pro and then run Spyhunter (both in safe mode with networking). But this has not helped. This virus is potentially very destructive. Below you will see the new texts from OTL scan (I read Post 1 by Doctor Inferno before starting). However, my computer will not bring up aswMBR. So I'm already stuck on the preliminary processes. Again this is Trojan Horse Generic27.BTAL C:\Windows\explorer.exe (3288):\memory_03320000. Please help.
Joe
P.S. Sorry, I actually cannot post the two text files here because the message is too long. So I actually really need help now, this needs to be solved ASAP

jcarp

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2012-05-20
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Major virus Trojan Horse Generic27.BTAL

Post by jcarp on Sun 20 May 2012, 10:45 pm

OTL Extras logfile created on: 5/20/2012 12:59:43 AM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Joe\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 22.61% Memory free
7.61 Gb Paging File | 3.66 Gb Available in Paging File | 48.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.00 Gb Total Space | 379.64 Gb Free Space | 84.18% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 7.47 Gb Total Space | 7.33 Gb Free Space | 98.14% Space Free | Partition Type: FAT32

Computer Name: JOESLAPTOP | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3BE4384E-B3EE-48B3-BED8-DED69C5F77FD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{BD2EED65-E7DB-40CF-A104-875C016D78F8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{EC45861D-DD7C-4C6C-BCDE-98E5A85357D9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FBEF7B-0C3B-446B-9AAA-DAC3BFA1FEF1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{01DD0B49-F316-4F40-8694-E5B2C8047E7D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{1372FC34-0673-406D-AC24-05C0DF7C227B}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{23446B3D-37DE-4E3D-A3CE-F1B291E9D982}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{275F9997-EE0B-473A-A194-BBFA7E9D9867}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{2E2FEC3E-7D6A-4BCA-8D95-092ECA7B9C25}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{2EFFDD56-8173-4451-B493-FD417C6B21B7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{30689B05-A1CA-4226-89E1-58E9E9687ECB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{3CE7728E-69C6-4599-B407-FC6CA36CC6B5}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{4E436697-7E69-4658-9C75-E890DCE08106}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{5B10757B-10DB-447E-B437-86A785F921CF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{5BF4E464-10C6-475A-9D8C-7D11F5520E20}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5DE2AE5A-92C9-4603-AC6A-2E59F9995F31}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{5E1973CB-C0CE-4E8B-9D83-78B4CE77AC5D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{5EABC86F-D16C-49BA-A690-2F9B8ECE4A75}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{6C34726E-F491-4461-AA7F-DF24933405C8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6EF5845D-3D90-4012-AE2C-BEEDF1BB3B18}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{76B7853B-6755-4F84-B8C5-C612765F8A53}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{8024CD00-AF34-4F52-9BA8-EE2A26A185DA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{87429273-9F52-44EC-8858-61BC25F9ED7A}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{8DCE3459-5FF1-493A-88CC-6F2787073B1B}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{8F53811A-8441-46A2-B9A4-0E0900074679}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{92539028-6C3A-4E71-8CA3-27EDC51376D4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{98CCCCA6-15D0-44C3-9E37-E990925A3DCB}" = dir=in | app=c:\users\joe\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{9EC33869-2773-432B-BCDB-388239099039}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{A2FE619B-96E9-410B-B0D7-72733352CB20}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A4148536-EDC7-4798-87F4-E86F6AA62C12}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A7620FF6-97F3-4C2C-925B-A39BA2D0172C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C193B1C7-9AFD-43F2-83D5-8A9EC1FF8CC5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{CCB621A8-7E95-47D9-9676-19A5AD13982D}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{D083FFA6-47A3-4000-A334-7F9B899B861C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{D1881D8A-C395-4E89-9F75-6CFA97AEB95F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{D38D0524-C32A-4135-BF78-8846CED5D1C5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D6F26A7E-C33E-40C4-BDDE-E87E52377D67}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DEDB981B-BD02-4AEB-B51A-D7B396F9E2FB}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{DF08E361-85F5-4BBB-9D51-E0CACFEFFC9A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E53F903B-2E2C-4279-8C08-D4568B0C1BD0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{EA2C3AD7-DBFA-45D7-953C-26B08431B9FE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F20015CE-03E2-4D1D-87DD-19FCE19C1C8E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{FCF2F0FD-C1B8-40FB-910A-5A653E999FE8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{FD0C1AD8-9A30-4B7C-8172-3154245848AC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi Software
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{262AA9BF-D147-4349-AA26-E6254EE5B896}" = SpyHunter
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{2CDD9D22-AD67-4588-93AD-147C979F6E7C}" = AVG 2012
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{74E52BA7-4698-4BE1-858C-8ED27E836570}" = AVG 2012
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9666782C-CEBB-4D2A-8651-5A02AECA8034}" = AVG 2012
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C43C57C2-092C-4BB2-9371-C7342EF0CBA5}" = AVG 2012
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E3A9E569-929C-4716-8211-D7D2ADC467E4}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AF09E130E2FD4D1BEFD1B9132AE624BAE0364719" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501)
"AVG" = AVG 2012
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{739126B3-1B80-4F9F-8D59-312A19633E1A}_is1" = AVI Player
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}" = EndNote X5
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}" = Dell Perks Webslice IE8
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F336F89D-8C5A-432C-8EA9-DA19377AD591}" = Dell MusicStage
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE182796-F6BA-486A-8590-89B7E8D1D60F}" = Dell Stage
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Anki" = Anki
"BabylonToolbar" = Babylon toolbar on IE
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup" = DivX Setup
"Download_Energy Toolbar" = Download_Energy Toolbar
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Plants vs. Zombies" = Plants vs. Zombies
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"RealPlayer 12.0" = RealPlayer
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AIM" = AIM for Windows

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/27/2012 10:11:07 PM | Computer Name = JOESLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/27/2012 10:11:07 PM | Computer Name = JOESLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 323234

Error - 4/27/2012 10:11:07 PM | Computer Name = JOESLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 323234

Error - 4/27/2012 10:11:08 PM | Computer Name = JOESLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/27/2012 10:11:08 PM | Computer Name = JOESLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 324326

Error - 4/27/2012 10:11:08 PM | Computer Name = JOESLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 324326

Error - 4/27/2012 10:11:09 PM | Computer Name = JOESLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/27/2012 10:11:09 PM | Computer Name = JOESLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 325403

Error - 4/27/2012 10:11:09 PM | Computer Name = JOESLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 325403

Error - 4/27/2012 10:11:10 PM | Computer Name = JOESLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ Dell Events ]
Error - 4/12/2011 8:26:47 PM | Computer Name = Joeslaptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/12/2011 8:26:47 PM | Computer Name = Joeslaptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/12/2011 9:17:38 PM | Computer Name = Joeslaptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/12/2011 9:17:38 PM | Computer Name = Joeslaptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 6/23/2011 11:10:56 PM | Computer Name = Joeslaptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 6/23/2011 11:10:56 PM | Computer Name = Joeslaptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/22/2011 7:38:11 AM | Computer Name = Joeslaptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/22/2011 7:38:11 AM | Computer Name = Joeslaptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/13/2011 5:30:12 PM | Computer Name = Joeslaptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/13/2011 5:30:12 PM | Computer Name = Joeslaptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 5/30/2011 12:04:12 AM | Computer Name = Joeslaptop | Source = MCUpdate | ID = 0
Description = 12:04:12 AM - Error connecting to the internet. 12:04:12 AM - Unable
to contact server..

Error - 5/30/2011 12:04:22 AM | Computer Name = Joeslaptop | Source = MCUpdate | ID = 0
Description = 12:04:17 AM - Error connecting to the internet. 12:04:17 AM - Unable
to contact server..

Error - 5/30/2011 1:04:26 AM | Computer Name = Joeslaptop | Source = MCUpdate | ID = 0
Description = 1:04:26 AM - Error connecting to the internet. 1:04:26 AM - Unable
to contact server..

Error - 5/30/2011 1:04:32 AM | Computer Name = Joeslaptop | Source = MCUpdate | ID = 0
Description = 1:04:31 AM - Error connecting to the internet. 1:04:31 AM - Unable
to contact server..

Error - 5/30/2011 2:04:37 AM | Computer Name = Joeslaptop | Source = MCUpdate | ID = 0
Description = 2:04:37 AM - Error connecting to the internet. 2:04:37 AM - Unable
to contact server..

Error - 5/30/2011 2:04:43 AM | Computer Name = Joeslaptop | Source = MCUpdate | ID = 0
Description = 2:04:42 AM - Error connecting to the internet. 2:04:42 AM - Unable
to contact server..

Error - 5/30/2011 3:04:48 AM | Computer Name = Joeslaptop | Source = MCUpdate | ID = 0
Description = 3:04:48 AM - Error connecting to the internet. 3:04:48 AM - Unable
to contact server..

Error - 5/30/2011 3:04:54 AM | Computer Name = Joeslaptop | Source = MCUpdate | ID = 0
Description = 3:04:53 AM - Error connecting to the internet. 3:04:53 AM - Unable
to contact server..

Error - 6/5/2011 11:58:23 AM | Computer Name = Joeslaptop | Source = MCUpdate | ID = 0
Description = 11:58:23 AM - Error connecting to the internet. 11:58:23 AM - Unable
to contact server..

Error - 6/5/2011 11:58:32 AM | Computer Name = Joeslaptop | Source = MCUpdate | ID = 0
Description = 11:58:28 AM - Error connecting to the internet. 11:58:28 AM - Unable
to contact server..

[ System Events ]
Error - 5/20/2012 4:35:43 AM | Computer Name = Joeslaptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/20/2012 5:02:04 AM | Computer Name = Joeslaptop | Source = DCOM | ID = 10010
Description =

Error - 5/20/2012 5:02:10 AM | Computer Name = Joeslaptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/20/2012 5:02:10 AM | Computer Name = Joeslaptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/20/2012 5:02:10 AM | Computer Name = Joeslaptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/20/2012 5:02:10 AM | Computer Name = Joeslaptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/20/2012 5:02:10 AM | Computer Name = Joeslaptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/20/2012 5:02:10 AM | Computer Name = Joeslaptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/20/2012 5:03:58 AM | Computer Name = Joeslaptop | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 5/20/2012 5:04:28 AM | Computer Name = Joeslaptop | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.


< End of report >

jcarp

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2012-05-20
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Major virus Trojan Horse Generic27.BTAL

Post by jcarp on Sun 20 May 2012, 10:52 pm

OTL logfile created on: 5/20/2012 12:59:43 AM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Joe\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 22.61% Memory free
7.61 Gb Paging File | 3.66 Gb Available in Paging File | 48.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.00 Gb Total Space | 379.64 Gb Free Space | 84.18% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 7.47 Gb Total Space | 7.33 Gb Free Space | 98.14% Space Free | Partition Type: FAT32

Computer Name: JOESLAPTOP | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/19 23:35:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Downloads\OTL.com
PRC - [2012/05/19 00:43:09 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/14 15:27:32 | 000,918,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/04/14 15:27:27 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/04/13 17:40:14 | 004,361,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgui.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/04/03 19:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/07 19:01:50 | 022,465,104 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2012/02/01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
PRC - [2012/01/04 02:47:44 | 006,497,592 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011/11/03 17:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
PRC - [2011/09/06 07:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 05:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 05:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 07:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/07/28 13:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/25 06:45:48 | 000,490,112 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files (x86)\Real\RealPlayer\realplay.exe
PRC - [2011/06/25 06:45:44 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2010/06/08 05:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/06/08 05:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/03 09:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 09:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/01/15 02:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/10/14 22:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
PRC - [2009/10/14 22:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/24 11:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2007/10/18 14:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/19 00:43:01 | 002,042,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/11 03:59:54 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\06269663e6482bc4ceeb48c2a7d1ad34\IAStorUtil.ni.dll
MOD - [2012/05/11 03:59:38 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/11 03:53:57 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/11 03:53:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 03:53:27 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll
MOD - [2012/05/11 03:53:13 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/11 03:53:07 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/11 03:53:05 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll
MOD - [2012/05/11 03:52:48 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/11 03:52:42 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/11 03:52:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/11 03:52:38 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/11 03:52:19 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/04 18:53:45 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/04/14 15:27:27 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/02/01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
MOD - [2012/02/01 11:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
MOD - [2012/02/01 11:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
MOD - [2012/01/04 02:47:42 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2012/01/04 02:47:42 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll
MOD - [2011/11/03 17:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl
MOD - [2011/11/03 17:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl
MOD - [2011/11/03 17:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/18 05:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/07/28 13:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 13:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/16 18:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/25 09:56:10 | 000,238,056 | ---- | M] () -- c:\Program Files\mcafee\msk\mskapbho.dll
MOD - [2010/10/20 09:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/10/14 22:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
MOD - [2009/10/14 22:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/10/14 22:10:16 | 000,588,272 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll
MOD - [2009/09/27 19:52:34 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/05/04 18:22:22 | 000,996,256 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2010/10/13 17:28:54 | 000,245,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/10/13 17:28:54 | 000,200,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/10/13 17:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/10/07 16:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2010/09/22 13:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/30 09:42:00 | 000,220,528 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2010/06/17 19:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/03/10 05:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010/03/10 05:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 05:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2010/03/10 05:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 05:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 05:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 05:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/03/05 05:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2010/03/05 05:07:58 | 000,340,240 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/03/05 05:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2009/12/29 09:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 15:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 00:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/05/19 00:43:07 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/04 18:53:50 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/14 15:27:32 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/04/03 19:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/08/18 05:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/04/03 16:45:59 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/06/08 05:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 09:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/03 09:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/01/15 02:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 11:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/02/29 20:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/03/10 20:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 20:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/01 14:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/20 03:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 01:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/13 17:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/10/13 17:28:54 | 000,441,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/10/13 17:28:54 | 000,283,360 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/10/13 17:28:54 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/10/13 17:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/10/13 17:28:54 | 000,094,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/10/13 17:28:54 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/10/13 17:28:54 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010/08/30 02:17:36 | 000,289,280 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/08/25 10:36:02 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/12 08:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/06/17 19:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/06/08 05:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/30 09:58:06 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/03/30 09:58:06 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/03/30 09:58:06 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/30 09:58:06 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/03/30 09:58:06 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/03/17 17:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2010/03/17 11:44:44 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/17 11:41:48 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/26 14:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/13 15:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 15:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 15:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/15 08:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 10:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 10:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 10:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 10:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 10:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 07:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 15:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files (x86)\Download_Energy\tbDown.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files (x86)\Download_Energy\tbDown.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = [You must be registered and logged in to see this link.] 15:27:35&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://isearch.whitesmoke.com/?isid=9858"
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B95192435-67f7-411a-ab34-a9237972ce70%7D&mid=6d73713ab8aa47d0a89e4149080c4e7d-564777995d76de436003235c2e7e172e849452e3&ds=AVG&v=10.2.0.3&lang=en&pr=pr&d=2012-04-14%2015%3A27%3A35&sap=ku&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Joe\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/29 18:15:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/17 15:30:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/05/15 11:21:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/26 16:59:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/04/14 15:27:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/19 00:43:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/30 13:45:15 | 000,000,000 | ---D | M]

