Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iexplorer keeps opening new windows on google search


  • This topic is locked This topic is locked
38 replies to this topic

#1 khormaloo

khormaloo

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 05 June 2012 - 04:25 PM

hi there,
I live in Iran and I got a google page where I should type a catcha before getting my search results and then I red this here:
My link
and now I wonder what the problem might be.
I will attach the hijackthis and the gmer log file and hope somebody can tell me more :)
thanks in advance,
khormaloo

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:01 PM

Posted 06 June 2012 - 03:02 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:01 PM

Posted 08 June 2012 - 11:28 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 khormaloo

khormaloo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 09 June 2012 - 04:28 AM

hello.
thanks for your fast reply,
I still need your help and will send you the requested text files asap.
ciao,
mani

#5 khormaloo

khormaloo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 09 June 2012 - 04:43 AM

hi again,
here is the result of Security Check, but some how I cannt get a proper dds log. when I double click on dds.scr it opens notepad emadiatley with a weird text, which I cannt paste here.

the result of Security Check:
Results of screen317's Security Check version 0.99.41
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
CCleaner
Duplicate Cleaner 1.4.7c
Java™ 6 Update 23
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 10.3.183.7 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (12.0)
Google Chrome 19.0.1084.46
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

#6 khormaloo

khormaloo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 09 June 2012 - 04:52 AM

hi again,
here is the result of Security Check, but some how I cannt get a proper dds log. when I double click on dds.scr it opens notepad emadiatley with a weird text, which I cannt paste here.

the result of Security Check:
Results of screen317's Security Check version 0.99.41
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
CCleaner
Duplicate Cleaner 1.4.7c
Java™ 6 Update 23
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 10.3.183.7 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (12.0)
Google Chrome 19.0.1084.46
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

#7 khormaloo

khormaloo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 09 June 2012 - 04:54 AM

sorry I had a connection problem, I posted it few times!

Edited by khormaloo, 09 June 2012 - 04:56 AM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:01 PM

Posted 09 June 2012 - 01:30 PM

Greetings


use link 2 or 3 for dds

Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 khormaloo

khormaloo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 09 June 2012 - 01:58 PM

here we go:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Run by ma at 23:22:00 on 2012-06-09
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.737 [GMT 4.5:30]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe
C:\Program Files\SPSSInc\PASWStatistics18\spssengine.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Vidalia Bundle\Polipo\polipo.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/
mStart Page = hxxp://www.yahoo.com/?ilc=8&fr=mkg029
uInternet Settings,ProxyOverride = local;<local>
uInternet Settings,ProxyServer = socks=127.0.0.1:9050
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: + Offline &Explorer: Download the link - file://c:\program files\offline explorer pro\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files\offline explorer pro\Add_AllO.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{1216BCA3-9F88-4F69-AE9A-7F8908964431} : NameServer = 192.168.0.100
TCP: Interfaces\{47AD38A5-9364-4275-A0D4-2F0E72C56057} : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ma\appdata\roaming\mozilla\firefox\profiles\k5z3y81o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-20 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-20 337880]
R2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~1\esri\license\arcgis9x\lmgrd.exe [2011-2-1 1431440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-20 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-4-20 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-4-20 44768]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-15 21504]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\program files\autodesk\3ds max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-3-10 65536]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-3-3 1153368]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2012-2-9 22016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca0547b3baa39b;Google Update Service (gupdate1ca0547b3baa39b);c:\program files\google\update\GoogleUpdate.exe [2009-7-15 133104]
S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 2010 advanced\DfSdkS.exe [2011-10-2 406016]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-11 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-15 133104]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [2008-10-15 39048]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-28 129976]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2012-2-9 22016]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-06-07 22:01:13 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-07 21:26:12 0 ----a-r- c:\windows\MBR.exe
2012-06-05 14:28:52 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{80ad1bd7-4417-46b2-a347-51a8e4e2271a}\mpengine.dll
2012-06-05 11:17:11 388096 ----a-r- c:\users\ma\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-06-05 11:17:06 -------- d-----w- c:\program files\Trend Micro
2012-05-26 10:41:47 -------- d-----w- c:\users\ma\appdata\local\{B373999C-74B7-447B-BC19-DDD6C109B8A9}
2012-05-19 21:44:51 -------- d-----w- C:\povmodel
2012-05-19 19:55:18 -------- d-----w- C:\EcPro
2012-05-19 18:58:05 49424 ----a-w- c:\windows\system32\temp.011
2012-05-19 18:58:05 24848 ----a-w- c:\windows\system32\temp.012
2012-05-19 18:57:50 86016 ----a-w- c:\windows\system32\MPEigenPack.ocx
2012-05-19 18:57:41 497496 ----a-w- c:\windows\system32\XceedZip.dll
2012-05-19 18:57:34 326656 ----a-w- c:\windows\system32\temp.010
2012-05-19 18:57:32 17920 ----a-w- c:\windows\system32\temp.00E
2012-05-19 18:57:32 164112 ----a-w- c:\windows\system32\temp.00C
2012-05-19 18:57:32 147728 ----a-w- c:\windows\system32\temp.00D
2012-05-19 18:57:32 1388544 ----a-w- c:\windows\system32\temp.00F
2012-05-19 18:57:31 598288 ----a-w- c:\windows\system32\temp.00B
2012-05-19 17:43:08 -------- d-----w- c:\windows\system32\Resources
2012-05-19 17:43:07 49424 ----a-w- c:\windows\system32\temp.009
2012-05-19 17:43:07 24848 ----a-w- c:\windows\system32\temp.00A
2012-05-19 17:42:53 614400 ----a-w- c:\windows\system32\Xav13.dll
2012-05-19 17:42:53 307200 ----a-w- c:\windows\system32\c1sizer.ocx
2012-05-19 17:42:52 -------- d-----w- c:\program files\Expert Choice 11
2012-05-19 10:19:28 -------- d-----w- c:\users\ma\.spss
2012-05-19 10:07:23 -------- d-----w- c:\program files\common files\SPSS
2012-05-19 10:07:16 -------- d-----w- c:\program files\common files\SPSSInc
2012-05-19 10:06:35 -------- d-----w- c:\program files\SPSSInc
2012-05-19 09:39:55 -------- d-----w- C:\SPSS9TEMP
2012-05-15 08:39:38 229888 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HP2014S.DLL
2012-05-14 08:24:39 -------- d-----w- c:\programdata\SafeNet Sentinel
2012-05-14 08:23:12 -------- d-----w- c:\programdata\SPSS
2012-05-14 08:19:58 -------- d-----w- c:\program files\common files\IBM
2012-05-14 08:17:05 1025 ----a-w- c:\windows\system32\sysprs7.dll
.
==================== Find3M ====================
.
.
============= FINISH: 23:23:44.63 ===============

thanks again!

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
Motherboard: Wistron | | 30D6
Processor: AMD Turion™ 64 X2 TL-60 | Socket A | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 137 GiB total, 41.162 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.84 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0001
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter
PNP Device ID: ROOT\*6TO4MP\0001
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0006
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #5
PNP Device ID: ROOT\*6TO4MP\0006
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ACE Mega CoDecS Pack
Activation Assistant for the 2007 Microsoft Office suites
Adobe Color Common Settings
Adobe Common File Installer
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.3.1
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcGIS Desktop
ArcGIS License Manager
Ashampoo WinOptimizer 2010 Advanced
Autodesk 3ds Max Design 2009 32-bit
Autodesk 3ds Max Design 2009 32-bit Additional Maps and Material Libraries
Autodesk 3ds Max Design 2009 32-bit Architectural Materials Library
Autodesk 3ds Max Design 2009 32-bit Movies
Autodesk 3ds Max Design 2009 32-bit ProMaterials™ Library
Autodesk 3ds Max Design 2009 32-bit Vault 2008 Plug-In
Autodesk 3ds Max Design 2009 32-bit Vault 2009 Plug-In
Autodesk Backburner 2008.1
avast! Free Antivirus
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Editor 5
AVS Video Recorder 2.4
AVS4YOU Software Navigator 1.4
Bluerock Technologies Flight Studio 3ds Max Design 2009 32-bit
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
CD Recovery Toolbox Free 1.1
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink YouCam
D3DX10
Defraggler
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Duplicate Cleaner 1.4.7c
DVD Suite
DVDx
ESU for Microsoft Vista
Expert Choice 11
Expert Choice Professional 9.5
FBX Plugin 2009.0 for Max 2009
floAt's Mobile Agent
FLV Player 2.0 (build 25)
Free CD to MP3 Converter
Free Mp3 Wma Converter V 1.7.0
FreeCap version 3.18
Full Tilt Poker
Google Chrome
Google Earth
Google Talk (remove only)
Google Update Helper
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.30 E1
HP QuickTouch 1.00 C4
HP Smart Web Printing
HP Total Care Advisor
HP Update
HP User Guides 0090
HP Wireless Assistant
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
InterVideo DeviceService
iTunes
Java Auto Updater
Java™ 6 Update 23
Junk Mail filter update
KODAK EASYSHARE Gallery Upload ActiveX Control
LightScribe System Software 1.10.13.1
Maxtor Manager
Mesh Runtime
Messenger Companion
MetaProducts Offline Explorer Pro
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Project 2007 Useful Utilities 2.4
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
Moyea FLV to Video Converter Pro 2 version: 2.0.17.194
Moyea YouTube FLV Downloader version: 2.0.8.524
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSCU for Microsoft Vista
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Premium
neroxml
NetWaiting
NEWT Professional 2.5.208
NVIDIA Drivers
OGA Notifier 2.0.0048.0
ooVoo
PASW Statistics 18
PDF2Word v1.4
Polipo 1.0.4.1
PSSWCORE
PuTTY version 0.60
Python 2.4.1
Python 2.5 numpy-1.0.3
Python 2.5.1
QuickTime
RealPlayer
Recuva
RRD Editor - Lite 0.5.3
Scalable WinINSTALL LE
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2434737)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Sentinel Protection Installer 7.2.2
Skype web features
Skype™ 4.1
SmartFTP Client
SmartFTP Client 4.0 Setup Files (remove only)
Sony Digital Voice Editor 2
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Steel Inventory 1.2
Streambox Vcr Suite 2
Switch Sound File Converter
SyncBack
Tor 0.2.2.35
Touch Pad Driver
Turbo Squid Tentacles 3ds Max 2009 32-bit
Ulead DVD MovieFactory 6
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2522999)
VBA (2627.01)
VC80CRTRedist - 8.0.50727.6195
Vidalia 0.2.15
VideoToolkit01
Viewpoint Media Player
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
WeatherBug Gadget
Web Update
Winamp
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinHTTrack Website Copier 3.43-9C
WinRAR archiver
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Your Freedom 20120112-01
.
==== End Of File ===========================

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:01 PM

Posted 09 June 2012 - 03:03 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 khormaloo

khormaloo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 09 June 2012 - 05:43 PM

hello,
ComboFix 12-06-09.02 - ma 06/10/2012 2:41.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1095 [GMT 4.5:30]
Running from: c:\users\ma\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))
.
.
2012-06-09 22:23 . 2012-06-09 22:23 -------- d-----w- c:\users\TUV-NORD\AppData\Local\temp
2012-06-09 22:23 . 2012-06-09 22:23 -------- d-----w- c:\users\tarrahi\AppData\Local\temp
2012-06-09 22:23 . 2012-06-09 22:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-09 22:23 . 2012-06-09 22:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-09 22:23 . 2012-06-09 22:23 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-05 14:28 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{80AD1BD7-4417-46B2-A347-51A8E4E2271A}\mpengine.dll
2012-06-05 11:17 . 2012-06-05 11:17 388096 ----a-r- c:\users\ma\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-05 11:17 . 2012-06-05 11:17 -------- d-----w- c:\program files\Trend Micro
2012-05-19 21:44 . 2012-05-19 21:45 -------- d-----w- C:\povmodel
2012-05-19 19:55 . 2012-05-19 21:38 -------- d-----w- C:\EcPro
2012-05-19 18:58 . 1999-04-05 00:27 49424 ----a-w- c:\windows\system32\temp.011
2012-05-19 18:58 . 1999-04-04 22:51 24848 ----a-w- c:\windows\system32\temp.012
2012-05-19 18:57 . 2002-08-02 11:53 86016 ----a-w- c:\windows\system32\MPEigenPack.ocx
2012-05-19 18:57 . 2006-02-09 06:40 497496 ----a-w- c:\windows\system32\XceedZip.dll
2012-05-19 18:57 . 2001-03-13 10:23 326656 ----a-w- c:\windows\system32\temp.010
2012-05-19 18:57 . 2001-03-13 10:17 17920 ----a-w- c:\windows\system32\temp.00E
2012-05-19 18:57 . 2001-03-13 10:17 164112 ----a-w- c:\windows\system32\temp.00C
2012-05-19 18:57 . 2001-03-13 10:15 147728 ----a-w- c:\windows\system32\temp.00D
2012-05-19 18:57 . 2000-08-20 16:30 1388544 ----a-w- c:\windows\system32\temp.00F
2012-05-19 18:57 . 2001-03-13 10:17 598288 ----a-w- c:\windows\system32\temp.00B
2012-05-19 17:43 . 2012-05-19 17:43 -------- d-----w- c:\windows\system32\Resources
2012-05-19 17:43 . 1999-04-05 00:27 49424 ----a-w- c:\windows\system32\temp.009
2012-05-19 17:43 . 1999-04-04 22:51 24848 ----a-w- c:\windows\system32\temp.00A
2012-05-19 17:42 . 2003-10-20 07:59 614400 ----a-w- c:\windows\system32\Xav13.dll
2012-05-19 17:42 . 2003-06-18 04:23 307200 ----a-w- c:\windows\system32\c1sizer.ocx
2012-05-19 17:42 . 2012-05-19 17:45 -------- d-----w- c:\program files\Expert Choice 11
2012-05-19 10:19 . 2012-05-19 10:19 -------- d-----w- c:\users\ma\.spss
2012-05-19 10:07 . 2012-05-19 10:07 -------- d-----w- c:\program files\Common Files\SPSS
2012-05-19 10:06 . 2012-05-19 10:06 -------- d-----w- c:\program files\SPSSInc
2012-05-19 09:39 . 2012-05-19 09:40 -------- d-----w- C:\SPSS9TEMP
2012-05-15 08:39 . 2007-04-28 08:03 229888 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HP2014S.DLL
2012-05-14 08:24 . 2012-05-14 08:24 -------- d-----w- c:\programdata\SafeNet Sentinel
2012-05-14 08:23 . 2012-05-14 08:23 -------- d-----w- c:\programdata\SPSS
2012-05-14 08:19 . 2012-05-14 08:19 -------- d-----w- c:\program files\Common Files\IBM
2012-05-14 08:17 . 2012-05-14 08:17 1025 ----a-w- c:\windows\system32\sysprs7.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-21 01:19 . 2011-05-09 08:54 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2011-12-14 5407850]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 22:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 12:27]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 12:27]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
mStart Page = hxxp://www.yahoo.com/?ilc=8&fr=mkg029
uInternet Settings,ProxyOverride = local;<local>
uInternet Settings,ProxyServer = socks=127.0.0.1:9050
IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer Pro\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer Pro\Add_AllO.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{1216BCA3-9F88-4F69-AE9A-7F8908964431}: NameServer = 192.168.0.100
FF - ProfilePath - c:\users\ma\AppData\Roaming\Mozilla\Firefox\Profiles\k5z3y81o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-10 02:53
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000055
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4044)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2012-06-10 02:57:58
ComboFix-quarantined-files.txt 2012-06-09 22:27
ComboFix2.txt 2012-06-07 22:03
ComboFix3.txt 2011-03-05 08:45
ComboFix4.txt 2011-02-28 11:52
ComboFix5.txt 2012-06-09 22:08
.
Pre-Run: 44,149,620,736 bytes free
Post-Run: 44,081,643,520 bytes free
.
- - End Of File - - 864D9E8C9AD96EF7B156426D802C2420

there is no difference, I still have the problem with the ie!
ciao,
m.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:01 PM