[2011/09/09 18:30:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions
[2011/09/09 18:30:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/04/24 17:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\x4ydv68z.default\extensions
[2012/04/24 17:15:30 | 000,000,000 | ---D | M] (Uptodown EN Community Toolbar) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\x4ydv68z.default\extensions\{40f5f417-32bb-4296-9446-c1e0094e7d82}
[2012/04/24 17:15:38 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\x4ydv68z.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/04/24 17:15:48 | 000,000,000 | ---D | M] (Download Energy Community Toolbar) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\x4ydv68z.default\extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}
[2012/03/29 18:22:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\x4ydv68z.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/04/17 11:58:25 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\x4ydv68z.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/03/29 18:16:26 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\x4ydv68z.default\extensions\engine@conduit.com
[2012/03/29 18:16:26 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\x4ydv68z.default\extensions\ffxtlbr@babylon.com
[2011/08/29 17:48:54 | 000,000,863 | -H-- | M] () -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\x4ydv68z.default\searchplugins\conduit.xml
[2012/01/15 20:44:07 | 000,015,550 | -H-- | M] () -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\x4ydv68z.default\searchplugins\WhiteSmoke Smartbar Search.xml
[2012/04/18 09:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/18 09:43:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/19 00:43:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012/04/26 16:59:34 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/04/14 15:27:46 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.2.0.3
() (No name found) -- C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012/05/19 00:43:11 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/13 17:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012/03/30 17:30:41 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/14 15:27:25 | 000,003,747 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/23 20:48:30 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/02/15 23:41:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/15 23:41:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Joe\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: AVG Safe Search = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: Skype Click to Call = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: AVG Do Not Track = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

jcarp

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2012-05-20
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Major virus Trojan Horse Generic27.BTAL

Post by jcarp on Sun 20 May 2012, 10:53 pm

O1 HOSTS File: ([2009/06/10 11:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho64.dll ()
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20110403221325.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll ()
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5

jcarp

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2012-05-20
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Major virus Trojan Horse Generic27.BTAL

Post by jcarp on Sun 20 May 2012, 10:54 pm

========== Files - Modified Within 30 Days ==========

[2012/05/20 00:53:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/20 00:27:02 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/19 23:26:53 | 098,685,903 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/05/19 23:14:03 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-262397556-2078716270-3374882982-1000UA.job
[2012/05/19 23:12:05 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/19 23:12:05 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/19 23:03:52 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/19 23:03:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/19 23:03:12 | 3062,902,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/19 22:22:26 | 000,002,252 | ---- | M] () -- C:\Users\Joe\Desktop\SpyHunter.lnk
[2012/05/19 20:14:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-262397556-2078716270-3374882982-1000Core.job
[2012/05/19 18:55:08 | 000,000,100 | ---- | M] () -- C:\0.bak
[2012/05/19 18:38:51 | 000,001,197 | ---- | M] () -- C:\Users\Joe\Desktop\SpeedyPC Pro.lnk
[2012/05/19 18:30:24 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/05/19 18:29:59 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/05/19 18:29:58 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/05/19 15:51:49 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/19 15:51:36 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/19 15:51:36 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/19 14:53:12 | 000,001,168 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup.lnk
[2012/05/19 14:53:12 | 000,001,144 | ---- | M] () -- C:\Users\Joe\Desktop\AVG PC Tuneup.lnk
[2012/05/16 19:26:13 | 000,625,471 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/05/15 18:29:48 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/15 15:45:48 | 000,443,693 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/05/15 11:21:12 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/11 03:50:42 | 000,416,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/11 03:21:14 | 000,744,250 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/05 20:37:43 | 000,223,625 | ---- | M] () -- C:\Users\Joe\Documents\IMG_06052012_023721.png
[2012/05/04 18:53:46 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/04 18:53:46 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/04 18:53:19 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/05/01 03:04:20 | 000,744,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/30 13:45:16 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/04/25 20:43:16 | 000,076,757 | ---- | M] () -- C:\Users\Joe\Documents\rosebanner_capitol.jpg
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/19 21:47:05 | 000,002,252 | ---- | C] () -- C:\Users\Joe\Desktop\SpyHunter.lnk
[2012/05/19 18:55:08 | 000,000,100 | ---- | C] () -- C:\0.bak
[2012/05/19 18:30:24 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/05/19 18:30:00 | 000,001,197 | ---- | C] () -- C:\Users\Joe\Desktop\SpeedyPC Pro.lnk
[2012/05/19 18:29:59 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/05/19 18:29:58 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/05/19 14:53:12 | 000,001,168 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup.lnk
[2012/05/19 14:53:12 | 000,001,144 | ---- | C] () -- C:\Users\Joe\Desktop\AVG PC Tuneup.lnk
[2012/05/05 20:37:40 | 000,223,625 | ---- | C] () -- C:\Users\Joe\Documents\IMG_06052012_023721.png
[2012/04/30 13:45:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/30 13:45:16 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/04/25 20:43:11 | 000,076,757 | ---- | C] () -- C:\Users\Joe\Documents\rosebanner_capitol.jpg
[2012/03/30 17:50:45 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/29 13:08:49 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-RWP9g0ERCW77je
[2012/03/29 13:08:35 | 000,000,256 | -H-- | C] () -- C:\ProgramData\RWP9g0ERCW77je
[2012/01/15 20:42:32 | 000,723,294 | ---- | C] () -- C:\Windows\unins001.exe
[2012/01/15 20:42:32 | 000,136,186 | ---- | C] () -- C:\Windows\unins001.dat
[2011/11/24 17:09:21 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/11/24 17:09:21 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/08/11 15:43:37 | 000,000,268 | RH-- | C] () -- C:\Users\Joe\AppData\Roaming\CIOSupport
[2011/08/11 15:43:37 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Carbon
[2011/08/11 15:43:37 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/07/27 13:47:52 | 000,015,872 | ---- | C] () -- C:\Users\Joe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/19 12:50:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/03 19:06:17 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/04/03 19:06:17 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/04/03 19:06:17 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/04/03 19:06:16 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/04/03 19:06:16 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/04/03 19:03:44 | 000,000,096 | ---- | C] () -- C:\Windows\LaunApp.ini
[2011/04/03 19:03:41 | 000,000,271 | ---- | C] () -- C:\Windows\WisPriority.ini
[2011/04/03 19:03:41 | 000,000,035 | ---- | C] () -- C:\Windows\DELL_LANGCODE.ini
[2011/04/03 19:03:41 | 000,000,033 | ---- | C] () -- C:\Windows\DELL_OSTYPE.ini
[2011/04/03 19:03:41 | 000,000,032 | ---- | C] () -- C:\Windows\WisHWDest.ini
[2011/04/03 19:03:41 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2011/04/03 19:03:41 | 000,000,023 | ---- | C] () -- C:\Windows\WisSysInfo.ini
[2011/04/03 16:50:18 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/12/09 14:33:11 | 000,000,325 | ---- | C] () -- C:\Windows\Prelaunch.ini

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/02/11 20:52:22 | 001,524,144 | ---- | M] () -- C:\Users\Joe\Desktop\TubeDownloader Setup.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2012/05/19 00:43:10 | 000,117,728 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
[2012/05/19 00:43:09 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[2012/05/19 00:43:07 | 000,113,120 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
[2012/05/19 00:43:06 | 000,157,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
[2012/05/19 00:42:57 | 000,016,864 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
[2012/05/19 00:42:56 | 000,265,184 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2012/05/19 23:03:19 | 000,000,018 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\log.txt

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2012/04/30 13:44:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011/08/22 09:46:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Anki
[2011/12/25 05:05:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2011/08/11 15:40:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ArcSoft
[2012/05/19 14:52:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
[2012/04/14 15:27:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG Secure Search
[2012/02/23 20:48:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BabylonToolbar
[2011/12/25 05:05:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2011/04/03 16:55:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
[2011/04/03 16:46:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Citrix
[2012/05/19 21:46:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2012/01/18 23:38:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
[2011/04/03 16:48:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cozi Express
[2011/04/03 16:50:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative
[2011/04/03 16:49:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative Live! Cam
[2011/04/03 17:24:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell
[2012/05/19 23:04:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell DataSafe Local Backup
[2012/04/20 11:18:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Stage
[2011/06/23 04:13:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Touch Software Suite
[2011/04/03 16:50:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Webcam
[2012/01/17 15:30:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX
[2012/01/18 23:38:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Download_Energy
[2011/04/03 16:54:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\eBay
[2012/01/17 17:31:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\eMule
[2012/01/18 15:07:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EndNote X5
[2011/06/28 14:09:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FrostWire
[2011/11/16 13:31:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2011/08/11 15:40:45 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/04/03 16:43:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2012/04/12 18:48:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2012/03/29 18:38:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2012/03/30 17:30:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2012/05/10 21:03:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LimeWire
[2011/04/14 21:21:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee
[2012/04/07 11:47:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee Security Scan
[2011/04/03 17:13:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mcafee.com
[2012/03/29 18:15:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Media Player Classic
[2011/04/12 14:35:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2011/04/21 08:36:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/04/21 08:39:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2012/05/11 03:49:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/04/21 08:39:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/04/21 08:39:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
[2011/04/21 08:39:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011/04/21 08:37:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/04/29 21:01:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2012/05/19 18:56:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2012/05/19 12:25:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2011/04/21 08:40:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2011/08/12 21:01:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2011/08/11 15:44:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nikon
[2012/04/07 16:43:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ooVoo
[2011/04/25 16:45:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Plants vs Zombies Game Of The Year Edition
[2011/04/22 16:06:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PopCap Games
[2011/11/01 18:08:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Quick Web Player
[2011/11/16 14:34:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime Alternative
[2011/06/25 06:46:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Real
[2011/04/03 16:44:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/13 19:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011/04/03 16:48:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Roxio
[2012/04/18 09:43:06 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2012/05/19 18:29:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SpeedyPC Software
[2011/04/03 16:58:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TrustedID
[2009/07/13 18:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2011/11/07 17:59:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrent
[2011/11/01 18:10:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2011/04/21 12:52:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vuze
[2009/07/13 19:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2012/04/14 13:43:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2011/06/30 05:33:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/06/30 05:33:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/13 19:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/06/30 05:33:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2011/06/30 05:33:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/06/30 05:33:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2011/11/24 17:09:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Xvid
[2011/04/19 12:16:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!

< MD5 for: AGP440.SYS >
[2009/07/13 15:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 15:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 15:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 15:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 15:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 15:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 15:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 15:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys
[2009/07/13 15:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/13 15:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/13 15:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 15:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: IASTOR.SYS >
[2010/06/08 05:33:14 | 000,540,696 | ---- | M] (Intel Corporation) MD5=2064090C9FAAD92C090D77E50E735B2E -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/06/08 05:33:14 | 000,540,696 | ---- | M] (Intel Corporation) MD5=2064090C9FAAD92C090D77E50E735B2E -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_b2da0d5f1235b4d6\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 15:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 03:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 03:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 02:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 02:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 15:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2010/05/11 22:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/13 15:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/10 20:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/10 20:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2010/05/11 22:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011/03/10 20:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/10 20:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/10 20:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/10 20:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 03:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 03:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/19 00:42:57 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/19 00:42:57 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/19 00:42:57 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/05/19 00:43:09 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe [2012/05/19 00:43:09 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/08 17:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/08 17:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/08 17:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/05/08 17:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/06/30 04:53:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/06/30 04:53:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/06/30 04:53:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/06/30 04:53:57 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/06/30 04:53:57 | 000,754,480 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/05/19 00:42:57 | 000,867,032 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/05/19 00:42:57 | 000,867,032 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/05/19 00:42:57 | 000,867,032 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/05/19 00:43:09 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: FIREFOX.EXE [2012/05/19 00:43:09 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/05/08 17:04:54 | 001,240,048 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/05/08 17:04:54 | 001,240,048 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/05/08 17:04:54 | 001,240,048 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/05/08 17:04:54 | 001,240,048 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/06/30 04:53:57 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/06/30 04:53:57 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/06/30 04:53:57 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/06/30 04:53:57 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2011/06/30 04:53:57 | 000,754,480 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >

jcarp

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2012-05-20
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Major virus Trojan Horse Generic27.BTAL

Post by jcarp on Sun 20 May 2012, 11:08 pm

Here's the checkup.txt as well even though for some reason aswMBR is not running.