Posted 09 June 2012 - 06:14 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 khormaloo

khormaloo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 10 June 2012 - 07:12 AM

hello

16:28:17.0833 2860 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
16:28:18.0660 2860 ============================================================
16:28:18.0660 2860 Current date / time: 2012/06/10 16:28:18.0660
16:28:18.0660 2860 SystemInfo:
16:28:18.0660 2860
16:28:18.0676 2860 OS Version: 6.0.6002 ServicePack: 2.0
16:28:18.0676 2860 Product type: Workstation
16:28:18.0676 2860 ComputerName: LT02
16:28:18.0676 2860 UserName: ma
16:28:18.0676 2860 Windows directory: C:\Windows
16:28:18.0676 2860 System windows directory: C:\Windows
16:28:18.0676 2860 Processor architecture: Intel x86
16:28:18.0676 2860 Number of processors: 2
16:28:18.0676 2860 Page size: 0x1000
16:28:18.0676 2860 Boot type: Normal boot
16:28:18.0676 2860 ============================================================
16:28:20.0766 2860 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:28:20.0782 2860 ============================================================
16:28:20.0782 2860 \Device\Harddisk0\DR0:
16:28:20.0782 2860 MBR partitions:
16:28:20.0782 2860 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1123DEAD
16:28:20.0782 2860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1123DEEC, BlocksNum 0x17DABD5
16:28:20.0782 2860 ============================================================
16:28:20.0782 2860 C: <-> \Device\Harddisk0\DR0\Partition0
16:28:20.0891 2860 D: <-> \Device\Harddisk0\DR0\Partition1
16:28:20.0891 2860 ============================================================
16:28:20.0891 2860 Initialize success
16:28:20.0891 2860 ============================================================
16:28:24.0385 2148 ============================================================
16:28:24.0385 2148 Scan started
16:28:24.0385 2148 Mode: Manual;
16:28:24.0385 2148 ============================================================
16:28:27.0505 2148 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:28:27.0536 2148 ACPI - ok
16:28:27.0973 2148 Adobe LM Service (c1eb9968ec89fba5f3a264e2e57923ab) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
16:28:27.0973 2148 Adobe LM Service - ok
16:28:28.0270 2148 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
16:28:28.0301 2148 adp94xx - ok
16:28:28.0410 2148 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
16:28:28.0426 2148 adpahci - ok
16:28:28.0441 2148 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
16:28:28.0457 2148 adpu160m - ok
16:28:28.0488 2148 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
16:28:28.0488 2148 adpu320 - ok
16:28:28.0550 2148 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
16:28:28.0550 2148 AeLookupSvc - ok
16:28:29.0018 2148 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:28:29.0050 2148 AFD - ok
16:28:29.0128 2148 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
16:28:29.0128 2148 agp440 - ok
16:28:29.0533 2148 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:28:29.0533 2148 aic78xx - ok
16:28:29.0611 2148 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
16:28:29.0611 2148 ALG - ok
16:28:29.0642 2148 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
16:28:29.0642 2148 aliide - ok
16:28:29.0705 2148 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
16:28:29.0705 2148 amdagp - ok
16:28:29.0720 2148 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
16:28:29.0720 2148 amdide - ok
16:28:29.0767 2148 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
16:28:29.0767 2148 AmdK7 - ok
16:28:30.0017 2148 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
16:28:30.0017 2148 AmdK8 - ok
16:28:30.0298 2148 ApfiltrService (edbd73ccf2ef7de8bd119036d85d1487) C:\Windows\system32\DRIVERS\Apfiltr.sys
16:28:30.0313 2148 ApfiltrService - ok
16:28:30.0376 2148 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
16:28:30.0376 2148 Appinfo - ok
16:28:30.0922 2148 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:28:30.0937 2148 Apple Mobile Device - ok
16:28:31.0015 2148 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
16:28:31.0015 2148 arc - ok
16:28:32.0232 2148 ArcGIS License Manager (338deabd788009f2d043d3080e29930d) C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
16:28:32.0388 2148 ArcGIS License Manager - ok
16:28:33.0808 2148 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
16:28:33.0839 2148 arcsas - ok
16:28:34.0322 2148 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:28:34.0322 2148 aspnet_state - ok
16:28:34.0541 2148 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
16:28:34.0541 2148 aswFsBlk - ok
16:28:34.0572 2148 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
16:28:34.0572 2148 aswMonFlt - ok
16:28:34.0603 2148 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\Windows\system32\drivers\aswRdr.sys
16:28:34.0603 2148 aswRdr - ok
16:28:34.0650 2148 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
16:28:34.0681 2148 aswSnx - ok
16:28:34.0744 2148 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
16:28:34.0759 2148 aswSP - ok
16:28:34.0775 2148 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
16:28:34.0775 2148 aswTdi - ok
16:28:35.0009 2148 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:28:35.0056 2148 AsyncMac - ok
16:28:35.0087 2148 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
16:28:35.0087 2148 atapi - ok
16:28:35.0165 2148 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
16:28:35.0180 2148 AudioEndpointBuilder - ok
16:28:35.0180 2148 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
16:28:35.0180 2148 Audiosrv - ok
16:28:36.0116 2148 Autodesk Licensing Service (ead65493edba0ebea2192d46b938298e) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
16:28:36.0116 2148 Autodesk Licensing Service - ok
16:28:36.0257 2148 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:28:36.0272 2148 avast! Antivirus - ok
16:28:38.0066 2148 BCM43XV (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
16:28:38.0129 2148 BCM43XV - ok
16:28:38.0191 2148 BCM43XX (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
16:28:38.0207 2148 BCM43XX - ok
16:28:40.0578 2148 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:28:40.0640 2148 Beep - ok
16:28:41.0686 2148 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
16:28:41.0701 2148 BFE - ok
16:28:41.0966 2148 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
16:28:41.0998 2148 BITS - ok
16:28:41.0998 2148 blbdrive - ok
16:28:42.0200 2148 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe
16:28:42.0200 2148 Bonjour Service - ok
16:28:42.0247 2148 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:28:42.0247 2148 bowser - ok
16:28:42.0310 2148 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:28:42.0310 2148 BrFiltLo - ok
16:28:42.0325 2148 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:28:42.0325 2148 BrFiltUp - ok
16:28:42.0372 2148 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
16:28:42.0372 2148 Browser - ok
16:28:42.0419 2148 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:28:42.0419 2148 Brserid - ok
16:28:42.0466 2148 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:28:42.0466 2148 BrSerWdm - ok
16:28:42.0481 2148 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:28:42.0497 2148 BrUsbMdm - ok
16:28:42.0512 2148 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:28:42.0512 2148 BrUsbSer - ok
16:28:42.0559 2148 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:28:42.0559 2148 BTHMODEM - ok
16:28:43.0183 2148 Capture Device Service (3014ca345e8ad68587babfb162dddec5) C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
16:28:43.0183 2148 Capture Device Service - ok
16:28:43.0339 2148 catchme - ok
16:28:43.0402 2148 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:28:43.0402 2148 cdfs - ok
16:28:43.0464 2148 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:28:43.0464 2148 cdrom - ok
16:28:43.0542 2148 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
16:28:43.0542 2148 CertPropSvc - ok
16:28:43.0573 2148 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
16:28:43.0589 2148 circlass - ok
16:28:43.0651 2148 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:28:43.0651 2148 CLFS - ok
16:28:43.0838 2148 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:28:43.0854 2148 clr_optimization_v2.0.50727_32 - ok
16:28:44.0150 2148 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:28:44.0182 2148 clr_optimization_v4.0.30319_32 - ok
16:28:44.0260 2148 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:28:44.0260 2148 CmBatt - ok
16:28:44.0291 2148 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
16:28:44.0291 2148 cmdide - ok
16:28:44.0540 2148 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
16:28:44.0540 2148 CnxtHdAudService - ok
16:28:44.0681 2148 Com4Qlb (d8774ace03b46c9b01a49818055f9ad4) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
16:28:44.0681 2148 Com4Qlb - ok
16:28:44.0837 2148 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:28:44.0868 2148 Compbatt - ok
16:28:44.0868 2148 COMSysApp - ok
16:28:44.0930 2148 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
16:28:44.0930 2148 crcdisk - ok
16:28:44.0962 2148 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
16:28:44.0962 2148 Crusoe - ok
16:28:45.0008 2148 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
16:28:45.0024 2148 CryptSvc - ok
16:28:45.0242 2148 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
16:28:45.0258 2148 DcomLaunch - ok
16:28:45.0289 2148 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:28:45.0289 2148 DfsC - ok
16:28:46.0288 2148 DfSdkS (92ae26f2caf4a67e24a0ba6ddf32cc3c) C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe
16:28:46.0319 2148 DfSdkS - ok
16:28:46.0412 2148 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
16:28:46.0444 2148 Dhcp - ok
16:28:46.0506 2148 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:28:46.0506 2148 disk - ok
16:28:46.0568 2148 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
16:28:46.0568 2148 Dnscache - ok
16:28:47.0021 2148 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
16:28:47.0021 2148 dot3svc - ok
16:28:47.0099 2148 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
16:28:47.0099 2148 DPS - ok
16:28:47.0130 2148 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:28:47.0130 2148 drmkaud - ok
16:28:47.0224 2148 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:28:47.0224 2148 DXGKrnl - ok
16:28:47.0348 2148 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
16:28:47.0364 2148 E100B - ok
16:28:47.0426 2148 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:28:47.0426 2148 E1G60 - ok
16:28:47.0520 2148 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
16:28:47.0536 2148 EapHost - ok
16:28:48.0362 2148 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:28:48.0440 2148 Ecache - ok
16:28:49.0283 2148 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
16:28:49.0314 2148 ehRecvr - ok
16:28:49.0330 2148 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
16:28:49.0345 2148 ehSched - ok
16:28:49.0392 2148 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
16:28:49.0392 2148 ehstart - ok
16:28:49.0720 2148 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
16:28:49.0766 2148 elxstor - ok
16:28:50.0328 2148 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
16:28:50.0344 2148 EMDMgmt - ok
16:28:50.0406 2148 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
16:28:50.0453 2148 EventSystem - ok
16:28:50.0531 2148 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:28:50.0531 2148 exfat - ok
16:28:50.0624 2148 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:28:50.0624 2148 fastfat - ok
16:28:50.0687 2148 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
16:28:50.0687 2148 fdc - ok
16:28:50.0718 2148 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
16:28:50.0718 2148 fdPHost - ok
16:28:50.0749 2148 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
16:28:50.0749 2148 FDResPub - ok
16:28:50.0812 2148 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:28:50.0812 2148 FileInfo - ok
16:28:50.0843 2148 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:28:50.0843 2148 Filetrace - ok
16:28:51.0326 2148 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:28:51.0358 2148 FLEXnet Licensing Service - ok
16:28:51.0389 2148 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
16:28:51.0389 2148 flpydisk - ok
16:28:52.0325 2148 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:28:52.0356 2148 FltMgr - ok
16:28:52.0793 2148 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
16:28:52.0840 2148 FontCache - ok
16:28:53.0027 2148 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:28:53.0027 2148 FontCache3.0.0.0 - ok
16:28:53.0089 2148 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
16:28:53.0089 2148 fssfltr - ok
16:28:53.0557 2148 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
16:28:53.0588 2148 fsssvc - ok
16:28:53.0713 2148 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
16:28:53.0713 2148 Fs_Rec - ok
16:28:53.0760 2148 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
16:28:53.0760 2148 gagp30kx - ok
16:28:53.0838 2148 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
16:28:53.0838 2148 GEARAspiWDM - ok
16:28:53.0947 2148 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
16:28:53.0978 2148 gpsvc - ok
16:28:54.0119 2148 gupdate1ca0547b3baa39b (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
16:28:54.0119 2148 gupdate1ca0547b3baa39b - ok
16:28:54.0166 2148 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
16:28:54.0166 2148 gupdatem - ok
16:28:54.0197 2148 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:28:54.0197 2148 gusvc - ok
16:28:54.0275 2148 HdAudAddService (4487da7bd384caafa0c620b19fea540a) C:\Windows\system32\drivers\CHDART.sys
16:28:54.0275 2148 HdAudAddService - ok
16:28:54.0353 2148 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:28:54.0353 2148 HDAudBus - ok
16:28:54.0400 2148 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:28:54.0400 2148 HidBth - ok
16:28:54.0431 2148 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:28:54.0431 2148 HidIr - ok
16:28:54.0462 2148 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
16:28:54.0493 2148 hidserv - ok
16:28:54.0571 2148 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:28:54.0587 2148 HidUsb - ok
16:28:54.0618 2148 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
16:28:54.0618 2148 hkmsvc - ok
16:28:54.0899 2148 HP Health Check Service (0d26c438e2938a3e6bdd91173bc96ff0) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
16:28:54.0899 2148 HP Health Check Service - ok
16:28:54.0914 2148 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
16:28:54.0914 2148 HpCISSs - ok
16:28:54.0961 2148 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
16:28:54.0961 2148 HpqKbFiltr - ok
16:28:55.0008 2148 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
16:28:55.0008 2148 HpqRemHid - ok
16:28:55.0086 2148 hpqwmiex (04c1dcbb226c6ae647b794833ce3ceb6) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
16:28:55.0102 2148 hpqwmiex - ok
16:28:55.0180 2148 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:28:55.0180 2148 HSFHWAZL - ok
16:28:55.0351 2148 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:28:55.0382 2148 HSF_DPV - ok
16:28:55.0460 2148 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:28:55.0476 2148 HSXHWAZL - ok
16:28:55.0741 2148 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
16:28:55.0772 2148 HTTP - ok
16:28:55.0819 2148 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
16:28:55.0819 2148 i2omp - ok
16:28:55.0928 2148 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:28:55.0944 2148 i8042prt - ok
16:28:56.0412 2148 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:28:56.0490 2148 ialm - ok
16:28:56.0786 2148 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
16:28:56.0802 2148 iaStorV - ok
16:28:56.0880 2148 ICDSPTSV (05c0a75ba2f910f69a643ee4f9767acf) C:\Windows\System32\IcdSptSv.exe
16:28:56.0880 2148 ICDSPTSV - ok
16:28:56.0958 2148 ICDUSB2 (60b044a221cf76cc6077b0c3e9136cff) C:\Windows\system32\Drivers\ICDUSB2.sys
16:28:56.0958 2148 ICDUSB2 - ok
16:28:57.0098 2148 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:28:57.0098 2148 IDriverT - ok
16:28:57.0457 2148 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:28:57.0535 2148 idsvc - ok
16:28:57.0566 2148 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:28:57.0566 2148 iirsp - ok
16:28:57.0660 2148 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
16:28:57.0691 2148 IKEEXT - ok
16:28:57.0754 2148 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
16:28:57.0754 2148 intelide - ok
16:28:57.0816 2148 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
16:28:57.0832 2148 intelppm - ok
16:28:57.0956 2148 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
16:28:57.0956 2148 IPBusEnum - ok
16:28:57.0988 2148 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:28:57.0988 2148 IpFilterDriver - ok
16:28:58.0019 2148 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
16:28:58.0034 2148 iphlpsvc - ok
16:28:58.0034 2148 IpInIp - ok
16:28:58.0081 2148 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
16:28:58.0081 2148 IPMIDRV - ok
16:28:58.0112 2148 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:28:58.0144 2148 IPNAT - ok
16:28:59.0360 2148 iPod Service (b84a28b3984185eda8867541af14cddb) C:\Program Files\iPod\bin\iPodService.exe
16:28:59.0470 2148 iPod Service - ok
16:28:59.0501 2148 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:28:59.0501 2148 IRENUM - ok
16:28:59.0532 2148 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
16:28:59.0532 2148 isapnp - ok
16:28:59.0594 2148 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:28:59.0594 2148 iScsiPrt - ok
16:28:59.0626 2148 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:28:59.0626 2148 iteatapi - ok
16:28:59.0672 2148 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:28:59.0672 2148 iteraid - ok
16:28:59.0704 2148 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:28:59.0704 2148 kbdclass - ok
16:28:59.0735 2148 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:28:59.0735 2148 kbdhid - ok
16:28:59.0766 2148 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:28:59.0782 2148 KeyIso - ok
16:28:59.0891 2148 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:28:59.0906 2148 KSecDD - ok
16:29:00.0031 2148 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
16:29:00.0031 2148 KtmRm - ok
16:29:00.0265 2148 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
16:29:00.0281 2148 LanmanServer - ok
16:29:00.0359 2148 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
16:29:00.0390 2148 LanmanWorkstation - ok
16:29:00.0562 2148 LightScribeService (53710476495886d9961be46983a6a33f) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:29:00.0562 2148 LightScribeService - ok
16:29:00.0749 2148 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:29:00.0749 2148 lltdio - ok
16:29:00.0796 2148 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
16:29:00.0796 2148 lltdsvc - ok
16:29:00.0827 2148 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
16:29:00.0827 2148 lmhosts - ok
16:29:00.0920 2148 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
16:29:00.0936 2148 LSI_FC - ok
16:29:01.0061 2148 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
16:29:01.0061 2148 LSI_SAS - ok
16:29:01.0092 2148 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
16:29:01.0092 2148 LSI_SCSI - ok
16:29:01.0217 2148 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:29:01.0217 2148 luafv - ok
16:29:01.0373 2148 Maxtor Sync Service (3e6c47a46bdde1b6b084012b5b69c069) C:\Program Files\Maxtor\Sync\SyncServices.exe
16:29:01.0373 2148 Maxtor Sync Service - ok
16:29:01.0451 2148 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
16:29:01.0451 2148 Mcx2Svc - ok
16:29:01.0482 2148 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:29:01.0482 2148 mdmxsdk - ok
16:29:01.0622 2148 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
16:29:01.0622 2148 megasas - ok
16:29:01.0966 2148 mi-raysat_3dsMax2009_32 (aa0c4a2c33ce075df2c272d678734991) C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
16:29:01.0966 2148 mi-raysat_3dsMax2009_32 - ok
16:29:02.0122 2148 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
16:29:02.0122 2148 Microsoft Office Groove Audit Service - ok
16:29:02.0153 2148 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:29:02.0184 2148 MMCSS - ok
16:29:02.0246 2148 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:29:02.0246 2148 Modem - ok
16:29:02.0324 2148 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:29:02.0324 2148 monitor - ok
16:29:02.0356 2148 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:29:02.0356 2148 mouclass - ok
16:29:02.0402 2148 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:29:02.0402 2148 mouhid - ok
16:29:02.0449 2148 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:29:02.0449 2148 MountMgr - ok
16:29:02.0527 2148 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:29:02.0527 2148 MozillaMaintenance - ok
16:29:02.0558 2148 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
16:29:02.0558 2148 mpio - ok
16:29:02.0668 2148 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:29:02.0668 2148 mpsdrv - ok
16:29:02.0808 2148 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
16:29:02.0824 2148 MpsSvc - ok
16:29:02.0839 2148 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:29:02.0855 2148 Mraid35x - ok
16:29:02.0886 2148 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:29:02.0886 2148 MRxDAV - ok
16:29:03.0104 2148 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:29:03.0120 2148 mrxsmb - ok
16:29:03.0214 2148 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:29:03.0229 2148 mrxsmb10 - ok
16:29:03.0260 2148 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:29:03.0260 2148 mrxsmb20 - ok
16:29:03.0307 2148 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
16:29:03.0307 2148 msahci - ok
16:29:03.0338 2148 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
16:29:03.0338 2148 msdsm - ok
16:29:03.0401 2148 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
16:29:03.0416 2148 MSDTC - ok
16:29:03.0463 2148 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:29:03.0479 2148 Msfs - ok
16:29:03.0526 2148 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:29:03.0541 2148 msisadrv - ok
16:29:03.0588 2148 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
16:29:03.0619 2148 MSiSCSI - ok
16:29:03.0635 2148 msiserver - ok
16:29:03.0682 2148 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:29:03.0713 2148 MSKSSRV - ok
16:29:03.0728 2148 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:29:03.0728 2148 MSPCLOCK - ok
16:29:03.0760 2148 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:29:03.0760 2148 MSPQM - ok
16:29:03.0806 2148 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:29:03.0806 2148 MsRPC - ok
16:29:03.0822 2148 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:29:03.0822 2148 mssmbios - ok
16:29:03.0853 2148 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:29:03.0869 2148 MSTEE - ok
16:29:03.0916 2148 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:29:03.0916 2148 Mup - ok
16:29:03.0994 2148 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\Windows\system32\DRIVERS\mxopswd.sys
16:29:03.0994 2148 MXOPSWD - ok
16:29:04.0306 2148 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