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
AVG PC Tuneup
McAfee Security Scan Plus
McAfee SecurityCenter
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

AVG PC Tuneup
Java(TM) 6 Update 31
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````

jcarp

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2012-05-20
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Major virus Trojan Horse Generic27.BTAL

Post by Superdave on Mon 21 May 2012, 6:33 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.
*********************************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Major virus Trojan Horse Generic27.BTAL

Post by jcarp on Mon 21 May 2012, 7:19 am

MBR check: MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron N5010
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 180):
0x03450000 \SystemRoot\system32\ntoskrnl.exe
0x03407000 \SystemRoot\system32\hal.dll
0x00BC9000 \SystemRoot\system32\kdcom.dll
0x00C29000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C78000 \SystemRoot\system32\PSHED.dll
0x00C8C000 \SystemRoot\system32\CLFS.SYS
0x00CEA000 \SystemRoot\system32\CI.dll
0x00EA3000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F47000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F56000 \SystemRoot\system32\drivers\ACPI.sys
0x00FAD000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FB6000 \SystemRoot\system32\drivers\msisadrv.sys
0x00FC0000 \SystemRoot\system32\drivers\pci.sys
0x00FF3000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E00000 \SystemRoot\System32\drivers\partmgr.sys
0x00E15000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E1E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E2A000 \SystemRoot\system32\drivers\volmgr.sys
0x00E3F000 \SystemRoot\System32\drivers\volmgrx.sys
0x00DAA000 \SystemRoot\System32\drivers\mountmgr.sys
0x01066000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01270000 \SystemRoot\system32\drivers\atapi.sys
0x01279000 \SystemRoot\system32\drivers\ataport.SYS
0x012A3000 \SystemRoot\system32\drivers\msahci.sys
0x012AE000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x012BE000 \SystemRoot\system32\drivers\amdxata.sys
0x012C9000 \SystemRoot\system32\drivers\fltmgr.sys
0x01315000 \SystemRoot\system32\drivers\fileinfo.sys
0x01329000 \SystemRoot\system32\drivers\mfehidk.sys
0x013A8000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01450000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01691000 \SystemRoot\System32\Drivers\cng.sys
0x01703000 \SystemRoot\System32\drivers\pcw.sys
0x01714000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0188F000 \SystemRoot\system32\drivers\ndis.sys
0x01982000 \SystemRoot\system32\drivers\NETIO.SYS
0x01800000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A6E000 \SystemRoot\System32\drivers\tcpip.sys
0x01C71000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01CBB000 \SystemRoot\system32\drivers\mfewfpk.sys
0x01CFF000 \SystemRoot\system32\drivers\TDI.SYS
0x01D0C000 \SystemRoot\system32\drivers\volsnap.sys
0x01D58000 \SystemRoot\System32\Drivers\spldr.sys
0x01D60000 \SystemRoot\System32\drivers\rdyboost.sys
0x01D9A000 \SystemRoot\System32\Drivers\mup.sys
0x01DAC000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01DB5000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01A00000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A16000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01A46000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x01A52000 \SystemRoot\system32\DRIVERS\avgidsha.sys
0x0490C000 \SystemRoot\system32\drivers\cdrom.sys
0x04936000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x04946000 \SystemRoot\System32\Drivers\Null.SYS
0x0494F000 \SystemRoot\System32\Drivers\Beep.SYS
0x04956000 \SystemRoot\System32\drivers\vga.sys
0x04964000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04989000 \SystemRoot\System32\drivers\watchdog.sys
0x04999000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x049A2000 \SystemRoot\system32\drivers\rdpencdd.sys
0x049AB000 \SystemRoot\system32\drivers\rdprefmp.sys
0x049B4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x049BF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x049D0000 \SystemRoot\system32\DRIVERS\avgfwd6a.sys
0x04600000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04622000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x04683000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0171E000 \SystemRoot\system32\drivers\afd.sys
0x046C8000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0182B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x046D1000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x049DF000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x049F0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01851000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0186C000 \SystemRoot\system32\drivers\termdd.sys
0x017A7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x01DEF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x01880000 \SystemRoot\system32\drivers\mssmbios.sys
0x019E2000 \SystemRoot\System32\drivers\discache.sys
0x01600000 \SystemRoot\System32\Drivers\dfsc.sys
0x0161E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0162F000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x0141B000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04CBA000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x056D9000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04C00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04C46000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x04C57000 \SystemRoot\system32\drivers\usbehci.sys
0x0308C000 \SystemRoot\system32\drivers\USBPORT.SYS
0x030E2000 \SystemRoot\system32\drivers\HDAudBus.sys
0x05C1B000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x0637B000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x063D9000 \SystemRoot\system32\drivers\i8042prt.sys
0x03106000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x063F7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05C00000 \SystemRoot\system32\drivers\mouclass.sys
0x03155000 \SystemRoot\system32\drivers\kbdclass.sys
0x03164000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03171000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x05C0F000 \SystemRoot\system32\drivers\wmiacpi.sys
0x063F9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x03198000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x031AE000 \SystemRoot\system32\drivers\CompositeBus.sys
0x031BE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x031D4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03000000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0300C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0303B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03056000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04C68000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x063FE000 \SystemRoot\system32\drivers\swenum.sys
0x013B5000 \SystemRoot\system32\drivers\ks.sys
0x03077000 \SystemRoot\system32\drivers\umbus.sys
0x042AE000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04308000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0431D000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x0439F000 \SystemRoot\system32\DRIVERS\portcls.sys
0x043DC000 \SystemRoot\system32\DRIVERS\drmk.sys
0x04200000 \SystemRoot\system32\drivers\ksthunk.sys
0x04206000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x04251000 \SystemRoot\system32\drivers\mfeavfk.sys
0x07EB5000 \SystemRoot\system32\drivers\mfefirek.sys
0x07F1F000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x07F3C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x07F57000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07F74000 \SystemRoot\System32\Drivers\usbvideo.sys
0x07FA2000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
0x07FCD000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x07FDB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x07FF4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x07E00000 \SystemRoot\system32\drivers\kbdhid.sys
0x07E0E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x07E1B000 \SystemRoot\System32\Drivers\fastfat.SYS
0x07E51000 \SystemRoot\System32\Drivers\crashdmp.sys
0x046E7000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x07E5F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000D0000 \SystemRoot\System32\win32k.sys
0x07E72000 \SystemRoot\System32\drivers\Dxapi.sys
0x07E7E000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00530000 \SystemRoot\System32\TSDDD.dll
0x00790000 \SystemRoot\System32\cdd.dll
0x07E8C000 \SystemRoot\system32\drivers\luafv.sys
0x0427E000 \SystemRoot\system32\drivers\WudfPf.sys
0x06388000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02812000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02865000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02878000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02890000 \SystemRoot\system32\drivers\HTTP.sys
0x02959000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02977000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0298F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02C8C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02CDA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02CFE000 \SystemRoot\system32\DRIVERS\avgidsfiltera.sys
0x02D09000 \SystemRoot\system32\drivers\peauth.sys
0x02DAF000 \SystemRoot\System32\Drivers\secdrv.SYS
0x02DBA000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x02DEB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x02C00000 \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
0x02C2C000 \SystemRoot\system32\drivers\btusbflt.sys
0x02C3C000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x04ADD000 \SystemRoot\System32\Drivers\bthport.sys
0x04B69000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x04B95000 \SystemRoot\system32\drivers\BthEnum.sys
0x04BA5000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x04A00000 \SystemRoot\system32\DRIVERS\btwavdt.sys
0x06660000 \SystemRoot\system32\drivers\btwaudio.sys
0x066E6000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x066F2000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x066F6000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0678C000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x09A45000 \SystemRoot\System32\DRIVERS\srv.sys
0x09ADD000 \SystemRoot\system32\drivers\cfwids.sys
0x09AEB000 \SystemRoot\system32\drivers\mfeapfk.sys
0x09B07000 \SystemRoot\system32\drivers\spsys.sys
0x77900000 \Windows\System32\ntdll.dll
0x48210000 \Windows\System32\smss.exe
0xFFC20000 \Windows\System32\apisetschema.dll

Processes (total 114):
0 System Idle Process
4 System
356 C:\Windows\System32\smss.exe
516 C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
592 csrss.exe
640 C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
912 C:\Windows\System32\wininit.exe
948 csrss.exe
972 C:\Windows\System32\services.exe
1000 C:\Windows\System32\lsass.exe
1008 C:\Windows\System32\lsm.exe
396 C:\Windows\System32\winlogon.exe
612 C:\Windows\System32\svchost.exe
1004 C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
1052 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\svchost.exe
1260 C:\Program Files\IDT\WDM\stacsv64.exe
1328 C:\Windows\System32\audiodg.exe
1408 C:\Windows\System32\svchost.exe
1524 C:\Windows\System32\svchost.exe
1676 C:\Windows\System32\wlanext.exe
1684 C:\Windows\System32\conhost.exe
1792 C:\Windows\System32\spoolsv.exe
1832 C:\Windows\System32\svchost.exe
1924 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1960 C:\Program Files\IDT\WDM\AESTSr64.exe
1992 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2016 C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
1128 C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
1464 C:\Program Files\Bonjour\mDNSResponder.exe
1512 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1160 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
2128 C:\Windows\System32\mfevtps.exe
2180 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2212 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
2300 C:\Windows\System32\svchost.exe
2336 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
2384 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2448 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2600 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2712 C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
2760 C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
2968 C:\Windows\System32\taskhost.exe
2988 C:\Windows\System32\taskeng.exe
2328 C:\Windows\System32\dwm.exe
1544 C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
2664 C:\Windows\System32\taskeng.exe
2628 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
2816 C:\Windows\System32\taskeng.exe
2392 C:\Windows\explorer.exe
2892 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
3296 C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
3352 C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
3412 unsecapp.exe
3472 WmiPrvSE.exe
3736 C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
3840 C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
3860 C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
4000 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
4564 C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
4240 C:\Windows\System32\svchost.exe
1708 C:\Windows\System32\svchost.exe
5136 C:\Windows\System32\igfxtray.exe
5144 C:\Windows\System32\hkcmd.exe
5156 C:\Windows\System32\igfxpers.exe
5164 C:\Program Files\IDT\WDM\sttray64.exe
5176 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
5252 C:\Program Files\Dell\QuickSet\quickset.exe
5268 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
5384 C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
5444 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
5948 C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
6076 C:\Program Files (x86)\ooVoo\ooVoo.exe
5332 C:\Windows\System32\wbem\unsecapp.exe
5904 C:\Program Files\Windows Sidebar\sidebar.exe
5932 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1972 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
2236 C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2464 C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
6172 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
6180 C:\Program Files\mcafee.com\agent\mcagent.exe
6232 C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
6272 C:\Windows\System32\SearchIndexer.exe
6300 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
6428 C:\Program Files (x86)\iTunes\iTunesHelper.exe
6572 C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
6676 C:\Windows\System32\svchost.exe
6700 C:\Program Files (x86)\AVG Secure Search\vprot.exe
6756 C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
6892 C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
7124 C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
7144 C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
6036 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
6568 C:\Windows\System32\conhost.exe
7132 C:\Program Files\Windows Media Player\wmpnetwk.exe
3856 C:\Windows\System32\SearchProtocolHost.exe
7336 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
7924 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
8092 C:\Program Files\iPod\bin\iPodService.exe
7888 C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
3468 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
7760 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
8732 C:\Windows\System32\sppsvc.exe
8832 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
8500 C:\Windows\servicing\TrustedInstaller.exe
8660 C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
8824 C:\Program Files (x86)\Real\RealPlayer\realplay.exe
576 C:\Windows\System32\SearchFilterHost.exe
9136 dllhost.exe
7972 dllhost.exe
7252 C:\Users\Joe\Downloads\MBRCheck.exe
4432 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`afd00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000BEVT-75A0RT0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: FDDCA5E0C8B6CE20A905CF4F023347B822E0808A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

jcarp

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2012-05-20
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Major virus Trojan Horse Generic27.BTAL

Post by jcarp on Mon 21 May 2012, 8:52 am

Malwarebytes Anti-Malware 1.61.0.1400
[You must be registered and logged in to see this link.]

Database version: v2012.05.20.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Joe :: JOESLAPTOP [administrator]

5/20/2012 10:23:46 AM
mbam-log-2012-05-20 (10-23-46).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 346288
Time elapsed: 1 hour(s), 20 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Joe\Downloads\AVIMediaPlayerSetup.exe (PUP.Adware.RKN) -> Quarantined and deleted successfully.

(end)

jcarp

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2012-05-20
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Major virus Trojan Horse Generic27.BTAL

Post by jcarp on Mon 21 May 2012, 9:10 am

here you go Dave! Thanks for your quick reply. I'll just wait for further instructions .

jcarp

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2012-05-20
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Major virus Trojan Horse Generic27.BTAL

Post by Superdave on Mon 21 May 2012, 10:01 am

We need to fix the Master Boot Record using aswMBR now.


  • Double click aswMBR.exe to run it like before
  • Once the scan finishes click FixMBR to remove the infection as illustrated below





  • Once the scan finishes click Save log to save the log to your Desktop



  • Copy and paste the contents of aswMBR.txt back here for review
.
************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Major virus Trojan Horse Generic27.BTAL

Post by jcarp on Mon 21 May 2012, 10:10 am

Dave it still will not run. I even tried reinstalling it and then hit 'run' again and still nothing is coming up...

jcarp

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2012-05-20
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Major virus Trojan Horse Generic27.BTAL

Post by Superdave on Mon 21 May 2012, 10:50 am

Ok. Let's try something else.

Please Boot to the System Recovery Options
If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...
NOTE. If none of the above apply you can create System Repair Disc (link in "Option two") and boot from it.

On the System Recovery Options menu you will get the following options:


  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt


Choose Command Prompt
You should see X:\SOURCES>...

Execute the following commands in bold.
Press Enter after every one of them.

bootrec /fixmbr (<--- there is a "space" after "bootrec")

bootrec /fixboot (<--- there is a "space" after "bootrec")

exit

Restart computer.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Major virus Trojan Horse Generic27.BTAL

Post by jcarp on Mon 21 May 2012, 12:53 pm

Dave, I hit F8 to go to the Boot System Recovery but when I click on Repair computer it has been stuck on a black screen saying "Windows loading Files" for the past two hours. I had to shut it down again so I could log on regularly to tell you it is not working.

jcarp

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2012-05-20
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Major virus Trojan Horse Generic27.BTAL

Post by Superdave on Tue 22 May 2012, 6:20 am

jcarp wrote:Dave, I hit F8 to go to the Boot System Recovery but when I click on Repair computer it has been stuck on a black screen saying "Windows loading Files" for the past two hours. I had to shut it down again so I could log on regularly to tell you it is not working.

You should click on Command prompt not Repair computer.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Major virus Trojan Horse Generic27.BTAL

Post by jcarp on Tue 22 May 2012, 7:28 am

I clicked on safe mode with command prompt and it didnt do anything. a black window came up lie it was supposed to be loading something but it didn't...

jcarp

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2012-05-20
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Major virus Trojan Horse Generic27.BTAL

Post by Superdave on Tue 22 May 2012, 9:03 am


  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.



  • If an infected file is detected, the default action will be Cure, click on Continue.



  • If a suspicious file is detected, the default action will be Skip, click on Continue.



  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.



  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..