16:29:04.0306 2148 napagent - ok
16:29:04.0430 2148 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:29:04.0446 2148 NativeWifiP - ok
16:29:04.0898 2148 NBService (6d8fcdd5bb3b676ef58fa234073492c6) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
16:29:04.0945 2148 NBService - ok
16:29:05.0210 2148 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:29:05.0226 2148 NDIS - ok
16:29:05.0257 2148 Ndisrd (ef6574a4a8359379caf7092850fe4c81) C:\Windows\system32\DRIVERS\ndisrd.sys
16:29:05.0257 2148 Ndisrd - ok
16:29:05.0273 2148 NdisrdMP (ef6574a4a8359379caf7092850fe4c81) C:\Windows\system32\DRIVERS\ndisrd.sys
16:29:05.0273 2148 NdisrdMP - ok
16:29:05.0288 2148 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:29:05.0304 2148 NdisTapi - ok
16:29:05.0351 2148 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:29:05.0351 2148 Ndisuio - ok
16:29:05.0460 2148 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:29:05.0460 2148 NdisWan - ok
16:29:05.0522 2148 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:29:05.0522 2148 NDProxy - ok
16:29:05.0522 2148 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:29:05.0522 2148 NetBIOS - ok
16:29:05.0632 2148 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:29:05.0647 2148 netbt - ok
16:29:05.0710 2148 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:29:05.0710 2148 Netlogon - ok
16:29:05.0834 2148 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
16:29:05.0850 2148 Netman - ok
16:29:06.0084 2148 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:29:06.0100 2148 NetMsmqActivator - ok
16:29:06.0115 2148 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:29:06.0115 2148 NetPipeActivator - ok
16:29:06.0318 2148 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
16:29:06.0474 2148 netprofm - ok
16:29:06.0490 2148 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:29:06.0490 2148 NetTcpActivator - ok
16:29:06.0505 2148 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:29:06.0505 2148 NetTcpPortSharing - ok
16:29:06.0552 2148 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:29:06.0552 2148 nfrd960 - ok
16:29:06.0614 2148 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
16:29:06.0614 2148 NlaSvc - ok
16:29:07.0114 2148 NMIndexingService (e32686b4e27d11f83e3f2844e104c66c) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
16:29:07.0129 2148 NMIndexingService - ok
16:29:07.0192 2148 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:29:07.0192 2148 Npfs - ok
16:29:07.0238 2148 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
16:29:07.0238 2148 nsi - ok
16:29:07.0285 2148 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:29:07.0285 2148 nsiproxy - ok
16:29:08.0580 2148 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:29:08.0627 2148 Ntfs - ok
16:29:08.0658 2148 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:29:08.0658 2148 ntrigdigi - ok
16:29:08.0705 2148 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:29:08.0705 2148 Null - ok
16:29:10.0046 2148 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
16:29:10.0109 2148 NVENETFD - ok
16:29:16.0817 2148 nvlddmkm (442eac1b12acf1bad6f1224167e034c8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:29:17.0066 2148 nvlddmkm - ok
16:29:17.0316 2148 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
16:29:17.0316 2148 nvraid - ok
16:29:17.0363 2148 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
16:29:17.0363 2148 nvsmu - ok
16:29:17.0394 2148 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
16:29:17.0394 2148 nvstor - ok
16:29:17.0425 2148 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
16:29:17.0425 2148 nv_agp - ok
16:29:17.0441 2148 NwlnkFlt - ok
16:29:17.0441 2148 NwlnkFwd - ok
16:29:17.0706 2148 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:29:17.0706 2148 odserv - ok
16:29:17.0784 2148 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
16:29:17.0784 2148 ohci1394 - ok
16:29:17.0831 2148 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:29:17.0846 2148 ose - ok
16:29:18.0112 2148 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:29:18.0127 2148 p2pimsvc - ok
16:29:18.0143 2148 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:29:18.0143 2148 p2psvc - ok
16:29:18.0190 2148 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:29:18.0190 2148 Parport - ok
16:29:18.0236 2148 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:29:18.0236 2148 partmgr - ok
16:29:18.0268 2148 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:29:18.0268 2148 Parvdm - ok
16:29:18.0283 2148 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
16:29:18.0299 2148 PcaSvc - ok
16:29:18.0330 2148 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:29:18.0346 2148 pci - ok
16:29:18.0392 2148 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
16:29:18.0392 2148 pciide - ok
16:29:18.0408 2148 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:29:18.0424 2148 pcmcia - ok
16:29:18.0611 2148 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:29:18.0626 2148 PEAUTH - ok
16:29:18.0876 2148 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
16:29:18.0907 2148 pla - ok
16:29:19.0048 2148 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
16:29:19.0063 2148 PlugPlay - ok
16:29:19.0126 2148 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:29:19.0126 2148 PNRPAutoReg - ok
16:29:19.0141 2148 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:29:19.0157 2148 PNRPsvc - ok
16:29:19.0282 2148 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
16:29:19.0282 2148 PolicyAgent - ok
16:29:19.0328 2148 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:29:19.0328 2148 PptpMiniport - ok
16:29:19.0360 2148 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
16:29:19.0360 2148 Processor - ok
16:29:19.0406 2148 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
16:29:19.0406 2148 ProfSvc - ok
16:29:19.0453 2148 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:29:19.0469 2148 ProtectedStorage - ok
16:29:19.0500 2148 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:29:19.0500 2148 PSched - ok
16:29:19.0625 2148 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
16:29:19.0656 2148 ql2300 - ok
16:29:19.0672 2148 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:29:19.0672 2148 ql40xx - ok
16:29:19.0718 2148 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
16:29:19.0734 2148 QWAVE - ok
16:29:19.0765 2148 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:29:19.0765 2148 QWAVEdrv - ok
16:29:19.0796 2148 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:29:19.0828 2148 RasAcd - ok
16:29:19.0859 2148 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
16:29:19.0874 2148 RasAuto - ok
16:29:19.0906 2148 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:29:19.0906 2148 Rasl2tp - ok
16:29:19.0952 2148 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
16:29:19.0968 2148 RasMan - ok
16:29:19.0999 2148 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:29:19.0999 2148 RasPppoe - ok
16:29:20.0046 2148 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:29:20.0046 2148 RasSstp - ok
16:29:20.0093 2148 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:29:20.0093 2148 rdbss - ok
16:29:20.0124 2148 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:29:20.0124 2148 RDPCDD - ok
16:29:20.0155 2148 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
16:29:20.0171 2148 rdpdr - ok
16:29:20.0171 2148 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:29:20.0171 2148 RDPENCDD - ok
16:29:20.0218 2148 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
16:29:20.0218 2148 RDPWD - ok
16:29:20.0280 2148 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
16:29:20.0280 2148 RemoteAccess - ok
16:29:20.0342 2148 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
16:29:20.0358 2148 RemoteRegistry - ok
16:29:20.0405 2148 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
16:29:20.0420 2148 rimmptsk - ok
16:29:20.0483 2148 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
16:29:20.0483 2148 rimsptsk - ok
16:29:20.0498 2148 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
16:29:20.0498 2148 rismxdp - ok
16:29:20.0530 2148 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
16:29:20.0530 2148 RpcLocator - ok
16:29:20.0608 2148 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
16:29:20.0623 2148 RpcSs - ok
16:29:20.0717 2148 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:29:20.0717 2148 rspndr - ok
16:29:20.0748 2148 s125bus (06847aa6f3a9bf7c44134d00a2e578c0) C:\Windows\system32\DRIVERS\s125bus.sys
16:29:20.0764 2148 s125bus - ok
16:29:20.0810 2148 s125mdfl (f83f88e1b125308fb5015ea0349502b0) C:\Windows\system32\DRIVERS\s125mdfl.sys
16:29:20.0810 2148 s125mdfl - ok
16:29:20.0842 2148 s125mdm (402a97756c14940ad6ae5169c2fb105e) C:\Windows\system32\DRIVERS\s125mdm.sys
16:29:20.0842 2148 s125mdm - ok
16:29:20.0857 2148 s125mgmt (82b14c51de76825ec769a6374e4c57d6) C:\Windows\system32\DRIVERS\s125mgmt.sys
16:29:20.0873 2148 s125mgmt - ok
16:29:20.0888 2148 s125obex (bedfc5707c356fd073bf1a4afe442d91) C:\Windows\system32\DRIVERS\s125obex.sys
16:29:20.0888 2148 s125obex - ok
16:29:20.0935 2148 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:29:20.0935 2148 SamSs - ok
16:29:21.0185 2148 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:29:21.0216 2148 sbp2port - ok
16:29:22.0214 2148 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
16:29:22.0292 2148 SBSDWSCService - ok
16:29:22.0745 2148 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
16:29:22.0745 2148 SCardSvr - ok
16:29:23.0213 2148 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
16:29:23.0260 2148 Schedule - ok
16:29:23.0291 2148 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
16:29:23.0291 2148 SCPolicySvc - ok
16:29:23.0353 2148 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
16:29:23.0353 2148 sdbus - ok
16:29:23.0416 2148 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
16:29:23.0416 2148 SDRSVC - ok
16:29:23.0447 2148 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:29:23.0462 2148 secdrv - ok
16:29:23.0509 2148 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
16:29:23.0509 2148 seclogon - ok
16:29:23.0525 2148 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
16:29:23.0525 2148 SENS - ok
16:29:23.0587 2148 Sentinel (b3c1b187fefc941f63ce0df93d02eb9f) C:\Windows\System32\Drivers\SENTINEL.SYS
16:29:23.0587 2148 Sentinel - ok
16:29:23.0790 2148 SentinelProtectionServer (accdf944417fce3b9bddfc197c704a27) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
16:29:23.0790 2148 SentinelProtectionServer - ok
16:29:23.0821 2148 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:29:23.0821 2148 Serenum - ok
16:29:23.0852 2148 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:29:23.0868 2148 Serial - ok
16:29:23.0899 2148 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:29:23.0899 2148 sermouse - ok
16:29:23.0946 2148 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
16:29:23.0962 2148 SessionEnv - ok
16:29:23.0993 2148 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
16:29:23.0993 2148 sffdisk - ok
16:29:24.0024 2148 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
16:29:24.0024 2148 sffp_mmc - ok
16:29:24.0071 2148 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:29:24.0071 2148 sffp_sd - ok
16:29:24.0118 2148 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
16:29:24.0118 2148 sfloppy - ok
16:29:24.0133 2148 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
16:29:24.0149 2148 SharedAccess - ok
16:29:24.0180 2148 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
16:29:24.0196 2148 ShellHWDetection - ok
16:29:24.0227 2148 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
16:29:24.0227 2148 sisagp - ok
16:29:24.0258 2148 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
16:29:24.0258 2148 SiSRaid2 - ok
16:29:24.0289 2148 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
16:29:24.0289 2148 SiSRaid4 - ok
16:29:27.0300 2148 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
16:29:27.0425 2148 slsvc - ok
16:29:27.0893 2148 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
16:29:27.0893 2148 SLUINotify - ok
16:29:28.0252 2148 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:29:28.0252 2148 Smb - ok
16:29:28.0298 2148 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
16:29:28.0314 2148 SNMPTRAP - ok
16:29:28.0392 2148 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:29:28.0392 2148 spldr - ok
16:29:28.0439 2148 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
16:29:28.0439 2148 Spooler - ok
16:29:28.0486 2148 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:29:28.0501 2148 srv - ok
16:29:28.0532 2148 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:29:28.0532 2148 srv2 - ok
16:29:28.0579 2148 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:29:28.0579 2148 srvnet - ok
16:29:28.0595 2148 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
16:29:28.0610 2148 SSDPSRV - ok
16:29:28.0704 2148 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
16:29:28.0704 2148 SstpSvc - ok
16:29:28.0798 2148 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
16:29:28.0813 2148 stisvc - ok
16:29:28.0844 2148 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:29:28.0844 2148 swenum - ok
16:29:28.0891 2148 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
16:29:28.0922 2148 swprv - ok
16:29:28.0954 2148 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:29:28.0954 2148 Symc8xx - ok
16:29:28.0985 2148 SymIM - ok
16:29:29.0000 2148 SymIMMP - ok
16:29:29.0047 2148 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:29:29.0047 2148 Sym_hi - ok
16:29:29.0078 2148 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:29:29.0078 2148 Sym_u3 - ok
16:29:29.0172 2148 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
16:29:29.0203 2148 SysMain - ok
16:29:29.0250 2148 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
16:29:29.0266 2148 TabletInputService - ok
16:29:29.0297 2148 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
16:29:29.0297 2148 taphss - ok
16:29:29.0359 2148 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
16:29:29.0359 2148 TapiSrv - ok
16:29:29.0468 2148 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
16:29:29.0484 2148 TBS - ok
16:29:29.0858 2148 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:29:29.0890 2148 Tcpip - ok
16:29:29.0905 2148 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:29:29.0921 2148 Tcpip6 - ok
16:29:30.0092 2148 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:29:30.0124 2148 tcpipreg - ok
16:29:30.0155 2148 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:29:30.0155 2148 TDPIPE - ok
16:29:30.0186 2148 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:29:30.0186 2148 TDTCP - ok
16:29:30.0217 2148 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:29:30.0248 2148 tdx - ok
16:29:30.0280 2148 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:29:30.0280 2148 TermDD - ok
16:29:30.0389 2148 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
16:29:30.0436 2148 TermService - ok
16:29:30.0482 2148 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
16:29:30.0482 2148 Themes - ok
16:29:30.0670 2148 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:29:30.0670 2148 THREADORDER - ok
16:29:30.0872 2148 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
16:29:30.0872 2148 TrkWks - ok
16:29:30.0919 2148 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
16:29:30.0950 2148 TrustedInstaller - ok
16:29:30.0982 2148 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:29:30.0982 2148 tssecsrv - ok
16:29:31.0044 2148 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:29:31.0044 2148 tunmp - ok
16:29:31.0060 2148 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:29:31.0060 2148 tunnel - ok
16:29:31.0106 2148 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
16:29:31.0106 2148 uagp35 - ok
16:29:31.0138 2148 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:29:31.0153 2148 udfs - ok
16:29:31.0184 2148 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
16:29:31.0200 2148 UI0Detect - ok
16:29:31.0216 2148 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
16:29:31.0216 2148 uliagpkx - ok
16:29:31.0247 2148 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
16:29:31.0262 2148 uliahci - ok
16:29:31.0278 2148 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:29:31.0278 2148 UlSata - ok
16:29:31.0294 2148 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:29:31.0309 2148 ulsata2 - ok
16:29:31.0325 2148 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:29:31.0325 2148 umbus - ok
16:29:31.0418 2148 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
16:29:31.0450 2148 upnphost - ok
16:29:31.0512 2148 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
16:29:31.0512 2148 USBAAPL - ok
16:29:31.0574 2148 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:29:31.0574 2148 usbccgp - ok
16:29:31.0606 2148 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:29:31.0606 2148 usbcir - ok
16:29:31.0637 2148 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:29:31.0652 2148 usbehci - ok
16:29:31.0699 2148 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:29:31.0699 2148 usbhub - ok
16:29:31.0715 2148 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
16:29:31.0715 2148 usbohci - ok
16:29:31.0730 2148 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
16:29:31.0746 2148 usbprint - ok
16:29:31.0777 2148 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:29:31.0777 2148 USBSTOR - ok
16:29:31.0808 2148 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
16:29:31.0808 2148 usbuhci - ok
16:29:31.0871 2148 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:29:31.0871 2148 usbvideo - ok
16:29:31.0918 2148 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
16:29:31.0918 2148 usb_rndisx - ok
16:29:31.0980 2148 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
16:29:31.0996 2148 UxSms - ok
16:29:32.0042 2148 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
16:29:32.0074 2148 vds - ok
16:29:32.0136 2148 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
16:29:32.0136 2148 vga - ok
16:29:32.0167 2148 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:29:32.0167 2148 VgaSave - ok
16:29:32.0183 2148 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
16:29:32.0183 2148 viaagp - ok
16:29:32.0198 2148 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
16:29:32.0198 2148 ViaC7 - ok
16:29:32.0214 2148 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
16:29:32.0214 2148 viaide - ok
16:29:32.0245 2148 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:29:32.0245 2148 volmgr - ok
16:29:32.0308 2148 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:29:32.0323 2148 volmgrx - ok
16:29:32.0354 2148 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:29:32.0370 2148 volsnap - ok
16:29:32.0386 2148 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
16:29:32.0401 2148 vsmraid - ok
16:29:32.0651 2148 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
16:29:32.0698 2148 VSS - ok
16:29:32.0744 2148 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
16:29:32.0760 2148 W32Time - ok
16:29:32.0807 2148 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:29:32.0807 2148 WacomPen - ok
16:29:32.0838 2148 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:29:32.0838 2148 Wanarp - ok
16:29:32.0838 2148 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:29:32.0854 2148 Wanarpv6 - ok
16:29:32.0900 2148 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
16:29:32.0916 2148 wcncsvc - ok
16:29:32.0947 2148 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
16:29:32.0963 2148 WcsPlugInService - ok
16:29:32.0978 2148 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:29:32.0978 2148 Wd - ok
16:29:33.0119 2148 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:29:33.0119 2148 Wdf01000 - ok
16:29:33.0181 2148 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:29:33.0181 2148 WdiServiceHost - ok
16:29:33.0197 2148 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:29:33.0197 2148 WdiSystemHost - ok
16:29:33.0322 2148 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
16:29:33.0337 2148 WebClient - ok
16:29:33.0368 2148 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
16:29:33.0400 2148 Wecsvc - ok
16:29:33.0431 2148 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
16:29:33.0446 2148 wercplsupport - ok
16:29:33.0493 2148 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
16:29:33.0493 2148 WerSvc - ok
16:29:33.0618 2148 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:29:33.0649 2148 winachsf - ok
16:29:33.0758 2148 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
16:29:33.0758 2148 WinDefend - ok
16:29:33.0774 2148 WinHttpAutoProxySvc - ok
16:29:33.0883 2148 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
16:29:33.0883 2148 Winmgmt - ok
16:29:34.0148 2148 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
16:29:34.0180 2148 WinRM - ok
16:29:34.0242 2148 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
16:29:34.0258 2148 Wlansvc - ok
16:29:34.0367 2148 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:29:34.0382 2148 wlcrasvc - ok
16:29:34.0694 2148 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:29:34.0772 2148 wlidsvc - ok
16:29:34.0944 2148 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:29:34.0944 2148 WmiAcpi - ok
16:29:35.0038 2148 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
16:29:35.0038 2148 wmiApSrv - ok
16:29:35.0287 2148 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:29:35.0334 2148 WMPNetworkSvc - ok
16:29:35.0396 2148 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
16:29:35.0396 2148 WPCSvc - ok
16:29:35.0443 2148 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
16:29:35.0443 2148 WPDBusEnum - ok
16:29:35.0552 2148 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:29:35.0552 2148 WpdUsb - ok
16:29:35.0849 2148 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:29:35.0864 2148 WPFFontCache_v0400 - ok
16:29:35.0927 2148 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:29:35.0942 2148 ws2ifsl - ok
16:29:35.0974 2148 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
16:29:35.0989 2148 wscsvc - ok
16:29:35.0989 2148 WSearch - ok
16:29:36.0270 2148 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
16:29:36.0348 2148 wuauserv - ok
16:29:36.0613 2148 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:29:36.0629 2148 WUDFRd - ok
16:29:36.0660 2148 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
16:29:36.0676 2148 wudfsvc - ok
16:29:36.0707 2148 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
16:29:36.0707 2148 XAudio - ok
16:29:36.0769 2148 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
16:29:36.0769 2148 XAudioService - ok
16:29:36.0800 2148 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
16:29:36.0878 2148 \Device\Harddisk0\DR0 - ok
16:29:36.0910 2148 Boot (0x1200) (fb0f8edb62d9a103d18f295412f4a97a) \Device\Harddisk0\DR0\Partition0
16:29:36.0925 2148 \Device\Harddisk0\DR0\Partition0 - ok
16:29:36.0925 2148 Boot (0x1200) (479e33c6512598c2cddb86c643ba1188) \Device\Harddisk0\DR0\Partition1
16:29:36.0925 2148 \Device\Harddisk0\DR0\Partition1 - ok
16:29:36.0925 2148 ============================================================
16:29:36.0925 2148 Scan finished
16:29:36.0925 2148 ============================================================
16:29:36.0956 3728 Detected object count: 0
16:29:36.0956 3728 Actual detected object count: 0