Please try running aswMBR.exe in post # 11

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Major virus Trojan Horse Generic27.BTAL

Post by jcarp on Tue 22 May 2012, 9:58 am

4:31.0328 7988 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
12:44:33.0340 7988 ============================================================
12:44:33.0340 7988 Current date / time: 2012/05/21 12:44:33.0340
12:44:33.0340 7988 SystemInfo:
12:44:33.0340 7988
12:44:33.0340 7988 OS Version: 6.1.7601 ServicePack: 1.0
12:44:33.0340 7988 Product type: Workstation
12:44:33.0341 7988 ComputerName: JOESLAPTOP
12:44:33.0341 7988 UserName: Joe
12:44:33.0341 7988 Windows directory: C:\Windows
12:44:33.0341 7988 System windows directory: C:\Windows
12:44:33.0341 7988 Running under WOW64
12:44:33.0341 7988 Processor architecture: Intel x64
12:44:33.0341 7988 Number of processors: 4
12:44:33.0341 7988 Page size: 0x1000
12:44:33.0341 7988 Boot type: Normal boot
12:44:33.0341 7988 ============================================================
12:44:34.0527 7988 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:44:34.0536 7988 Drive \Device\Harddisk1\DR1 - Size: 0x1DEC00000 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:44:34.0540 7988 ============================================================
12:44:34.0540 7988 \Device\Harddisk0\DR0:
12:44:34.0540 7988 MBR partitions:
12:44:34.0540 7988 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
12:44:34.0540 7988 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38602830
12:44:34.0540 7988 \Device\Harddisk1\DR1:
12:44:34.0541 7988 MBR partitions:
12:44:34.0541 7988 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x40, BlocksNum 0xEF5FC0
12:44:34.0541 7988 ============================================================
12:44:34.0700 7988 C: <-> \Device\Harddisk0\DR0\Partition1
12:44:34.0700 7988 ============================================================
12:44:34.0700 7988 Initialize success
12:44:34.0700 7988 ============================================================
12:44:43.0972 8432 ============================================================
12:44:43.0972 8432 Scan started
12:44:43.0972 8432 Mode: Manual;
12:44:43.0972 8432 ============================================================
12:44:46.0414 8432 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:44:46.0595 8432 1394ohci - ok
12:44:46.0733 8432 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:44:46.0763 8432 ACPI - ok
12:44:46.0805 8432 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:44:46.0880 8432 AcpiPmi - ok
12:44:47.0019 8432 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:44:47.0023 8432 AdobeARMservice - ok
12:44:47.0213 8432 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:44:47.0216 8432 AdobeFlashPlayerUpdateSvc - ok
12:44:47.0326 8432 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:44:47.0355 8432 adp94xx - ok
12:44:47.0419 8432 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:44:47.0445 8432 adpahci - ok
12:44:47.0532 8432 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:44:47.0551 8432 adpu320 - ok
12:44:47.0602 8432 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:44:47.0604 8432 AeLookupSvc - ok
12:44:47.0687 8432 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
12:44:47.0692 8432 AESTFilters - ok
12:44:47.0803 8432 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:44:47.0925 8432 AFD - ok
12:44:47.0997 8432 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:44:48.0006 8432 agp440 - ok
12:44:48.0038 8432 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:44:48.0046 8432 ALG - ok
12:44:48.0082 8432 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:44:48.0089 8432 aliide - ok
12:44:48.0107 8432 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:44:48.0112 8432 amdide - ok
12:44:48.0163 8432 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:44:48.0176 8432 AmdK8 - ok
12:44:48.0207 8432 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:44:48.0219 8432 AmdPPM - ok
12:44:48.0298 8432 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:44:48.0357 8432 amdsata - ok
12:44:48.0398 8432 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:44:48.0409 8432 amdsbs - ok
12:44:48.0440 8432 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:44:48.0498 8432 amdxata - ok
12:44:48.0566 8432 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:44:48.0611 8432 AppID - ok
12:44:48.0640 8432 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:44:48.0647 8432 AppIDSvc - ok
12:44:48.0709 8432 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:44:48.0763 8432 Appinfo - ok
12:44:48.0917 8432 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:44:48.0946 8432 Apple Mobile Device - ok
12:44:48.0975 8432 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:44:48.0982 8432 arc - ok
12:44:49.0003 8432 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:44:49.0011 8432 arcsas - ok
12:44:49.0039 8432 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:44:49.0046 8432 AsyncMac - ok
12:44:49.0094 8432 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:44:49.0122 8432 atapi - ok
12:44:49.0222 8432 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:44:49.0278 8432 AudioEndpointBuilder - ok
12:44:49.0285 8432 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:44:49.0289 8432 AudioSrv - ok
12:44:49.0358 8432 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
12:44:49.0423 8432 Avgfwfd - ok
12:44:49.0649 8432 avgfws (3f246752bc1309f71a737c6a90dd5295) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
12:44:49.0700 8432 avgfws - ok
12:44:50.0023 8432 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
12:44:50.0141 8432 AVGIDSAgent - ok
12:44:50.0750 8432 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
12:44:50.0810 8432 AVGIDSDriver - ok
12:44:50.0876 8432 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
12:44:50.0933 8432 AVGIDSFilter - ok
12:44:51.0016 8432 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
12:44:51.0083 8432 AVGIDSHA - ok
12:44:51.0182 8432 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
12:44:51.0238 8432 Avgldx64 - ok
12:44:51.0266 8432 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
12:44:51.0304 8432 Avgmfx64 - ok
12:44:51.0355 8432 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
12:44:51.0411 8432 Avgrkx64 - ok
12:44:51.0478 8432 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
12:44:51.0498 8432 Avgtdia - ok
12:44:51.0606 8432 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
12:44:51.0610 8432 avgwd - ok
12:44:51.0667 8432 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:44:51.0722 8432 AxInstSV - ok
12:44:51.0800 8432 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:44:51.0832 8432 b06bdrv - ok
12:44:51.0888 8432 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:44:51.0918 8432 b57nd60a - ok
12:44:51.0985 8432 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:44:52.0007 8432 BDESVC - ok
12:44:52.0036 8432 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:44:52.0046 8432 Beep - ok
12:44:52.0152 8432 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:44:52.0209 8432 BFE - ok
12:44:52.0301 8432 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
12:44:52.0411 8432 BITS - ok
12:44:52.0495 8432 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:44:52.0507 8432 blbdrive - ok
12:44:52.0676 8432 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:44:52.0723 8432 Bonjour Service - ok
12:44:52.0777 8432 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:44:52.0821 8432 bowser - ok
12:44:52.0845 8432 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:44:52.0852 8432 BrFiltLo - ok
12:44:52.0860 8432 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:44:52.0869 8432 BrFiltUp - ok
12:44:52.0924 8432 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:44:52.0981 8432 Browser - ok
12:44:53.0031 8432 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:44:53.0061 8432 Brserid - ok
12:44:53.0080 8432 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:44:53.0087 8432 BrSerWdm - ok
12:44:53.0103 8432 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:44:53.0109 8432 BrUsbMdm - ok
12:44:53.0126 8432 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:44:53.0131 8432 BrUsbSer - ok
12:44:53.0200 8432 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
12:44:53.0227 8432 BthEnum - ok
12:44:53.0262 8432 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:44:53.0268 8432 BTHMODEM - ok
12:44:53.0316 8432 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:44:53.0321 8432 BthPan - ok
12:44:53.0418 8432 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
12:44:53.0478 8432 BTHPORT - ok
12:44:53.0526 8432 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:44:53.0535 8432 bthserv - ok
12:44:53.0587 8432 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
12:44:53.0642 8432 BTHUSB - ok
12:44:53.0671 8432 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
12:44:53.0732 8432 btusbflt - ok
12:44:53.0781 8432 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
12:44:53.0822 8432 btwaudio - ok
12:44:53.0859 8432 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
12:44:53.0913 8432 btwavdt - ok
12:44:54.0064 8432 btwdins (10ffb5fa51d5713d872b41a59dfc2213) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
12:44:54.0083 8432 btwdins - ok
12:44:54.0112 8432 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
12:44:54.0173 8432 btwl2cap - ok
12:44:54.0199 8432 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
12:44:54.0251 8432 btwrchid - ok
12:44:54.0296 8432 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:44:54.0304 8432 cdfs - ok
12:44:54.0379 8432 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:44:54.0461 8432 cdrom - ok
12:44:54.0552 8432 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:44:54.0598 8432 CertPropSvc - ok
12:44:54.0645 8432 cfwids (e02c9cdb15f13de4eb2ff67660e62317) C:\Windows\system32\drivers\cfwids.sys
12:44:54.0705 8432 cfwids - ok
12:44:54.0748 8432 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:44:54.0755 8432 circlass - ok
12:44:54.0813 8432 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:44:54.0852 8432 CLFS - ok
12:44:54.0942 8432 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:44:54.0984 8432 clr_optimization_v2.0.50727_32 - ok
12:44:55.0034 8432 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:44:55.0050 8432 clr_optimization_v2.0.50727_64 - ok
12:44:55.0147 8432 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:44:55.0193 8432 clr_optimization_v4.0.30319_32 - ok
12:44:55.0233 8432 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:44:55.0248 8432 clr_optimization_v4.0.30319_64 - ok
12:44:55.0296 8432 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:44:55.0307 8432 CmBatt - ok
12:44:55.0338 8432 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:44:55.0346 8432 cmdide - ok
12:44:55.0416 8432 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:44:55.0474 8432 CNG - ok
12:44:55.0517 8432 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:44:55.0525 8432 Compbatt - ok
12:44:55.0567 8432 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:44:55.0657 8432 CompositeBus - ok
12:44:55.0678 8432 COMSysApp - ok
12:44:55.0695 8432 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:44:55.0700 8432 crcdisk - ok
12:44:55.0764 8432 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:44:55.0803 8432 CryptSvc - ok
12:44:55.0874 8432 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
12:44:55.0937 8432 CtClsFlt - ok
12:44:56.0035 8432 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:44:56.0049 8432 DcomLaunch - ok
12:44:56.0101 8432 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:44:56.0126 8432 defragsvc - ok
12:44:56.0177 8432 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:44:56.0232 8432 DfsC - ok
12:44:56.0338 8432 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:44:56.0448 8432 Dhcp - ok
12:44:56.0487 8432 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:44:56.0498 8432 discache - ok
12:44:56.0538 8432 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:44:56.0546 8432 Disk - ok
12:44:56.0595 8432 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:44:56.0647 8432 Dnscache - ok
12:44:56.0712 8432 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:44:56.0816 8432 dot3svc - ok
12:44:56.0879 8432 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:44:56.0891 8432 DPS - ok
12:44:56.0928 8432 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:44:56.0940 8432 drmkaud - ok
12:44:57.0059 8432 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:44:57.0158 8432 DXGKrnl - ok
12:44:57.0211 8432 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:44:57.0224 8432 EapHost - ok
12:44:57.0448 8432 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:44:57.0591 8432 ebdrv - ok
12:44:57.0739 8432 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:44:57.0743 8432 EFS - ok
12:44:57.0856 8432 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:44:57.0957 8432 ehRecvr - ok
12:44:58.0007 8432 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:44:58.0038 8432 ehSched - ok
12:44:58.0166 8432 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:44:58.0198 8432 elxstor - ok