------------------------------------------------------------------------------------------------------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-10 16:31:14
-----------------------------
16:31:14.032 OS Version: Windows 6.0.6002 Service Pack 2
16:31:14.032 Number of processors: 2 586 0x6802
16:31:14.032 ComputerName: LT02 UserName: ma
16:31:33.891 Initialize success
16:31:34.500 AVAST engine defs: 12060901
16:32:18.710 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
16:32:18.710 Disk 0 Vendor: TOSHIBA_MK1637GSX DL032C Size: 152627MB BusType: 3
16:32:18.757 Disk 0 MBR read successfully
16:32:18.757 Disk 0 MBR scan
16:32:18.757 Disk 0 unknown MBR code
16:32:18.757 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 140411 MB offset 63
16:32:18.788 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12213 MB offset 287563500
16:32:18.788 Disk 0 scanning sectors +312576705
16:32:18.850 Disk 0 scanning C:\Windows\system32\drivers
16:32:28.975 Service scanning
16:32:58.864 Modules scanning
16:33:10.471 Disk 0 trace - called modules:
16:33:10.502 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
16:33:10.518 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8741a558]
16:33:10.518 3 CLASSPNP.SYS[89bae8b3] -> nt!IofCallDriver -> [0x86baf918]
16:33:10.518 5 acpi.sys[806096bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x86210b98]
16:33:11.298 AVAST engine scan C:\Windows
16:33:14.854 AVAST engine scan C:\Windows\system32
16:36:48.574 AVAST engine scan C:\Windows\system32\drivers
16:37:02.037 AVAST engine scan C:\Users\ma
16:37:31.443 Disk 0 MBR has been saved successfully to "C:\Users\ma\Downloads\MBR.dat"
16:37:31.443 The log file has been saved successfully to "C:\Users\ma\Downloads\aswMBR.txt"


ciao,
m.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:01 PM

Posted 10 June 2012 - 11:13 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

DDS::
uInternet Settings,ProxyOverride = local;<local>
uInternet Settings,ProxyServer = socks=127.0.0.1:9050

Firefox::
FF - ProfilePath - c:\users\ma\AppData\Roaming\Mozilla\Firefox\Profiles\k5z3y81o.default\
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 khormaloo

khormaloo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 10 June 2012 - 01:32 PM

hi
ComboFix 12-06-09.02 - ma 06/10/2012 22:35:59.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.889 [GMT 4.5:30]
Running from: c:\users\ma\Downloads\ComboFix.exe
Command switches used :: c:\users\ma\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-10 to 2012-06-10 )))))))))))))))))))))))))))))))
.
.
2012-06-10 18:20 . 2012-06-10 18:20 -------- d-----w- c:\users\TUV-NORD\AppData\Local\temp
2012-06-10 18:20 . 2012-06-10 18:20 -------- d-----w- c:\users\tarrahi\AppData\Local\temp
2012-06-10 18:20 . 2012-06-10 18:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-10 18:20 . 2012-06-10 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-10 18:20 . 2012-06-10 18:20 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-05 14:28 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{80AD1BD7-4417-46B2-A347-51A8E4E2271A}\mpengine.dll
2012-06-05 11:17 . 2012-06-05 11:17 388096 ----a-r- c:\users\ma\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-05 11:17 . 2012-06-05 11:17 -------- d-----w- c:\program files\Trend Micro
2012-05-19 21:44 . 2012-05-19 21:45 -------- d-----w- C:\povmodel
2012-05-19 19:55 . 2012-05-19 21:38 -------- d-----w- C:\EcPro
2012-05-19 18:58 . 1999-04-05 00:27 49424 ----a-w- c:\windows\system32\temp.011
2012-05-19 18:58 . 1999-04-04 22:51 24848 ----a-w- c:\windows\system32\temp.012
2012-05-19 18:57 . 2002-08-02 11:53 86016 ----a-w- c:\windows\system32\MPEigenPack.ocx
2012-05-19 18:57 . 2006-02-09 06:40 497496 ----a-w- c:\windows\system32\XceedZip.dll
2012-05-19 18:57 . 2001-03-13 10:23 326656 ----a-w- c:\windows\system32\temp.010
2012-05-19 18:57 . 2001-03-13 10:17 17920 ----a-w- c:\windows\system32\temp.00E
2012-05-19 18:57 . 2001-03-13 10:17 164112 ----a-w- c:\windows\system32\temp.00C
2012-05-19 18:57 . 2001-03-13 10:15 147728 ----a-w- c:\windows\system32\temp.00D
2012-05-19 18:57 . 2000-08-20 16:30 1388544 ----a-w- c:\windows\system32\temp.00F
2012-05-19 18:57 . 2001-03-13 10:17 598288 ----a-w- c:\windows\system32\temp.00B
2012-05-19 17:43 . 2012-05-19 17:43 -------- d-----w- c:\windows\system32\Resources
2012-05-19 17:43 . 1999-04-05 00:27 49424 ----a-w- c:\windows\system32\temp.009
2012-05-19 17:43 . 1999-04-04 22:51 24848 ----a-w- c:\windows\system32\temp.00A
2012-05-19 17:42 . 2003-10-20 07:59 614400 ----a-w- c:\windows\system32\Xav13.dll
2012-05-19 17:42 . 2003-06-18 04:23 307200 ----a-w- c:\windows\system32\c1sizer.ocx
2012-05-19 17:42 . 2012-05-19 17:45 -------- d-----w- c:\program files\Expert Choice 11
2012-05-19 10:19 . 2012-05-19 10:19 -------- d-----w- c:\users\ma\.spss
2012-05-19 10:07 . 2012-05-19 10:07 -------- d-----w- c:\program files\Common Files\SPSS
2012-05-19 10:06 . 2012-05-19 10:06 -------- d-----w- c:\program files\SPSSInc
2012-05-19 09:39 . 2012-05-19 09:40 -------- d-----w- C:\SPSS9TEMP
2012-05-15 08:39 . 2007-04-28 08:03 229888 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HP2014S.DLL
2012-05-14 08:24 . 2012-05-14 08:24 -------- d-----w- c:\programdata\SafeNet Sentinel
2012-05-14 08:23 . 2012-05-14 08:23 -------- d-----w- c:\programdata\SPSS
2012-05-14 08:19 . 2012-05-14 08:19 -------- d-----w- c:\program files\Common Files\IBM
2012-05-14 08:17 . 2012-05-14 08:17 1025 ----a-w- c:\windows\system32\sysprs7.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-21 01:19 . 2011-05-09 08:54 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2011-12-14 5407850]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 71653385
*NewlyCreated* - ASWMBR
*Deregistered* - 71653385
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 22:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 12:27]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 12:27]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
mStart Page = hxxp://www.yahoo.com/?ilc=8&fr=mkg029
IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer Pro\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer Pro\Add_AllO.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{1216BCA3-9F88-4F69-AE9A-7F8908964431}: NameServer = 192.168.0.100
FF - ProfilePath - c:\users\ma\AppData\Roaming\Mozilla\Firefox\Profiles\k5z3y81o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-10 22:50
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000055
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3276)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2012-06-10 22:54:46
ComboFix-quarantined-files.txt 2012-06-10 18:24
ComboFix2.txt 2012-06-09 22:27
ComboFix3.txt 2012-06-07 22:03
ComboFix4.txt 2011-03-05 08:45
ComboFix5.txt 2012-06-10 18:01
.
Pre-Run: 40,752,529,408 bytes free
Post-Run: 42,020,511,744 bytes free
.
- - End Of File - - 5D19A5023EEC464DA7BCD75EA7E523EB

i dont know, i have to check if something is still wrong or not!
i will let you know!
thanks,
m.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users