12:44:58.0230 8432 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:44:58.0238 8432 ErrDev - ok
12:44:58.0313 8432 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:44:58.0345 8432 EventSystem - ok
12:44:58.0585 8432 EvtEng (b56d9602db5fe1c116b1ca5efd8e2e50) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:44:58.0646 8432 EvtEng - ok
12:44:58.0816 8432 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:44:58.0845 8432 exfat - ok
12:44:58.0890 8432 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:44:58.0945 8432 fastfat - ok
12:44:59.0057 8432 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:44:59.0120 8432 Fax - ok
12:44:59.0139 8432 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:44:59.0145 8432 fdc - ok
12:44:59.0176 8432 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:44:59.0186 8432 fdPHost - ok
12:44:59.0209 8432 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:44:59.0216 8432 FDResPub - ok
12:44:59.0259 8432 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:44:59.0269 8432 FileInfo - ok
12:44:59.0286 8432 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:44:59.0291 8432 Filetrace - ok
12:44:59.0309 8432 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:44:59.0315 8432 flpydisk - ok
12:44:59.0376 8432 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:44:59.0438 8432 FltMgr - ok
12:44:59.0559 8432 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:44:59.0662 8432 FontCache - ok
12:44:59.0745 8432 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:44:59.0794 8432 FontCache3.0.0.0 - ok
12:44:59.0894 8432 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:44:59.0919 8432 FsDepends - ok
12:44:59.0957 8432 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:44:59.0998 8432 Fs_Rec - ok
12:45:00.0053 8432 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:45:00.0111 8432 fvevol - ok
12:45:00.0135 8432 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:45:00.0143 8432 gagp30kx - ok
12:45:00.0202 8432 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:45:00.0284 8432 GEARAspiWDM - ok
12:45:00.0377 8432 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
12:45:00.0465 8432 GoToAssist - ok
12:45:00.0579 8432 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:45:00.0676 8432 gpsvc - ok
12:45:00.0811 8432 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:45:00.0816 8432 gupdate - ok
12:45:00.0866 8432 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:45:00.0869 8432 gupdatem - ok
12:45:00.0895 8432 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:45:00.0903 8432 hcw85cir - ok
12:45:00.0980 8432 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:45:01.0055 8432 HdAudAddService - ok
12:45:01.0099 8432 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:45:01.0102 8432 HDAudBus - ok
12:45:01.0139 8432 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
12:45:01.0188 8432 HECIx64 - ok
12:45:01.0229 8432 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:45:01.0244 8432 HidBatt - ok
12:45:01.0259 8432 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:45:01.0267 8432 HidBth - ok
12:45:01.0288 8432 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:45:01.0294 8432 HidIr - ok
12:45:01.0321 8432 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
12:45:01.0328 8432 hidserv - ok
12:45:01.0376 8432 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:45:01.0426 8432 HidUsb - ok
12:45:01.0487 8432 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:45:01.0564 8432 hkmsvc - ok
12:45:01.0632 8432 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:45:01.0685 8432 HomeGroupListener - ok
12:45:01.0734 8432 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:45:01.0738 8432 HomeGroupProvider - ok
12:45:01.0791 8432 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:45:01.0832 8432 HpSAMD - ok
12:45:01.0946 8432 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:45:02.0011 8432 HTTP - ok
12:45:02.0052 8432 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:45:02.0082 8432 hwpolicy - ok
12:45:02.0140 8432 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:45:02.0157 8432 i8042prt - ok
12:45:02.0259 8432 iaStor (2064090c9faad92c090d77e50e735b2e) C:\Windows\system32\DRIVERS\iaStor.sys
12:45:02.0267 8432 iaStor - ok
12:45:02.0393 8432 IAStorDataMgrSvc (a9be186abf28b3d3d698cb855edf457e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
12:45:02.0400 8432 IAStorDataMgrSvc - ok
12:45:02.0474 8432 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:45:02.0563 8432 iaStorV - ok
12:45:02.0652 8432 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:45:02.0707 8432 IDriverT - ok
12:45:02.0843 8432 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:45:02.0952 8432 idsvc - ok
12:45:03.0654 8432 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:45:03.0966 8432 igfx - ok
12:45:04.0114 8432 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:45:04.0128 8432 iirsp - ok
12:45:04.0233 8432 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:45:04.0303 8432 IKEEXT - ok
12:45:04.0343 8432 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
12:45:04.0432 8432 Impcd - ok
12:45:04.0506 8432 IntcDAud (c6c1f19205da83c801be7c25f4e2ee07) C:\Windows\system32\DRIVERS\IntcDAud.sys
12:45:04.0601 8432 IntcDAud - ok
12:45:04.0631 8432 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:45:04.0635 8432 intelide - ok
12:45:04.0692 8432 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:45:04.0696 8432 intelppm - ok
12:45:04.0732 8432 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:45:04.0744 8432 IPBusEnum - ok
12:45:04.0793 8432 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:45:04.0848 8432 IpFilterDriver - ok
12:45:04.0941 8432 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:45:04.0961 8432 iphlpsvc - ok
12:45:05.0006 8432 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:45:05.0045 8432 IPMIDRV - ok
12:45:05.0095 8432 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:45:05.0111 8432 IPNAT - ok
12:45:05.0253 8432 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
12:45:05.0277 8432 iPod Service - ok
12:45:05.0317 8432 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:45:05.0323 8432 IRENUM - ok
12:45:05.0364 8432 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:45:05.0372 8432 isapnp - ok
12:45:05.0431 8432 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:45:05.0486 8432 iScsiPrt - ok
12:45:05.0518 8432 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:45:05.0526 8432 kbdclass - ok
12:45:05.0580 8432 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:45:05.0642 8432 kbdhid - ok
12:45:05.0668 8432 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:05.0669 8432 KeyIso - ok
12:45:05.0692 8432 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:45:05.0725 8432 KSecDD - ok
12:45:05.0747 8432 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:45:05.0798 8432 KSecPkg - ok
12:45:05.0829 8432 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:45:05.0834 8432 ksthunk - ok
12:45:05.0886 8432 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:45:05.0905 8432 KtmRm - ok
12:45:05.0974 8432 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
12:45:06.0045 8432 LanmanServer - ok
12:45:06.0107 8432 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:45:06.0179 8432 LanmanWorkstation - ok
12:45:06.0221 8432 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:45:06.0228 8432 lltdio - ok
12:45:06.0297 8432 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:45:06.0317 8432 lltdsvc - ok
12:45:06.0356 8432 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:45:06.0374 8432 lmhosts - ok
12:45:06.0508 8432 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:45:06.0524 8432 LMS - ok
12:45:06.0593 8432 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:45:06.0611 8432 LSI_FC - ok
12:45:06.0635 8432 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:45:06.0644 8432 LSI_SAS - ok
12:45:06.0671 8432 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:45:06.0677 8432 LSI_SAS2 - ok
12:45:06.0689 8432 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:45:06.0697 8432 LSI_SCSI - ok
12:45:06.0748 8432 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:45:06.0778 8432 luafv - ok
12:45:06.0895 8432 McAWFwk (b6bd99c3e23507a732c474caa620c0d7) c:\PROGRA~1\mcafee\msc\mcawfwk.exe
12:45:06.0965 8432 McAWFwk - ok
12:45:07.0068 8432 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
12:45:07.0141 8432 McComponentHostService - ok
12:45:07.0246 8432 McMPFSvc (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
12:45:07.0252 8432 McMPFSvc - ok
12:45:07.0274 8432 mcmscsvc (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
12:45:07.0279 8432 mcmscsvc - ok
12:45:07.0287 8432 McNaiAnn (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
12:45:07.0290 8432 McNaiAnn - ok
12:45:07.0295 8432 McNASvc (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
12:45:07.0299 8432 McNASvc - ok
12:45:07.0380 8432 McODS (3809b77eb1734cd5fb317425f188abc1) C:\Program Files\mcafee\VirusScan\mcods.exe
12:45:07.0392 8432 McODS - ok
12:45:07.0399 8432 McOobeSv (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
12:45:07.0403 8432 McOobeSv - ok
12:45:07.0410 8432 McProxy (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
12:45:07.0413 8432 McProxy - ok
12:45:07.0489 8432 McShield (461eabb62f1827b965f508092160eddc) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
12:45:07.0500 8432 McShield - ok
12:45:07.0636 8432 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:45:07.0678 8432 Mcx2Svc - ok
12:45:07.0754 8432 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:45:07.0770 8432 megasas - ok
12:45:07.0810 8432 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:45:07.0835 8432 MegaSR - ok
12:45:07.0897 8432 mfeapfk (c1556ca9695fcd6bbd23d75d402fd43d) C:\Windows\system32\drivers\mfeapfk.sys
12:45:07.0900 8432 mfeapfk - ok
12:45:07.0964 8432 mfeavfk (8857ee8b49f3338fc1fad476bfcca146) C:\Windows\system32\drivers\mfeavfk.sys
12:45:08.0028 8432 mfeavfk - ok
12:45:08.0055 8432 mfeavfk01 - ok
12:45:08.0094 8432 mfefire (dd92e94e265864306377f091b100d0d0) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
12:45:08.0113 8432 mfefire - ok
12:45:08.0177 8432 mfefirek (19c44295f6bf085c83352d48397f7870) C:\Windows\system32\drivers\mfefirek.sys
12:45:08.0263 8432 mfefirek - ok
12:45:08.0357 8432 mfehidk (5f915e20ab56121c41c6bf9a91a83bda) C:\Windows\system32\drivers\mfehidk.sys
12:45:08.0429 8432 mfehidk - ok
12:45:08.0501 8432 mfenlfk (23ae332e32ff615ca5e5224c8d91af11) C:\Windows\system32\DRIVERS\mfenlfk.sys
12:45:08.0547 8432 mfenlfk - ok
12:45:08.0596 8432 mferkdet (9c7a9273e345f8d653394b5c542bf86a) C:\Windows\system32\drivers\mferkdet.sys
12:45:08.0639 8432 mferkdet - ok
12:45:08.0662 8432 mfevtp (aecd0c9abdfdc61be31163b624c4170f) C:\Windows\system32\mfevtps.exe
12:45:08.0673 8432 mfevtp - ok
12:45:08.0727 8432 mfewfpk (3140b2c56d7119ba314f68fc785683f0) C:\Windows\system32\drivers\mfewfpk.sys
12:45:08.0768 8432 mfewfpk - ok
12:45:08.0850 8432 Microsoft SharePoint Workspace Audit Service - ok
12:45:08.0900 8432 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:45:08.0904 8432 MMCSS - ok
12:45:08.0938 8432 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:45:08.0945 8432 Modem - ok
12:45:08.0978 8432 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:45:08.0981 8432 monitor - ok
12:45:09.0037 8432 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
12:45:09.0045 8432 mouclass - ok
12:45:09.0079 8432 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:45:09.0086 8432 mouhid - ok
12:45:09.0137 8432 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:45:09.0194 8432 mountmgr - ok
12:45:09.0276 8432 MozillaMaintenance (166f0cbff55d16552161c154317287ca) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:45:09.0330 8432 MozillaMaintenance - ok
12:45:09.0376 8432 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:45:09.0441 8432 mpio - ok
12:45:09.0470 8432 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:45:09.0480 8432 mpsdrv - ok
12:45:09.0594 8432 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:45:09.0668 8432 MpsSvc - ok
12:45:09.0716 8432 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:45:09.0776 8432 MRxDAV - ok
12:45:09.0825 8432 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:45:09.0903 8432 mrxsmb - ok
12:45:09.0971 8432 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:45:10.0088 8432 mrxsmb10 - ok
12:45:10.0133 8432 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:45:10.0190 8432 mrxsmb20 - ok
12:45:10.0230 8432 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:45:10.0313 8432 msahci - ok
12:45:10.0357 8432 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:45:10.0435 8432 msdsm - ok
12:45:10.0464 8432 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:45:10.0482 8432 MSDTC - ok
12:45:10.0531 8432 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:45:10.0537 8432 Msfs - ok
12:45:10.0548 8432 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:45:10.0555 8432 mshidkmdf - ok
12:45:10.0584 8432 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:45:10.0592 8432 msisadrv - ok
12:45:10.0632 8432 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:45:10.0648 8432 MSiSCSI - ok

jcarp

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2012-05-20
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Major virus Trojan Horse Generic27.BTAL

Post by jcarp on Tue 22 May 2012, 9:59 am

12:45:10.0652 8432 msiserver - ok
12:45:10.0767 8432 MSK80Service (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
12:45:10.0771 8432 MSK80Service - ok
12:45:10.0818 8432 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:45:10.0829 8432 MSKSSRV - ok
12:45:10.0846 8432 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:45:10.0853 8432 MSPCLOCK - ok
12:45:10.0859 8432 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:45:10.0864 8432 MSPQM - ok
12:45:10.0948 8432 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:45:10.0990 8432 MsRPC - ok
12:45:11.0030 8432 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:45:11.0032 8432 mssmbios - ok
12:45:11.0058 8432 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:45:11.0064 8432 MSTEE - ok
12:45:11.0080 8432 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:45:11.0087 8432 MTConfig - ok
12:45:11.0106 8432 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:45:11.0113 8432 Mup - ok
12:45:11.0221 8432 MyWiFiDHCPDNS (a9bc2302fbdf52c8af4e2fc966288d21) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
12:45:11.0231 8432 MyWiFiDHCPDNS - ok
12:45:11.0305 8432 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:45:11.0316 8432 napagent - ok
12:45:11.0387 8432 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:45:11.0416 8432 NativeWifiP - ok
12:45:11.0552 8432 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:45:11.0591 8432 NDIS - ok
12:45:11.0620 8432 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:45:11.0628 8432 NdisCap - ok
12:45:11.0667 8432 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:45:11.0674 8432 NdisTapi - ok
12:45:11.0716 8432 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:45:11.0770 8432 Ndisuio - ok
12:45:11.0810 8432 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:45:11.0870 8432 NdisWan - ok
12:45:11.0914 8432 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:45:11.0961 8432 NDProxy - ok
12:45:11.0998 8432 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:45:12.0012 8432 NetBIOS - ok
12:45:12.0066 8432 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:45:12.0133 8432 NetBT - ok
12:45:12.0172 8432 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:12.0174 8432 Netlogon - ok
12:45:12.0242 8432 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:45:12.0271 8432 Netman - ok
12:45:12.0309 8432 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:45:12.0317 8432 netprofm - ok
12:45:12.0395 8432 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:45:12.0417 8432 NetTcpPortSharing - ok
12:45:12.0875 8432 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
12:45:13.0140 8432 NETw5s64 - ok
12:45:13.0300 8432 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:45:13.0309 8432 nfrd960 - ok
12:45:13.0388 8432 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:45:13.0400 8432 NlaSvc - ok
12:45:13.0415 8432 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:45:13.0420 8432 Npfs - ok
12:45:13.0446 8432 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:45:13.0459 8432 nsi - ok
12:45:13.0501 8432 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:45:13.0513 8432 nsiproxy - ok
12:45:13.0673 8432 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:45:13.0800 8432 Ntfs - ok
12:45:13.0936 8432 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:45:13.0949 8432 Null - ok
12:45:14.0012 8432 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:45:14.0077 8432 nvraid - ok
12:45:14.0102 8432 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:45:14.0142 8432 nvstor - ok
12:45:14.0176 8432 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:45:14.0185 8432 nv_agp - ok
12:45:14.0220 8432 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:45:14.0229 8432 ohci1394 - ok
12:45:14.0343 8432 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:45:14.0401 8432 ose - ok
12:45:14.0760 8432 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:45:14.0997 8432 osppsvc - ok
12:45:15.0151 8432 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:45:15.0162 8432 p2pimsvc - ok
12:45:15.0213 8432 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:45:15.0244 8432 p2psvc - ok
12:45:15.0306 8432 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:45:15.0313 8432 Parport - ok
12:45:15.0356 8432 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:45:15.0411 8432 partmgr - ok
12:45:15.0459 8432 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:45:15.0491 8432 PcaSvc - ok
12:45:15.0541 8432 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:45:15.0584 8432 pci - ok
12:45:15.0597 8432 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:45:15.0604 8432 pciide - ok
12:45:15.0643 8432 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:45:15.0671 8432 pcmcia - ok
12:45:15.0699 8432 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:45:15.0704 8432 pcw - ok
12:45:15.0764 8432 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:45:15.0784 8432 PEAUTH - ok
12:45:15.0864 8432 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:45:15.0872 8432 PerfHost - ok
12:45:16.0037 8432 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:45:16.0163 8432 pla - ok
12:45:16.0273 8432 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:45:16.0327 8432 PlugPlay - ok
12:45:16.0357 8432 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:45:16.0365 8432 PNRPAutoReg - ok
12:45:16.0410 8432 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:45:16.0419 8432 PNRPsvc - ok
12:45:16.0516 8432 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:45:16.0597 8432 PolicyAgent - ok
12:45:16.0645 8432 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:45:16.0653 8432 Power - ok
12:45:16.0778 8432 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:45:16.0848 8432 PptpMiniport - ok
12:45:16.0890 8432 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:45:16.0901 8432 Processor - ok
12:45:16.0968 8432 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:45:17.0019 8432 ProfSvc - ok
12:45:17.0060 8432 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:17.0062 8432 ProtectedStorage - ok
12:45:17.0126 8432 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:45:17.0129 8432 Psched - ok
12:45:17.0163 8432 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:45:17.0214 8432 PxHlpa64 - ok
12:45:17.0367 8432 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:45:17.0466 8432 ql2300 - ok
12:45:17.0607 8432 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:45:17.0613 8432 ql40xx - ok
12:45:17.0661 8432 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:45:17.0692 8432 QWAVE - ok
12:45:17.0714 8432 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:45:17.0728 8432 QWAVEdrv - ok
12:45:17.0745 8432 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:45:17.0753 8432 RasAcd - ok
12:45:17.0788 8432 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:45:17.0794 8432 RasAgileVpn - ok
12:45:17.0828 8432 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:45:17.0837 8432 RasAuto - ok
12:45:17.0887 8432 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:45:17.0947 8432 Rasl2tp - ok
12:45:18.0024 8432 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:45:18.0079 8432 RasMan - ok
12:45:18.0111 8432 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:45:18.0122 8432 RasPppoe - ok
12:45:18.0150 8432 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:45:18.0156 8432 RasSstp - ok
12:45:18.0217 8432 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:45:18.0282 8432 rdbss - ok
12:45:18.0302 8432 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:45:18.0309 8432 rdpbus - ok
12:45:18.0343 8432 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:45:18.0351 8432 RDPCDD - ok
12:45:18.0374 8432 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:45:18.0380 8432 RDPENCDD - ok
12:45:18.0403 8432 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:45:18.0408 8432 RDPREFMP - ok
12:45:18.0494 8432 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:45:18.0609 8432 RDPWD - ok
12:45:18.0703 8432 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:45:18.0769 8432 rdyboost - ok
12:45:18.0928 8432 RegSrvc (0aa473966357c4a41b5eb19649eb6e5e) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:45:18.0943 8432 RegSrvc - ok
12:45:18.0989 8432 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:45:19.0013 8432 RemoteAccess - ok
12:45:19.0044 8432 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:45:19.0057 8432 RemoteRegistry - ok
12:45:19.0133 8432 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:45:19.0150 8432 RFCOMM - ok
12:45:19.0195 8432 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:45:19.0213 8432 RpcEptMapper - ok
12:45:19.0243 8432 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:45:19.0255 8432 RpcLocator - ok
12:45:19.0337 8432 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:45:19.0347 8432 RpcSs - ok
12:45:19.0395 8432 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:45:19.0401 8432 rspndr - ok
12:45:19.0458 8432 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\Windows\system32\Drivers\RtsUStor.sys
12:45:19.0520 8432 RSUSBSTOR - ok
12:45:19.0560 8432 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:45:19.0624 8432 RTL8167 - ok
12:45:19.0661 8432 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:19.0662 8432 SamSs - ok
12:45:19.0703 8432 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:45:19.0767 8432 sbp2port - ok
12:45:19.0812 8432 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:45:19.0826 8432 SCardSvr - ok
12:45:19.0867 8432 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:45:19.0931 8432 scfilter - ok
12:45:20.0045 8432 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:45:20.0146 8432 Schedule - ok
12:45:20.0185 8432 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:45:20.0186 8432 SCPolicySvc - ok
12:45:20.0213 8432 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:45:20.0290 8432 SDRSVC - ok
12:45:20.0348 8432 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:45:20.0358 8432 secdrv - ok
12:45:20.0399 8432 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:45:20.0445 8432 seclogon - ok
12:45:20.0563 8432 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
12:45:20.0579 8432 SENS - ok
12:45:20.0614 8432 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:45:20.0620 8432 SensrSvc - ok
12:45:20.0639 8432 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:45:20.0647 8432 Serenum - ok
12:45:20.0697 8432 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:45:20.0703 8432 Serial - ok
12:45:20.0757 8432 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:45:20.0766 8432 sermouse - ok
12:45:20.0830 8432 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:45:20.0864 8432 SessionEnv - ok
12:45:20.0898 8432 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:45:20.0904 8432 sffdisk - ok
12:45:20.0930 8432 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:45:20.0941 8432 sffp_mmc - ok
12:45:20.0951 8432 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:45:20.0992 8432 sffp_sd - ok
12:45:21.0017 8432 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:45:21.0022 8432 sfloppy - ok
12:45:21.0226 8432 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
12:45:21.0280 8432 SftService - ok
12:45:21.0573 8432 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:45:21.0604 8432 SharedAccess - ok
12:45:21.0669 8432 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:45:21.0751 8432 ShellHWDetection - ok
12:45:21.0830 8432 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:45:21.0843 8432 SiSRaid2 - ok
12:45:21.0869 8432 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:45:21.0876 8432 SiSRaid4 - ok
12:45:21.0989 8432 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
12:45:22.0001 8432 SkypeUpdate - ok
12:45:22.0040 8432 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:45:22.0063 8432 Smb - ok
12:45:22.0098 8432 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:45:22.0106 8432 SNMPTRAP - ok
12:45:22.0123 8432 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:45:22.0130 8432 spldr - ok
12:45:22.0210 8432 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:45:22.0231 8432 Spooler - ok
12:45:22.0530 8432 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:45:22.0622 8432 sppsvc - ok
12:45:22.0765 8432 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:45:22.0778 8432 sppuinotify - ok
12:45:23.0020 8432 SpyHunter 4 Service (8058e740b8e05e0345388715c7b6bc74) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
12:45:23.0062 8432 SpyHunter 4 Service - ok
12:45:23.0178 8432 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:45:23.0324 8432 srv - ok
12:45:23.0384 8432 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:45:23.0434 8432 srv2 - ok
12:45:23.0458 8432 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:45:23.0506 8432 srvnet - ok
12:45:23.0567 8432 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:45:23.0586 8432 SSDPSRV - ok
12:45:23.0612 8432 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:45:23.0625 8432 SstpSvc - ok
12:45:23.0718 8432 STacSV (463e33b1ea7af1e6eb87b66b831db41a) C:\Program Files\IDT\WDM\STacSV64.exe
12:45:23.0733 8432 STacSV - ok
12:45:23.0760 8432 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:45:23.0766 8432 stexstor - ok
12:45:23.0844 8432 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys
12:45:23.0954 8432 STHDA - ok
12:45:24.0047 8432 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:45:24.0118 8432 stisvc - ok
12:45:24.0155 8432 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:45:24.0167 8432 swenum - ok
12:45:24.0238 8432 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:45:24.0273 8432 swprv - ok
12:45:24.0335 8432 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\Windows\system32\DRIVERS\SynTP.sys
12:45:24.0392 8432 SynTP - ok
12:45:24.0558 8432 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:45:24.0625 8432 SysMain - ok
12:45:24.0781 8432 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:45:24.0840 8432 TabletInputService - ok
12:45:24.0910 8432 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:45:24.0956 8432 TapiSrv - ok
12:45:24.0988 8432 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:45:24.0994 8432 TBS - ok
12:45:25.0201 8432 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:45:25.0242 8432 Tcpip - ok
12:45:25.0513 8432 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:45:25.0532 8432 TCPIP6 - ok
12:45:25.0688 8432 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:45:25.0724 8432 tcpipreg - ok
12:45:25.0756 8432 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:45:25.0764 8432 TDPIPE - ok
12:45:25.0796 8432 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:45:25.0870 8432 TDTCP - ok
12:45:25.0932 8432 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:45:25.0993 8432 tdx - ok
12:45:26.0037 8432 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:45:26.0089 8432 TermDD - ok
12:45:26.0185 8432 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:45:26.0266 8432 TermService - ok
12:45:26.0307 8432 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:45:26.0316 8432 Themes - ok
12:45:26.0356 8432 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:45:26.0357 8432 THREADORDER - ok
12:45:26.0398 8432 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:45:26.0416 8432 TrkWks - ok
12:45:26.0485 8432 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:45:26.0589 8432 TrustedInstaller - ok
12:45:26.0633 8432 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:45:26.0714 8432 tssecsrv - ok
12:45:26.0769 8432 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:45:26.0829 8432 TsUsbFlt - ok
12:45:26.0932 8432 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:45:27.0004 8432 tunnel - ok
12:45:27.0034 8432 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:45:27.0041 8432 uagp35 - ok
12:45:27.0093 8432 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:45:27.0142 8432 udfs - ok
12:45:27.0176 8432 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:45:27.0195 8432 UI0Detect - ok
12:45:27.0258 8432 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:45:27.0269 8432 uliagpkx - ok
12:45:27.0331 8432 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:45:27.0381 8432 umbus - ok
12:45:27.0403 8432 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:45:27.0408 8432 UmPass - ok
12:45:27.0667 8432 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:45:27.0725 8432 UNS - ok
12:45:27.0882 8432 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:45:27.0915 8432 upnphost - ok
12:45:28.0008 8432 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
12:45:28.0050 8432 USBAAPL64 - ok
12:45:28.0109 8432 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:45:28.0157 8432 usbaudio - ok
12:45:28.0199 8432 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:45:28.0257 8432 usbccgp - ok
12:45:28.0285 8432 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:45:28.0293 8432 usbcir - ok
12:45:28.0348 8432 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
12:45:28.0406 8432 usbehci - ok
12:45:28.0469 8432 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:45:28.0551 8432 usbhub - ok
12:45:28.0589 8432 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:45:28.0641 8432 usbohci - ok
12:45:28.0676 8432 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:45:28.0685 8432 usbprint - ok
12:45:28.0739 8432 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:45:28.0790 8432 USBSTOR - ok
12:45:28.0831 8432 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:45:28.0891 8432 usbuhci - ok
12:45:28.0961 8432 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:45:29.0025 8432 usbvideo - ok
12:45:29.0052 8432 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:45:29.0058 8432 UxSms - ok
12:45:29.0105 8432 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:29.0109 8432 VaultSvc - ok
12:45:29.0173 8432 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:45:29.0187 8432 vdrvroot - ok
12:45:29.0274 8432 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:45:29.0335 8432 vds - ok
12:45:29.0369 8432 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:45:29.0379 8432 vga - ok
12:45:29.0400 8432 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:45:29.0406 8432 VgaSave - ok
12:45:29.0460 8432 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:45:29.0507 8432 vhdmp - ok
12:45:29.0544 8432 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:45:29.0551 8432 viaide - ok
12:45:29.0585 8432 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:45:29.0625 8432 volmgr - ok
12:45:29.0693 8432 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:45:29.0771 8432 volmgrx - ok
12:45:29.0825 8432 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:45:29.0897 8432 volsnap - ok
12:45:29.0951 8432 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:45:29.0968 8432 vsmraid - ok
12:45:30.0133 8432 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:45:30.0305 8432 VSS - ok
12:45:30.0433 8432 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
12:45:30.0459 8432 vToolbarUpdater10.2.0 - ok
12:45:30.0618 8432 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:45:30.0628 8432 vwifibus - ok
12:45:30.0647 8432 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:45:30.0658 8432 vwififlt - ok
12:45:30.0669 8432 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:45:30.0671 8432 vwifimp - ok
12:45:30.0721 8432 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:45:30.0751 8432 W32Time - ok
12:45:30.0773 8432 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:45:30.0780 8432 WacomPen - ok
12:45:30.0840 8432 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:45:30.0877 8432 WANARP - ok
12:45:30.0881 8432 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:45:30.0883 8432 Wanarpv6 - ok
12:45:31.0057 8432 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:45:31.0141 8432 WatAdminSvc - ok
12:45:31.0312 8432 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:45:31.0428 8432 wbengine - ok
12:45:31.0581 8432 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:45:31.0605 8432 WbioSrvc - ok
12:45:31.0703 8432 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:45:31.0775 8432 wcncsvc - ok
12:45:31.0806 8432 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:45:31.0812 8432 WcsPlugInService - ok
12:45:31.0887 8432 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:45:31.0897 8432 Wd - ok
12:45:31.0960 8432 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:45:32.0021 8432 Wdf01000 - ok
12:45:32.0060 8432 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:45:32.0070 8432 WdiServiceHost - ok
12:45:32.0076 8432 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:45:32.0079 8432 WdiSystemHost - ok
12:45:32.0133 8432 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:45:32.0177 8432 WebClient - ok
12:45:32.0204 8432 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:45:32.0236 8432 Wecsvc - ok
12:45:32.0278 8432 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:45:32.0282 8432 wercplsupport - ok
12:45:32.0296 8432 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:45:32.0299 8432 WerSvc - ok
12:45:32.0380 8432 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:45:32.0391 8432 WfpLwf - ok
12:45:32.0432 8432 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
12:45:32.0529 8432 WimFltr - ok
12:45:32.0554 8432 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:45:32.0558 8432 WIMMount - ok
12:45:32.0588 8432 WinDefend - ok
12:45:32.0598 8432 WinHttpAutoProxySvc - ok
12:45:32.0696 8432 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:45:32.0723 8432 Winmgmt - ok
12:45:32.0904 8432 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:45:33.0021 8432 WinRM - ok
12:45:33.0176 8432 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:45:33.0234 8432 WinUsb - ok
12:45:33.0329 8432 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:45:33.0345 8432 Wlansvc - ok
12:45:33.0424 8432 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:45:33.0477 8432 wlcrasvc - ok
12:45:33.0711 8432 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:45:33.0771 8432 wlidsvc - ok
12:45:33.0946 8432 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:45:33.0949 8432 WmiAcpi - ok
12:45:34.0022 8432 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:45:34.0041 8432 wmiApSrv - ok
12:45:34.0079 8432 WMPNetworkSvc - ok
12:45:34.0123 8432 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:45:34.0130 8432 WPCSvc - ok
12:45:34.0185 8432 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:45:34.0234 8432 WPDBusEnum - ok
12:45:34.0261 8432 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:45:34.0267 8432 ws2ifsl - ok
12:45:34.0294 8432 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
12:45:34.0298 8432 wscsvc - ok
12:45:34.0306 8432 WSearch - ok
12:45:34.0514 8432 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:45:34.0586 8432 wuauserv - ok
12:45:34.0742 8432 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:45:34.0795 8432 WudfPf - ok
12:45:34.0861 8432 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:45:34.0903 8432 WUDFRd - ok
12:45:34.0937 8432 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:45:34.0969 8432 wudfsvc - ok
12:45:35.0019 8432 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:45:35.0046 8432 WwanSvc - ok
12:45:35.0106 8432 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
12:45:35.0136 8432 yukonw7 - ok
12:45:35.0237 8432 MBR (0x1B8) (c3220eb08add62e3ed9f72a1f4e4b1bb) \Device\Harddisk0\DR0
12:45:35.0280 8432 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
12:45:35.0280 8432 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
12:45:35.0286 8432 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
12:45:40.0727 8432 \Device\Harddisk1\DR1 - ok
12:45:40.0751 8432 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
12:45:40.0753 8432 \Device\Harddisk0\DR0\Partition0 - ok
12:45:40.0777 8432 Boot (0x1200) (efa03fb530a74c69b515d7e6f2677ada) \Device\Harddisk0\DR0\Partition1
12:45:40.0779 8432 \Device\Harddisk0\DR0\Partition1 - ok
12:45:40.0784 8432 Boot (0x1200) (3b2cbdcee422bd95123e90223f72e734) \Device\Harddisk1\DR1\Partition0
12:45:40.0786 8432 \Device\Harddisk1\DR1\Partition0 - ok
12:45:40.0787 8432 ============================================================
12:45:40.0787 8432 Scan finished
12:45:40.0787 8432 ============================================================
12:45:40.0801 2096 Detected object count: 1
12:45:40.0801 2096 Actual detected object count: 1
12:46:50.0624 2096 \Device\Harddisk0\DR0\# - copied to quarantine
12:46:50.0625 2096 \Device\Harddisk0\DR0 - copied to quarantine
12:46:50.0731 2096 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
12:46:50.0735 2096 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
12:46:50.0739 2096 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
12:46:50.0743 2096 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
12:46:50.0747 2096 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
12:46:50.0753 2096 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
12:46:50.0757 2096 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
12:46:50.0760 2096 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
12:46:50.0762 2096 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
12:46:50.0811 2096 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
12:46:50.0825 2096 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
12:46:50.0834 2096 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
12:46:50.0845 2096 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
12:46:50.0853 2096 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
12:46:50.0865 2096 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
12:46:50.0876 2096 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
12:46:50.0880 2096 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
12:46:50.0900 2096 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
12:46:50.0914 2096 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
12:46:50.0921 2096 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
12:46:50.0998 2096 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
12:46:51.0020 2096 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
12:46:51.0024 2096 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
12:46:51.0200 2096 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
12:46:51.0203 2096 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
12:46:51.0211 2096 \Device\Harddisk0\DR0 - ok
12:46:51.0449 2096 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
12:47:42.0707 10184 Deinitialize success

jcarp

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2012-05-20
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Major virus Trojan Horse Generic27.BTAL

Post by Superdave on Tue 22 May 2012, 10:03 am

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Major virus Trojan Horse Generic27.BTAL

Post by jcarp on Tue 22 May 2012, 10:08 am

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-21 13:01:41
-----------------------------
13:01:41.771 OS Version: Windows x64 6.1.7601 Service Pack 1
13:01:41.771 Number of processors: 4 586 0x2505
13:01:41.773 ComputerName: JOESLAPTOP UserName: Joe
13:01:44.871 Initialize success
13:02:10.932 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:02:10.934 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
13:02:10.951 Disk 0 MBR read successfully
13:02:10.953 Disk 0 MBR scan
13:02:10.956 Disk 0 Windows 7 default MBR code
13:02:10.963 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
13:02:10.975 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
13:02:10.990 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461829 MB offset 30926848
13:02:11.004 Disk 0 scanning C:\Windows\system32\drivers
13:02:31.081 Service scanning
13:03:50.132 Modules scanning
13:03:50.141 Disk 0 trace - called modules:
13:03:50.158 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:03:50.162 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c3e060]
13:03:50.495 3 CLASSPNP.SYS[fffff88001a6c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800498a050]
13:03:50.501 Scan finished successfully
13:05:24.800 Verifying
13:05:34.823 Disk 0 Windows 601 MBR fixed successfully
13:05:44.254 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Downloads\MBR.dat"
13:05:44.258 The log file has been saved successfully to "C:\Users\Joe\Downloads\aswMBRlog.txt"



jcarp

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2012-05-20
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Major virus Trojan Horse Generic27.BTAL

Post by jcarp on Tue 22 May 2012, 10:11 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron N5010
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 181):
0x03405000 \SystemRoot\system32\ntoskrnl.exe
0x039ED000 \SystemRoot\system32\hal.dll
0x00BA9000 \SystemRoot\system32\kdcom.dll
0x00C18000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C67000 \SystemRoot\system32\PSHED.dll
0x00C7B000 \SystemRoot\system32\CLFS.SYS
0x00CD9000 \SystemRoot\system32\CI.dll
0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EB3000 \SystemRoot\system32\drivers\ACPI.sys
0x00F0A000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F13000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F1D000 \SystemRoot\system32\drivers\pci.sys
0x00F50000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F5D000 \SystemRoot\System32\drivers\partmgr.sys
0x00F72000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00F7B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F87000 \SystemRoot\system32\drivers\volmgr.sys
0x00F9C000 \SystemRoot\System32\drivers\volmgrx.sys
0x00D99000 \SystemRoot\System32\drivers\mountmgr.sys
0x01013000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0121D000 \SystemRoot\system32\drivers\atapi.sys
0x01226000 \SystemRoot\system32\drivers\ataport.SYS
0x01250000 \SystemRoot\system32\drivers\msahci.sys
0x0125B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x0126B000 \SystemRoot\system32\drivers\amdxata.sys
0x01276000 \SystemRoot\system32\drivers\fltmgr.sys
0x012C2000 \SystemRoot\system32\drivers\fileinfo.sys
0x012D6000 \SystemRoot\system32\drivers\mfehidk.sys
0x01355000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01428000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01362000 \SystemRoot\System32\Drivers\msrpc.sys
0x015CB000 \SystemRoot\System32\Drivers\ksecdd.sys
0x016AF000 \SystemRoot\System32\Drivers\cng.sys
0x01721000 \SystemRoot\System32\drivers\pcw.sys
0x01732000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01865000 \SystemRoot\system32\drivers\ndis.sys
0x01958000 \SystemRoot\system32\drivers\NETIO.SYS
0x019B8000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01AC3000 \SystemRoot\System32\drivers\tcpip.sys
0x01CC6000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01D10000 \SystemRoot\system32\drivers\mfewfpk.sys
0x01D54000 \SystemRoot\system32\drivers\TDI.SYS
0x01D61000 \SystemRoot\system32\drivers\volsnap.sys
0x01DAD000 \SystemRoot\System32\Drivers\spldr.sys
0x01DB5000 \SystemRoot\System32\drivers\rdyboost.sys
0x01A00000 \SystemRoot\System32\Drivers\mup.sys
0x01A12000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01A1B000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01A55000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A6B000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01A9B000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x01AA7000 \SystemRoot\system32\DRIVERS\avgidsha.sys
0x044FA000 \SystemRoot\system32\drivers\cdrom.sys
0x04524000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x04534000 \SystemRoot\System32\Drivers\Null.SYS
0x0453D000 \SystemRoot\System32\Drivers\Beep.SYS
0x04544000 \SystemRoot\System32\drivers\vga.sys
0x04552000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04577000 \SystemRoot\System32\drivers\watchdog.sys
0x04587000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04590000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04599000 \SystemRoot\system32\drivers\rdprefmp.sys
0x045A2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x045AD000 \SystemRoot\System32\Drivers\Npfs.SYS
0x045BE000 \SystemRoot\system32\DRIVERS\avgfwd6a.sys
0x045CD000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04200000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x04261000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0173C000 \SystemRoot\system32\drivers\afd.sys
0x042A6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x042AF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x019E3000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x045EF000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x01DEF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01800000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0181B000 \SystemRoot\system32\drivers\termdd.sys
0x01600000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0182F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0183B000 \SystemRoot\system32\drivers\mssmbios.sys
0x01846000 \SystemRoot\System32\drivers\discache.sys
0x01651000 \SystemRoot\System32\Drivers\dfsc.sys
0x0166F000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x00DB3000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x01680000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04C6E000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x0568D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05781000 \SystemRoot\System32\drivers\dxgmms1.sys
0x057C7000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x057D8000 \SystemRoot\system32\drivers\usbehci.sys
0x04C00000 \SystemRoot\system32\drivers\USBPORT.SYS
0x017C5000 \SystemRoot\system32\drivers\HDAudBus.sys
0x05A24000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x06184000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x061E2000 \SystemRoot\system32\drivers\i8042prt.sys
0x0305C000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x030AB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x030AD000 \SystemRoot\system32\drivers\mouclass.sys
0x030BC000 \SystemRoot\system32\drivers\kbdclass.sys
0x030CB000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x030D8000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x030FF000 \SystemRoot\system32\drivers\wmiacpi.sys
0x03108000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0310D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03123000 \SystemRoot\system32\drivers\CompositeBus.sys
0x03133000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03149000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0316D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03179000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x031A8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x031C3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x031E4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x031FE000 \SystemRoot\system32\drivers\swenum.sys
0x03000000 \SystemRoot\system32\drivers\ks.sys
0x03043000 \SystemRoot\system32\drivers\umbus.sys
0x048B2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0490C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04921000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x049A3000 \SystemRoot\system32\DRIVERS\portcls.sys
0x04800000 \SystemRoot\system32\DRIVERS\drmk.sys
0x04822000 \SystemRoot\system32\drivers\ksthunk.sys
0x04828000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x04873000 \SystemRoot\system32\drivers\mfeavfk.sys
0x07E4B000 \SystemRoot\system32\drivers\mfefirek.sys
0x07EB5000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x07ED2000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x07EED000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07F0A000 \SystemRoot\System32\Drivers\usbvideo.sys
0x07F38000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
0x07F63000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x07F71000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x07F8A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x07F93000 \SystemRoot\system32\drivers\kbdhid.sys
0x07FA1000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x07FAE000 \SystemRoot\System32\Drivers\fastfat.SYS
0x07FE4000 \SystemRoot\System32\Drivers\crashdmp.sys
0x042D5000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x07E00000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x07E13000 \SystemRoot\System32\drivers\Dxapi.sys
0x07E1F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00580000 \SystemRoot\System32\TSDDD.dll
0x00790000 \SystemRoot\System32\cdd.dll
0x05A00000 \SystemRoot\system32\drivers\luafv.sys
0x06191000 \SystemRoot\system32\drivers\WudfPf.sys
0x07E2D000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0283C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0288F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x028A2000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x028BA000 \SystemRoot\system32\drivers\HTTP.sys
0x02983000 \SystemRoot\system32\DRIVERS\bowser.sys
0x029A1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x029B9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02C74000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02CC2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02CE6000 \SystemRoot\system32\DRIVERS\avgidsfiltera.sys
0x02CF1000 \SystemRoot\system32\drivers\peauth.sys
0x02D97000 \SystemRoot\System32\Drivers\secdrv.SYS
0x02DA2000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x02DD3000 \SystemRoot\System32\drivers\tcpipreg.sys
0x02C00000 \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
0x02C2C000 \SystemRoot\system32\drivers\btusbflt.sys
0x02C3C000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x04AEB000 \SystemRoot\System32\Drivers\bthport.sys
0x04B77000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x04BA3000 \SystemRoot\system32\drivers\BthEnum.sys
0x04BB3000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x04A00000 \SystemRoot\system32\DRIVERS\btwavdt.sys
0x066B9000 \SystemRoot\system32\drivers\btwaudio.sys
0x0673F000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x0674B000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x0674F000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x06759000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06600000 \SystemRoot\System32\DRIVERS\srv.sys
0x06698000 \SystemRoot\system32\drivers\cfwids.sys
0x067C2000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x04A7B000 \SystemRoot\system32\drivers\mfeapfk.sys
0x066A6000 \??\C:\Users\Joe\AppData\Local\Temp\aswMBR.sys
0x77920000 \Windows\System32\ntdll.dll
0x47F60000 \Windows\System32\smss.exe
0xFFC40000 \Windows\System32\apisetschema.dll

Processes (total 110):
0 System Idle Process
4 System
348 C:\Windows\System32\smss.exe
504 C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
584 csrss.exe
632 C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
908 csrss.exe
920 C:\Windows\System32\wininit.exe
976 C:\Windows\System32\services.exe
1004 C:\Windows\System32\winlogon.exe
128 C:\Windows\System32\lsass.exe
232 C:\Windows\System32\lsm.exe
568 C:\Windows\System32\svchost.exe
912 C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
120 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1236 C:\Program Files\IDT\WDM\stacsv64.exe
1300 C:\Windows\System32\audiodg.exe
1376 C:\Windows\System32\svchost.exe
1468 C:\Windows\System32\svchost.exe
1572 C:\Windows\System32\wlanext.exe
1596 C:\Windows\System32\conhost.exe
1680 C:\Windows\System32\spoolsv.exe
1724 C:\Windows\System32\svchost.exe
1824 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1848 C:\Program Files\IDT\WDM\AESTSr64.exe
1880 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1920 C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
1968 C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
1996 C:\Program Files\Bonjour\mDNSResponder.exe
2036 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1460 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1152 C:\Windows\System32\mfevtps.exe
2084 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2148 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
2224 C:\Windows\System32\svchost.exe
2288 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
2324 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2408 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2516 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2656 C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
2776 C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
2888 C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
2928 C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
3032 C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
3116 C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
3148 unsecapp.exe
3380 WmiPrvSE.exe
3956 WUDFHost.exe
4048 C:\Windows\System32\svchost.exe
2716 C:\Windows\System32\svchost.exe
3944 C:\Windows\System32\taskeng.exe
4136 C:\Windows\System32\taskhost.exe
4228 C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
4236 C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
4244 C:\Windows\System32\dwm.exe
4268 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
4280 C:\Windows\explorer.exe
4712 C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
4808 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
5196 C:\Windows\System32\igfxtray.exe
5216 C:\Windows\System32\hkcmd.exe
5236 C:\Windows\System32\igfxpers.exe
5244 C:\Program Files\IDT\WDM\sttray64.exe
5368 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
5532 C:\Program Files\Dell\QuickSet\quickset.exe
5656 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
6000 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
6112 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
1584 C:\Windows\System32\SearchIndexer.exe
2208 C:\Program Files\Windows Media Player\wmpnetwk.exe
6284 C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
6380 C:\Windows\System32\svchost.exe
6444 C:\Windows\System32\wbem\unsecapp.exe
5628 C:\Program Files (x86)\ooVoo\ooVoo.exe
5380 C:\Program Files\Windows Sidebar\sidebar.exe
5792 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
5956 C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
6556 C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
2584 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
6832 C:\Windows\System32\conhost.exe
1940 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
6552 C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
7036 C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
3964 C:\Program Files\mcafee.com\agent\mcagent.exe
7112 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
6232 C:\Program Files (x86)\iTunes\iTunesHelper.exe
7248 C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
7272 C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
7280 C:\Program Files (x86)\AVG Secure Search\vprot.exe
7328 C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
7356 C:\Program Files\iPod\bin\iPodService.exe
4516 C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
5640 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
4732 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3288 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
7192 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
8688 C:\Windows\System32\wuauclt.exe
6480 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
6456 C:\Windows\System32\taskeng.exe
7200 C:\Windows\System32\SearchProtocolHost.exe
6784 C:\Windows\System32\SearchFilterHost.exe
8036
8516 C:\Program Files (x86)\Real\RealPlayer\realplay.exe
2600 dllhost.exe
6980 dllhost.exe
8352 C:\Users\Joe\Downloads\MBRCheck(1).exe
7256 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`afd00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000BEVT-75A0RT0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

jcarp

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2012-05-20
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Major virus Trojan Horse Generic27.BTAL

Post by Superdave on Tue 22 May 2012, 10:34 am

Ok. We have the MBR fixed. Let's see what's left over.

Re-run MBAM:

Code:
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply..
*******************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
**************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Major virus Trojan Horse Generic27.BTAL

Post by jcarp on Tue 22 May 2012, 1:35 pm

Malwarebytes Anti-Malware 1.61.0.1400
[You must be registered and logged in to see this link.]

Database version: v2012.05.21.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Joe :: JOESLAPTOP [administrator]

5/21/2012 4:25:25 PM
mbam-log-2012-05-21 (16-25-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212330
Time elapsed: 9 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

jcarp

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2012-05-20
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Major virus Trojan Horse Generic27.BTAL

Post by jcarp on Tue 22 May 2012, 2:12 pm

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 05/21/2012 at 05:04 PM

Application Version : 5.0.1150

Core Rules Database Version : 8629
Trace Rules Database Version: 6441

Scan type : Quick Scan
Total Scan Time : 00:06:39

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 674
Memory threats detected : 0
Registry items scanned : 54780
Registry threats detected : 0
File items scanned : 11434
File threats detected : 221

Adware.Tracking Cookie
.clickbank.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
[You must be registered and logged in to see this link.] [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
[You must be registered and logged in to see this link.] [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.intporn.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.intporn.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.intporn.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.avgtechnologies.112.2o7.net [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
server.iad.liveperson.net [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.tripod.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.tripod.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.twctsg.122.2o7.net [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
click.get-answers-fast.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.gotgayporn.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.gotgayporn.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.gotgayporn.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
[You must be registered and logged in to see this link.] [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.teenboyswank.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.teenboyswank.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.teenboyswank.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.tripod.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.tripod.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.tripod.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
[You must be registered and logged in to see this link.] [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.care2.112.2o7.net [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X4YDV68Z.DEFAULT\COOKIES.SQLITE ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\2JPIOIBL.txt [ /nextag.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\TBO90LHL.txt [ /advertising.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\DDVT7T1J.txt [ /eyeviewads.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\MIIG5RKQ.txt [ /mediaforge.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\444BPR4M.txt [ /ad.yieldmanager.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\AUFYW8MW.txt [ /tacoda.at.atwola.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\3E8HVPYW.txt [ /click.expandsearchanswers.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\9ZAFC3TQ.txt [ /collective-media.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\CL77P2SG.txt [ /ad.wsod.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\BZMO23W9.txt [ /at.atwola.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\GVHE3YLY.txt [ /www.burstnet.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\IU66DA13.txt [ /server.cpmstar.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Y5YRSVH3.txt [ /www.networkadvertising.org ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\4WBZUF1H.txt [ /yellowpages.112.2o7.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\SZ68NIX7.txt [ /gsimedia.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\EQT743BZ.txt [ /insightexpressai.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\UMV241YB.txt [ /c.atdmt.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\B65W62G4.txt [ /statcounter.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\MHM1D2FK.txt [ /ads.financialcontent.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\N0WGMG8T.txt [ /crackle.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\6NCD00C5.txt [ /apmebf.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\IKRR80RT.txt [ /liveperson.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\7KZI3BVT.txt [ /imrworldwide.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\V3NXCAES.txt [ /intermundomedia.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\SBFB9Q62.txt [ /pro-market.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\KE3MSVPR.txt [ /trafficmp.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\PV59QGOX.txt [ /statse.webtrendslive.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\SJCWVVM1.txt [ /rotator.adjuggler.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\S873X5JX.txt [ /specificclick.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\E6MXD0BA.txt [ /interclick.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\CSPG8140.txt [ /1sadx.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\INM0TGYN.txt [ /traveladvertising.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\DTL68LDT.txt [ /click.scour.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\5AOAKGCH.txt [ /ads.intergi.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\7UC5ZWQ6.txt [ /ad.360yield.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\X8XDL0AQ.txt [ /doubleclick.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\W3G3HIZ9.txt [ /mediaplex.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\GB6883VU.txt [ /clickbank.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\H55H7F4I.txt [ /media6degrees.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\K2S22D3Q.txt [ /adserver.adtechus.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\RER2YXE2.txt [ /247realmedia.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\A6YQUV33.txt [ /legolas-media.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\5E5HIXGY.txt [ /serving-sys.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\8UREI6VH.txt [ /mediadecoder.blogs.nytimes.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\IZ3POS7U.txt [ /adbrite.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\6TM1SVNR.txt [ /revsci.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\VQB7MY5W.txt [ /adfarm1.adition.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\AEK6P8XI.txt [ /help.adbrite.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\8ZXZUOAA.txt [ /clickbank.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\BM3DILZW.txt [ /lfstmedia.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\O19YG62R.txt [ /dealtime.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\HE2T3CK3.txt [ /bs.serving-sys.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Q0RT7DXK.txt [ /kontera.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\VN4RZNGM.txt [ /microsoftwindowsmobile.122.2o7.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\3FXQG5LY.txt [ /mediaservices-d.openxenterprise.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\PSSWB44F.txt [ /media.adfrontiers.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\UG1234YI.txt [ /yieldmanager.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\4A9MG503.txt [ /liveperson.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Z9Y4LF2U.txt [ /atwola.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\XBPWDNAJ.txt [ /clickfuse.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\KPCEEM9O.txt [ /atdmt.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\5VI4T5RL.txt [ /pointroll.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\N5K7WTZC.txt [ /ads.pubmatic.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\GTXF0R7B.txt [ /realmedia.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\PIKG8COZ.txt [ /accounts.google.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\QJIT5XWC.txt [ /tribalfusion.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\ITND3KH5.txt [ /invitemedia.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\XL6FL0S6.txt [ /ru4.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\WMPAEPOX.txt [ /zedo.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\PA9EALWI.txt [ /www.crackle.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\AW171N1X.txt [ /ads.pointroll.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\K1R2AAYW.txt [ /indieclick.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\1CW8IJAS.txt [ /fastclick.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\YBBY3077.txt [ /questionmarket.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\FMC6A54L.txt [ /ads.undertone.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\EL16PFE2.txt [ /casalemedia.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\RXIJRC6F.txt [ /lucidmedia.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\6IMNAAH1.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\IFGOB2Q0.txt [ /www.adbrite.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\VDDTTU9U.txt [ /adxpose.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\YGMQZA40.txt [ /ar.atwola.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\CO1OBKGN.txt [ /technoratimedia.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\LJW83PN3.txt [ /pulse-analytics-beacon.reutersmedia.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\QRP5C242.txt [ /burstnet.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\H8G55QWW.txt [ /server.iad.liveperson.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\TYMBB9IQ.txt [ /traffic.prod.cobaltgroup.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\2J8OLJLC.txt [ /2o7.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\SCHNVJLX.txt [ /jpmcedufin.112.2o7.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Z8BS2AW8.txt [ /counter.surfcounters.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\RODK3NF8.txt [ /123findacar.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\XYR1W16U.txt [ /kanoodle.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\P3T2XFHF.txt [ /a1.interclick.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\D4GO5I8T.txt [ /solvemedia.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\NQQY6UY0.txt [ /optimize.indieclick.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Z3GIYTVP.txt [ /fidelity.rotator.hadj7.adjuggler.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\LSM12OAA.txt [ /www.bizrate.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\9VQKDMNZ.txt [ /dc.tremormedia.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\EN6R6TUC.txt [ /media2.legacy.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\2FEI4O4Z.txt [ /bizrate.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\C9B07PMG.txt [ /stat.dealtime.com ]
C:\USERS\JOE\Cookies\2JPIOIBL.txt [ Cookie:joe@nextag.com/ ]
C:\USERS\JOE\Cookies\TBO90LHL.txt [ Cookie:joe@advertising.com/ ]
C:\USERS\JOE\Cookies\MIIG5RKQ.txt [ Cookie:joe@mediaforge.com/ ]
C:\USERS\JOE\Cookies\444BPR4M.txt [ Cookie:joe@ad.yieldmanager.com/ ]
C:\USERS\JOE\Cookies\AUFYW8MW.txt [ Cookie:joe@tacoda.at.atwola.com/ ]
C:\USERS\JOE\Cookies\3E8HVPYW.txt [ Cookie:joe@click.expandsearchanswers.com/ads-clicktrack/click/ ]
C:\USERS\JOE\Cookies\9ZAFC3TQ.txt [ Cookie:joe@collective-media.net/ ]
C:\USERS\JOE\Cookies\BZMO23W9.txt [ Cookie:joe@at.atwola.com/ ]
C:\USERS\JOE\Cookies\GVHE3YLY.txt [ Cookie:joe@[You must be registered and logged in to see this link.] ]
C:\USERS\JOE\Cookies\IU66DA13.txt [ Cookie:joe@server.cpmstar.com/ ]
C:\USERS\JOE\Cookies\Y5YRSVH3.txt [ Cookie:joe@[You must be registered and logged in to see this link.] ]
C:\USERS\JOE\Cookies\4WBZUF1H.txt [ Cookie:joe@yellowpages.112.2o7.net/ ]
C:\USERS\JOE\Cookies\SZ68NIX7.txt [ Cookie:joe@gsimedia.net/ ]
C:\USERS\JOE\Cookies\UMV241YB.txt [ Cookie:joe@c.atdmt.com/ ]
C:\USERS\JOE\Cookies\B65W62G4.txt [ Cookie:joe@statcounter.com/ ]
C:\USERS\JOE\Cookies\6NCD00C5.txt [ Cookie:joe@apmebf.com/ ]
C:\USERS\JOE\Cookies\7KZI3BVT.txt [ Cookie:joe@imrworldwide.com/cgi-bin ]
C:\USERS\JOE\Cookies\V3NXCAES.txt [ Cookie:joe@intermundomedia.com/ ]
C:\USERS\JOE\Cookies\SBFB9Q62.txt [ Cookie:joe@pro-market.net/ ]
C:\USERS\JOE\Cookies\KE3MSVPR.txt [ Cookie:joe@trafficmp.com/ ]
C:\USERS\JOE\Cookies\SJCWVVM1.txt [ Cookie:joe@rotator.adjuggler.com/ ]
C:\USERS\JOE\Cookies\E6MXD0BA.txt [ Cookie:joe@interclick.com/ ]
C:\USERS\JOE\Cookies\CSPG8140.txt [ Cookie:joe@1sadx.net/ ]
C:\USERS\JOE\Cookies\INM0TGYN.txt [ Cookie:joe@traveladvertising.com/ ]
C:\USERS\JOE\Cookies\DTL68LDT.txt [ Cookie:joe@click.scour.com/ads-clicktrack/click/ ]
C:\USERS\JOE\Cookies\X8XDL0AQ.txt [ Cookie:joe@doubleclick.net/ ]
C:\USERS\JOE\Cookies\W3G3HIZ9.txt [ Cookie:joe@mediaplex.com/ ]
C:\USERS\JOE\Cookies\H55H7F4I.txt [ Cookie:joe@media6degrees.com/ ]
C:\USERS\JOE\Cookies\K2S22D3Q.txt [ Cookie:joe@adserver.adtechus.com/ ]
C:\USERS\JOE\Cookies\RER2YXE2.txt [ Cookie:joe@247realmedia.com/ ]
C:\USERS\JOE\Cookies\IZ3POS7U.txt [ Cookie:joe@adbrite.com/ ]
C:\USERS\JOE\Cookies\6TM1SVNR.txt [ Cookie:joe@revsci.net/ ]
C:\USERS\JOE\Cookies\VQB7MY5W.txt [ Cookie:joe@adfarm1.adition.com/ ]
C:\USERS\JOE\Cookies\AEK6P8XI.txt [ Cookie:joe@help.adbrite.com/ ]
C:\USERS\JOE\Cookies\BM3DILZW.txt [ Cookie:joe@lfstmedia.com/ ]
C:\USERS\JOE\Cookies\O19YG62R.txt [ Cookie:joe@dealtime.com/ ]
C:\USERS\JOE\Cookies\3FXQG5LY.txt [ Cookie:joe@mediaservices-d.openxenterprise.com/ ]
C:\USERS\JOE\Cookies\PSSWB44F.txt [ Cookie:joe@media.adfrontiers.com/ ]
C:\USERS\JOE\Cookies\UG1234YI.txt [ Cookie:joe@yieldmanager.net/ ]
C:\USERS\JOE\Cookies\Z9Y4LF2U.txt [ Cookie:joe@atwola.com/ ]
C:\USERS\JOE\Cookies\XBPWDNAJ.txt [ Cookie:joe@clickfuse.com/ ]
C:\USERS\JOE\Cookies\KPCEEM9O.txt [ Cookie:joe@atdmt.com/ ]
C:\USERS\JOE\Cookies\5VI4T5RL.txt [ Cookie:joe@pointroll.com/ ]
C:\USERS\JOE\Cookies\GTXF0R7B.txt [ Cookie:joe@realmedia.com/ ]
C:\USERS\JOE\Cookies\PIKG8COZ.txt [ Cookie:joe@accounts.google.com/ ]
C:\USERS\JOE\Cookies\QJIT5XWC.txt [ Cookie:joe@tribalfusion.com/ ]
C:\USERS\JOE\Cookies\ITND3KH5.txt [ Cookie:joe@invitemedia.com/ ]
C:\USERS\JOE\Cookies\XL6FL0S6.txt [ Cookie:joe@ru4.com/ ]
C:\USERS\JOE\Cookies\PA9EALWI.txt [ Cookie:joe@[You must be registered and logged in to see this link.] ]
C:\USERS\JOE\Cookies\K1R2AAYW.txt [ Cookie:joe@indieclick.com/ ]
C:\USERS\JOE\Cookies\1CW8IJAS.txt [ Cookie:joe@fastclick.net/ ]
C:\USERS\JOE\Cookies\YBBY3077.txt [ Cookie:joe@questionmarket.com/ ]
C:\USERS\JOE\Cookies\EL16PFE2.txt [ Cookie:joe@casalemedia.com/ ]
C:\USERS\JOE\Cookies\RXIJRC6F.txt [ Cookie:joe@lucidmedia.com/ ]
C:\USERS\JOE\Cookies\IFGOB2Q0.txt [ Cookie:joe@[You must be registered and logged in to see this link.] ]
C:\USERS\JOE\Cookies\VDDTTU9U.txt [ Cookie:joe@adxpose.com/ ]
C:\USERS\JOE\Cookies\YGMQZA40.txt [ Cookie:joe@ar.atwola.com/ ]
C:\USERS\JOE\Cookies\CO1OBKGN.txt [ Cookie:joe@technoratimedia.com/ ]
C:\USERS\JOE\Cookies\LJW83PN3.txt [ Cookie:joe@pulse-analytics-beacon.reutersmedia.net/ ]
C:\USERS\JOE\Cookies\QRP5C242.txt [ Cookie:joe@burstnet.com/ ]
C:\USERS\JOE\Cookies\TYMBB9IQ.txt [ Cookie:joe@traffic.prod.cobaltgroup.com/ ]
C:\USERS\JOE\Cookies\2J8OLJLC.txt [ Cookie:joe@2o7.net/ ]
C:\USERS\JOE\Cookies\SCHNVJLX.txt [ Cookie:joe@jpmcedufin.112.2o7.net/ ]
C:\USERS\JOE\Cookies\Z8BS2AW8.txt [ Cookie:joe@counter.surfcounters.com/ ]
C:\USERS\JOE\Cookies\RODK3NF8.txt [ Cookie:joe@123findacar.com/ ]
C:\USERS\JOE\Cookies\XYR1W16U.txt [ Cookie:joe@kanoodle.com/ ]
C:\USERS\JOE\Cookies\P3T2XFHF.txt [ Cookie:joe@a1.interclick.com/ ]
C:\USERS\JOE\Cookies\NQQY6UY0.txt [ Cookie:joe@optimize.indieclick.com/ ]
C:\USERS\JOE\Cookies\Z3GIYTVP.txt [ Cookie:joe@fidelity.rotator.hadj7.adjuggler.net/ ]
C:\USERS\JOE\Cookies\LSM12OAA.txt [ Cookie:joe@[You must be registered and logged in to see this link.] ]
C:\USERS\JOE\Cookies\9VQKDMNZ.txt [ Cookie:joe@dc.tremormedia.com/ ]
C:\USERS\JOE\Cookies\EN6R6TUC.txt [ Cookie:joe@media2.legacy.com/ ]
C:\USERS\JOE\Cookies\2FEI4O4Z.txt [ Cookie:joe@bizrate.com/ ]
C:\USERS\JOE\Cookies\C9B07PMG.txt [ Cookie:joe@stat.dealtime.com/ ]

jcarp

Newbie Surfer
Newbie Surfer

Posts : 29
Joined : 2012-05-20
Operating System : Windows 7 64 bit

View user profile

Back to top Go down

Re: Major virus Trojan Horse Generic27.BTAL

Post by Sponsored content Today at 9:28 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum