Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible bamital.df trojan virus


  • This topic is locked This topic is locked
15 replies to this topic

#1 mjcritchfield

mjcritchfield

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 13 March 2012 - 12:23 AM

Hey guys,

I'm helping to clean a friend's computer, and eset detected the bamital.df virus, which it quarantined. I ran malwarebyes and it didn't find anything, but I want to make sure my friend's computer is in the clear. I ran hijackthis, and this is what it spit out. Any help would be appreciated. Thanks!


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:22:27 PM, on 3/12/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
F:\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\National Consumer Panel\NCP Internet Transporter\HSTrans.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Katy\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Users\Katy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Katy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katy\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Standby] "c:\Program Files\Common Files\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Zune Launcher] "f:\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MegaPanel] "C:\Program Files\National Consumer Panel\NCP Internet Transporter\HSTrans.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Katy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1281898694-3759128898-3465565185-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LogMeInRemoteUser')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - (no file)
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - (no file)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 11646 bytes

Thanks!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:35 AM

Posted 13 March 2012 - 01:20 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mjcritchfield

mjcritchfield
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 14 March 2012 - 06:12 PM

Hey gringo,

heres the logs you requested:

DDS:.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Katy at 16:05:37 on 2012-03-14
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3453.1652 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
F:\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\National Consumer Panel\NCP Internet Transporter\HSTrans.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Users\Katy\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Katy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Katy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Users\Katy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Katy\Downloads\Defogger (1).exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
mURLSearchHooks: H - No File
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No File
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [AdobeBridge]
uRun: [Google Update] "c:\users\katy\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [<NO NAME>]
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Standby] "c:\program files\common files\corel\standby\Standby.exe" -START
mRun: [NPSStartup]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /install
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Zune Launcher] "f:\zune\ZuneLauncher.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MegaPanel] "c:\program files\national consumer panel\ncp internet transporter\HSTrans.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: google.com\mail
Trusted Zone: motive.com\patttbc.att
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2837AE06-3D58-444B-B2F0-ED85734A80F4} : DhcpNameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{8CF2EBE8-0A31-4A3D-BA94-E6F66FD1479A} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\katy\appdata\roaming\mozilla\firefox\profiles\0sik9r6i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?v=18&q=
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/|https://mail.google.com/mail/?shva=1#inbox
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4da2246e&i=23&tp=ab&nt=1&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff9.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\users\katy\appdata\roaming\mozilla\firefox\profiles\0sik9r6i.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\users\katy\appdata\roaming\mozilla\firefox\profiles\0sik9r6i.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.93\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\users\katy\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\users\katy\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\katy\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\katy\appdata\roaming\move networks\plugins\npqmp071504000001.dll
FF - plugin: c:\users\katy\appdata\roaming\move networks\plugins\npqmp071505000011.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-9-9 238952]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-1-31 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-3-12 47640]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2008-12-11 3575808]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-1-13 64080]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-9-9 36608]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\drivers\WMP54Gv41x86.sys [2009-7-14 286208]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-23 136176]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\smhwadb.sys [2011-10-23 25728]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-23 136176]
S3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys [2011-10-23 108416]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;f:\zune\WMZuneComm.exe [2010-11-11 268528]
.
=============== Created Last 30 ================
.
2012-03-13 21:56:38 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 21:56:35 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 21:56:35 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 21:56:35 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 21:56:34 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 21:56:34 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 19:02:36 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 19:02:36 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 04:57:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-03-13 04:57:03 97240 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2012-03-13 04:57:03 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2012-03-13 04:57:03 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-03-13 04:57:03 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-03-13 04:57:03 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-03-13 04:57:03 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-03-13 04:57:03 437208 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2012-03-13 04:57:03 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-03-13 04:57:03 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-03-13 04:57:03 1911768 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2012-03-13 04:57:03 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2012-03-13 04:43:12 -------- d-----w- c:\users\katy\appdata\roaming\Malwarebytes
2012-03-13 04:43:03 -------- d-----w- c:\programdata\Malwarebytes
2012-03-13 04:43:02 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-13 04:43:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-13 04:31:18 -------- d-----w- c:\program files\CCleaner
2012-03-12 23:54:24 -------- d-----w- c:\users\katy\appdata\local\LogMeIn
2012-03-12 23:54:19 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-03-12 23:54:19 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-03-12 23:54:18 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-03-12 23:54:17 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-03-12 23:54:12 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-03-12 23:54:05 -------- d-----w- c:\programdata\LogMeIn
2012-03-12 23:53:47 -------- d-----w- c:\program files\LogMeIn
2012-03-12 19:28:32 -------- d-----w- c:\program files\ESET
2012-02-16 02:30:22 680448 ----a-w- c:\windows\system32\msvcrt.dll
.
==================== Find3M ====================
.
2012-03-12 18:43:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-19 05:39:34 6950552 ----a-w- c:\users\katy\Silverlight.exe
.
============= FINISH: 16:06:18.54 ===============

ATTACH:
=======

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume3
Install Date: 6/30/2009 3:11:43 PM
System Uptime: 3/13/2012 8:22:27 PM (20 hours ago)
.
Motherboard: Dell Inc. | | 0DN075
Processor: Intel® Core™2 CPU 6300 @ 1.86GHz | Microprocessor | 1862/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 72 GiB total, 21.477 GiB free.
D: is FIXED (NTFS) - 2 GiB total, 1.408 GiB free.
E: is CDROM (CDFS)
F: is FIXED (NTFS) - 233 GiB total, 155.457 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
4500_G510gm_Help
4500G510gm
4500G510gm_Software_Min
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.0 - CPSID_83708
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Design Premium
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Download Manager
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11.6
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Amazon Kindle
Amazon MP3 Downloader 1.0.15
Amazon MP3 Uploader
Apple Application Support
Apple Software Update
AT&T Self Support Tool
AT&T Toolbar
ATT-HSI
AVG 2012
Bookworm Adventures Vol. 2
BufferChm
CCleaner
Connect
Contents
Corel VideoStudio Pro X3
Coupon Printer for Windows
Destinations
DeviceDiscovery
DeviceIO
DivX Setup
DocMgr
DocProc
Download Updater (AOL LLC)
DVDVideoSoftTB Toolbar
ESET Online Scanner v3
Facebook Plug-In
Fax
Feedback Tool
Garmin POI Loader
Garmin USB Drivers
Google Chrome
Google Earth
Google Update Helper
GPBaseService2
Hero Factory Screensaver Screensaver
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510g-m
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
ICA
Internet Transporter - NCP Link
IPM_VS_Pro
Java Auto Updater
Java™ 6 Update 31
kuler
LeapFrog Connect
LeapFrog Leapster2 Plugin
Linksys Wireless-G PCI Adapter Driver - WMP54Gv4.1
LogMeIn
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Media Player Codec Pack 3.9.6
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MLE
Mortimer Beckett™ and the Time Paradox
Move Media Player
Mozilla Firefox 10.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCP Internet Transporter
Network
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA Performance Drivers
OCR Software by I.R.I.S. 13.0
OGA Notifier 2.0.0048.0
PANTONE® color bridge™
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
Plants vs. Zombies
PopCap Browser Plugin
PureHD
QuickTime
SAMSUNG Android USB Modem Software
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
SAMSUNG Mobile Modem V2 Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Download Driver Software
SAMSUNG Mobile USB Driver
SAMSUNG Mobile USB Modem 1.0 Software
Samsung Mobile USB Modem Device Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
Samsung New PC Studio USB Driver Installer
SAMSUNG USB Mobile Device Software
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB979332)
Setup
Share
Shop for HP Supplies
SiteSpinner Pro V2
SmartSound Common Data
SmartSound Quicktracks 5
SmartWebPrinting
SolutionCenter
Spotify
Status
Suite Shared Configuration CS4
Supercow
swMSM
THE GAME OF LIFE™ by Hasbro
Toolbox
TrayApp
Trend Micro™ Titanium™
Uninstall 1.0.0.1
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
VC80CRTRedist - 8.0.50727.4053
VIO
VirtualCom driver
VSClassic
VSPro
WebReg
WIDCOMM Bluetooth Software 6.2.0.5800
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
Windows Mobile Device Updater Component
YouTube Downloader 3.5
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zynga Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/14/2012 1:35:34 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
3/13/2012 3:01:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
3/13/2012 3:01:46 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/13/2012 3:01:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/12/2012 12:30:04 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
3/12/2012 12:29:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
3/12/2012 12:29:44 PM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/12/2012 12:29:41 PM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/12/2012 11:53:23 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0023697654AE has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
3/12/2012 11:53:16 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address F0-A2-25-59-5C-F6. Network operations on this system may be disrupted as a result.
.
==== End Of File ===========================

2. Everything else looks good. Thanks!

max

======

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:35 AM

Posted 14 March 2012 - 06:23 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:35 AM

Posted 17 March 2012 - 12:46 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:35 AM

Posted 20 March 2012 - 12:16 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:35 AM

Posted 22 March 2012 - 11:33 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:35 AM

Posted 26 March 2012 - 12:07 PM

This topic has been re-opened at the request of the person who originally posted.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:35 AM

Posted 28 March 2012 - 11:20 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 mjcritchfield

mjcritchfield
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 30 March 2012 - 01:01 AM

Hey gringo,

Here's the log from combofix - thanks so much, and sorry for the delay!

======


ComboFix 12-03-30.01 - Katy 03/29/2012 22:17:20.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3453.2406 [GMT -7:00]
Running from: c:\users\Katy\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Katy\AppData\Local\Windows Server
c:\users\Katy\AppData\Local\Windows Server\config.data
c:\users\Katy\AppData\Local\Windows Server\flags.ini
c:\users\Katy\AppData\Local\Windows Server\thread.xml
c:\users\Katy\AppData\Local\Windows Server\uses32.dat
c:\users\Katy\AppData\Local\Windows Server\worker.info
c:\users\Katy\AppData\Roaming\Local
c:\users\Katy\AppData\Roaming\Local\Temp\DDM\Settings\dexter.s05e02.hdtv.xvid-fqm_ns.avi.ddr
c:\users\Katy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\dexter.s05e02.hdtv.xvid-fqm_ns.avi.ddp
c:\users\Katy\AppData\Roaming\Start
c:\users\Katy\AppData\Roaming\Start\temp_BB40E0B5\flash.10.0.32.18.ocx
c:\users\Katy\AppData\Roaming\Start\temp_BB40E0B5\ScreenCapture.mfx
c:\users\Katy\googleupdatesetup.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\service
c:\windows\system32\service\31072009_TIS17_SfFniAU.log
F:\autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2012-03-30 05:31 . 2012-03-30 05:46 -------- d-----w- c:\users\Katy\AppData\Local\temp
2012-03-30 05:31 . 2012-03-30 05:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-13 21:56 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 21:56 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 21:56 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 21:56 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 21:56 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 19:02 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 04:57 . 2012-02-16 14:40 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-03-13 04:57 . 2012-02-16 14:40 97240 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2012-03-13 04:57 . 2012-02-16 14:40 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2012-03-13 04:57 . 2012-02-16 14:40 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-03-13 04:57 . 2012-02-16 14:40 437208 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2012-03-13 04:57 . 2012-02-16 14:40 1911768 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2012-03-13 04:57 . 2012-02-16 14:40 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2012-03-13 04:57 . 2012-02-16 10:42 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-03-13 04:57 . 2012-02-16 10:42 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-03-13 04:57 . 2012-02-16 10:42 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-03-13 04:57 . 2012-02-16 10:42 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-03-13 04:57 . 2012-02-16 10:42 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-03-13 04:43 . 2012-03-13 04:43 -------- d-----w- c:\users\Katy\AppData\Roaming\Malwarebytes
2012-03-13 04:43 . 2012-03-13 04:43 -------- d-----w- c:\programdata\Malwarebytes
2012-03-13 04:43 . 2012-03-13 04:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-13 04:43 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-13 04:31 . 2012-03-13 04:31 -------- d-----w- c:\program files\CCleaner
2012-03-13 00:45 . 2012-03-13 00:45 -------- d-----w- c:\users\LogMeInRemoteUser
2012-03-12 23:54 . 2012-03-12 23:54 -------- d-----w- c:\users\Katy\AppData\Local\LogMeIn
2012-03-12 23:54 . 2012-02-01 04:30 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-03-12 23:54 . 2012-02-01 04:30 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-03-12 23:54 . 2012-02-01 04:30 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-03-12 23:54 . 2011-09-16 21:10 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-03-12 23:54 . 2012-02-01 04:30 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-03-12 23:54 . 2012-03-30 05:02 -------- d-----w- c:\programdata\LogMeIn
2012-03-12 23:53 . 2012-03-12 23:53 -------- d-----w- c:\program files\LogMeIn
2012-03-12 19:28 . 2012-03-12 19:28 -------- d-----w- c:\program files\ESET
2012-03-12 18:45 . 2012-03-12 18:45 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-12 18:43 . 2010-09-15 14:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-02 15:16 . 2012-03-13 21:56 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-01-19 05:39 . 2010-11-15 03:57 6950552 ----a-w- c:\users\Katy\Silverlight.exe
2012-01-09 15:54 . 2012-03-13 19:02 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-02-16 14:40 . 2012-03-13 04:57 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-06-14 02:10 2734688 ----a-w- c:\program files\Zynga\tbZyng.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-06-14 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-06-14 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-06-26 105632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-13 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-13 92704]
"nwiz"="nwiz.exe" [2009-05-07 1650688]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"Zune Launcher"="f:\zune\ZuneLauncher.exe" [2010-11-11 159472]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"MegaPanel"="c:\program files\National Consumer Panel\NCP Internet Transporter\HSTrans.exe" [2009-12-11 2113536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-10-14 776744]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-01-03 16:23 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-01-04 06:50 40376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2010-11-16 06:16 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 01:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2010-11-16 288112]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - FSUSBEXDISK
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-24 02:15]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-24 02:15]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1281898694-3759128898-3465565185-1000Core.job
- c:\users\Katy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-26 14:40]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1281898694-3759128898-3465565185-1000UA.job
- c:\users\Katy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-26 14:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.k12.com/
Trusted Zone: google.com\mail
Trusted Zone: motive.com\patttbc.att
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Katy\AppData\Roaming\Mozilla\Firefox\Profiles\0sik9r6i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?v=18&q=
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/|https://mail.google.com/mail/?shva=1#inbox
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4da2246e&i=23&tp=ab&nt=1&q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-NPSStartup - (no file)
HKLM-Run-Trend Micro Client Framework - c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-PskSvcRetail
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
MSConfigStartUp-NielsenOnline - c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-29 22:46
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,3d,b3,f1,1a,bc,45,49,81,65,74,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,3d,b3,f1,1a,bc,45,49,81,65,74,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\FsUsbExService.Exe
c:\program files\LogMeIn\x86\LMIGuardianSvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\AVG\AVG2012\AVGIDSAgent.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\LogonUI.exe
.
**************************************************************************
.
Completion time: 2012-03-29 22:56:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-30 05:56
.
Pre-Run: 20,321,267,712 bytes free
Post-Run: 19,476,697,088 bytes free
.
- - End Of File - - 5E8E5A32F0552B0C0B6C0D20429A6F09

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:35 AM

Posted 30 March 2012 - 01:04 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 mjcritchfield

mjcritchfield
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 30 March 2012 - 01:16 AM

Hey Gringo,

Here are the logs:

======
tdsskiller log:


23:08:25.0383 2348 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
23:08:25.0937 2348 ============================================================
23:08:25.0937 2348 Current date / time: 2012/03/29 23:08:25.0937
23:08:25.0937 2348 SystemInfo:
23:08:25.0938 2348
23:08:25.0938 2348 OS Version: 6.0.6002 ServicePack: 2.0
23:08:25.0938 2348 Product type: Workstation
23:08:25.0938 2348 ComputerName: KATY-PC
23:08:25.0938 2348 UserName: Katy
23:08:25.0938 2348 Windows directory: C:\Windows
23:08:25.0938 2348 System windows directory: C:\Windows
23:08:25.0938 2348 Processor architecture: Intel x86
23:08:25.0938 2348 Number of processors: 2
23:08:25.0938 2348 Page size: 0x1000
23:08:25.0938 2348 Boot type: Normal boot
23:08:25.0938 2348 ============================================================
23:08:27.0226 2348 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:08:27.0229 2348 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:08:27.0247 2348 \Device\Harddisk0\DR0:
23:08:27.0247 2348 MBR used
23:08:27.0247 2348 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x400000
23:08:27.0247 2348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x418000, BlocksNum 0x90EA000
23:08:27.0247 2348 \Device\Harddisk1\DR1:
23:08:27.0247 2348 MBR used
23:08:27.0248 2348 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
23:08:27.0313 2348 Initialize success
23:08:27.0313 2348 ============================================================
23:08:30.0107 4296 ============================================================
23:08:30.0107 4296 Scan started
23:08:30.0107 4296 Mode: Manual;
23:08:30.0108 4296 ============================================================
23:08:31.0569 4296 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
23:08:31.0573 4296 ACPI - ok
23:08:31.0680 4296 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys
23:08:31.0690 4296 adfs - ok
23:08:32.0026 4296 Adobe Version Cue CS4 (9444a3530c2e88b7ed96a566ff9ccc13) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
23:08:32.0032 4296 Adobe Version Cue CS4 - ok
23:08:32.0138 4296 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
23:08:32.0155 4296 adp94xx - ok
23:08:32.0178 4296 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
23:08:32.0194 4296 adpahci - ok
23:08:32.0216 4296 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
23:08:32.0219 4296 adpu160m - ok
23:08:32.0278 4296 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
23:08:32.0306 4296 adpu320 - ok
23:08:32.0400 4296 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
23:08:32.0401 4296 AeLookupSvc - ok
23:08:32.0652 4296 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
23:08:32.0658 4296 AFD - ok
23:08:32.0695 4296 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
23:08:32.0697 4296 agp440 - ok
23:08:32.0771 4296 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:08:32.0771 4296 aic78xx - ok
23:08:32.0803 4296 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
23:08:32.0805 4296 ALG - ok
23:08:32.0814 4296 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
23:08:32.0816 4296 aliide - ok
23:08:32.0847 4296 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
23:08:32.0849 4296 amdagp - ok
23:08:32.0901 4296 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
23:08:32.0903 4296 amdide - ok
23:08:32.0921 4296 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
23:08:32.0923 4296 AmdK7 - ok
23:08:32.0937 4296 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
23:08:32.0939 4296 AmdK8 - ok
23:08:33.0021 4296 androidusb (e94e2ea7faaa05c776a711edb198b9fd) C:\Windows\system32\Drivers\smhwadb.sys
23:08:33.0023 4296 androidusb - ok
23:08:33.0105 4296 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
23:08:33.0107 4296 Appinfo - ok
23:08:33.0191 4296 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
23:08:33.0193 4296 AppMgmt - ok
23:08:33.0267 4296 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
23:08:33.0270 4296 arc - ok
23:08:33.0294 4296 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
23:08:33.0299 4296 arcsas - ok
23:08:33.0334 4296 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:08:33.0336 4296 AsyncMac - ok
23:08:33.0511 4296 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
23:08:33.0511 4296 atapi - ok
23:08:33.0575 4296 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
23:08:33.0583 4296 AudioEndpointBuilder - ok
23:08:33.0590 4296 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
23:08:33.0594 4296 Audiosrv - ok
23:08:33.0891 4296 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
23:08:34.0022 4296 AVGIDSAgent - ok
23:08:34.0086 4296 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
23:08:34.0090 4296 AVGIDSDriver - ok
23:08:34.0158 4296 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
23:08:34.0160 4296 AVGIDSEH - ok
23:08:34.0225 4296 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
23:08:34.0226 4296 AVGIDSFilter - ok
23:08:34.0239 4296 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
23:08:34.0240 4296 AVGIDSShim - ok
23:08:34.0267 4296 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
23:08:34.0271 4296 Avgldx86 - ok
23:08:34.0334 4296 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
23:08:34.0336 4296 Avgmfx86 - ok
23:08:34.0379 4296 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
23:08:34.0382 4296 Avgrkx86 - ok
23:08:34.0439 4296 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
23:08:34.0453 4296 Avgtdix - ok
23:08:34.0513 4296 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
23:08:34.0515 4296 avgwd - ok
23:08:34.0695 4296 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
23:08:34.0698 4296 b57nd60x - ok
23:08:34.0778 4296 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:08:34.0780 4296 Beep - ok
23:08:34.0886 4296 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
23:08:34.0901 4296 BFE - ok
23:08:34.0999 4296 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
23:08:35.0007 4296 BITS - ok
23:08:35.0039 4296 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
23:08:35.0041 4296 blbdrive - ok
23:08:35.0095 4296 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
23:08:35.0097 4296 bowser - ok
23:08:35.0154 4296 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:08:35.0156 4296 BrFiltLo - ok
23:08:35.0172 4296 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:08:35.0174 4296 BrFiltUp - ok
23:08:35.0235 4296 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
23:08:35.0236 4296 Browser - ok
23:08:35.0277 4296 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:08:35.0280 4296 Brserid - ok
23:08:35.0308 4296 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:08:35.0310 4296 BrSerWdm - ok
23:08:35.0332 4296 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:08:35.0334 4296 BrUsbMdm - ok
23:08:35.0349 4296 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:08:35.0351 4296 BrUsbSer - ok
23:08:35.0411 4296 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:08:35.0448 4296 BTHMODEM - ok
23:08:35.0750 4296 btwdins (c832a3622a35ca7c595ea8ca385ba813) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
23:08:35.0755 4296 btwdins - ok
23:08:35.0857 4296 catchme - ok
23:08:36.0036 4296 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:08:36.0038 4296 cdfs - ok
23:08:36.0122 4296 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
23:08:36.0124 4296 cdrom - ok
23:08:36.0203 4296 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
23:08:36.0205 4296 CertPropSvc - ok
23:08:36.0241 4296 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
23:08:36.0243 4296 circlass - ok
23:08:36.0301 4296 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
23:08:36.0306 4296 CLFS - ok
23:08:36.0418 4296 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:08:36.0421 4296 clr_optimization_v2.0.50727_32 - ok
23:08:36.0440 4296 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
23:08:36.0442 4296 cmdide - ok
23:08:36.0461 4296 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
23:08:36.0462 4296 Compbatt - ok
23:08:36.0471 4296 COMSysApp - ok
23:08:36.0505 4296 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
23:08:36.0506 4296 crcdisk - ok
23:08:36.0540 4296 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
23:08:36.0542 4296 Crusoe - ok
23:08:36.0631 4296 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
23:08:36.0634 4296 CryptSvc - ok
23:08:36.0659 4296 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
23:08:36.0676 4296 CSC - ok
23:08:36.0754 4296 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
23:08:36.0771 4296 CscService - ok
23:08:36.0846 4296 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
23:08:36.0852 4296 DcomLaunch - ok
23:08:36.0918 4296 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
23:08:36.0921 4296 DfsC - ok
23:08:37.0099 4296 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
23:08:37.0122 4296 DFSR - ok
23:08:37.0217 4296 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
23:08:37.0222 4296 Dhcp - ok
23:08:37.0277 4296 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
23:08:37.0279 4296 disk - ok
23:08:37.0355 4296 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
23:08:37.0358 4296 Dnscache - ok
23:08:37.0425 4296 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
23:08:37.0429 4296 dot3svc - ok
23:08:37.0513 4296 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
23:08:37.0516 4296 Dot4 - ok
23:08:37.0575 4296 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:08:37.0577 4296 Dot4Print - ok
23:08:37.0643 4296 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
23:08:37.0644 4296 dot4usb - ok
23:08:37.0715 4296 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
23:08:37.0717 4296 DPS - ok
23:08:37.0788 4296 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:08:37.0789 4296 drmkaud - ok
23:08:37.0878 4296 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
23:08:37.0903 4296 DXGKrnl - ok
23:08:38.0026 4296 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:08:38.0029 4296 E1G60 - ok
23:08:38.0058 4296 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
23:08:38.0060 4296 EapHost - ok
23:08:38.0136 4296 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
23:08:38.0151 4296 Ecache - ok
23:08:38.0186 4296 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
23:08:38.0203 4296 elxstor - ok
23:08:38.0275 4296 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
23:08:38.0301 4296 EMDMgmt - ok
23:08:38.0341 4296 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
23:08:38.0342 4296 ErrDev - ok
23:08:38.0431 4296 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
23:08:38.0434 4296 EventSystem - ok
23:08:38.0500 4296 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
23:08:38.0504 4296 exfat - ok
23:08:38.0563 4296 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
23:08:38.0567 4296 fastfat - ok
23:08:38.0638 4296 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
23:08:38.0656 4296 Fax - ok
23:08:38.0704 4296 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
23:08:38.0706 4296 fdc - ok
23:08:38.0763 4296 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
23:08:38.0765 4296 fdPHost - ok
23:08:38.0882 4296 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
23:08:38.0884 4296 FDResPub - ok
23:08:38.0963 4296 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:08:38.0965 4296 FileInfo - ok
23:08:39.0008 4296 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:08:39.0010 4296 Filetrace - ok
23:08:39.0135 4296 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:08:39.0161 4296 FLEXnet Licensing Service - ok
23:08:39.0219 4296 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:08:39.0219 4296 flpydisk - ok
23:08:39.0267 4296 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
23:08:39.0267 4296 FltMgr - ok
23:08:39.0361 4296 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
23:08:39.0386 4296 FontCache - ok
23:08:39.0558 4296 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:08:39.0560 4296 FontCache3.0.0.0 - ok
23:08:39.0611 4296 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
23:08:39.0613 4296 FsUsbExDisk - ok
23:08:39.0658 4296 FsUsbExService (cac581252e3f65304dd1d448003fa34b) C:\Windows\system32\FsUsbExService.Exe
23:08:39.0663 4296 FsUsbExService - ok
23:08:39.0701 4296 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
23:08:39.0703 4296 Fs_Rec - ok
23:08:39.0844 4296 FTDIBUS (7c17235845d5ae3fb33ead47b5881521) C:\Windows\system32\drivers\ftdibus.sys
23:08:39.0846 4296 FTDIBUS - ok
23:08:39.0923 4296 FTSER2K (23220a4709cc5785f9633ba71416145c) C:\Windows\system32\drivers\ftser2k.sys
23:08:39.0926 4296 FTSER2K - ok
23:08:39.0980 4296 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
23:08:39.0983 4296 gagp30kx - ok
23:08:40.0081 4296 getPlusHelper (0879dc7444a201df84e69c5dd5083d61) C:\Program Files\NOS\bin\getPlus_Helper.dll
23:08:40.0084 4296 getPlusHelper - ok
23:08:40.0168 4296 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
23:08:40.0193 4296 gpsvc - ok
23:08:40.0349 4296 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:08:40.0350 4296 gupdate - ok
23:08:40.0354 4296 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:08:40.0356 4296 gupdatem - ok
23:08:40.0419 4296 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
23:08:40.0421 4296 hamachi - ok
23:08:40.0521 4296 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
23:08:40.0525 4296 HdAudAddService - ok
23:08:40.0600 4296 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:08:40.0623 4296 HDAudBus - ok
23:08:40.0668 4296 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:08:40.0670 4296 HidBth - ok
23:08:40.0942 4296 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
23:08:40.0975 4296 HidIr - ok
23:08:41.0045 4296 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
23:08:41.0047 4296 hidserv - ok
23:08:41.0078 4296 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
23:08:41.0079 4296 HidUsb - ok
23:08:41.0144 4296 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
23:08:41.0147 4296 hkmsvc - ok
23:08:41.0208 4296 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
23:08:41.0210 4296 HpCISSs - ok
23:08:41.0429 4296 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
23:08:41.0431 4296 hpqcxs08 - ok
23:08:41.0513 4296 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
23:08:41.0515 4296 hpqddsvc - ok
23:08:41.0598 4296 HPSLPSVC (568e44f6dcfa173f3670172b69379891) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
23:08:41.0615 4296 HPSLPSVC - ok
23:08:41.0686 4296 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
23:08:41.0703 4296 HTTP - ok
23:08:41.0735 4296 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
23:08:41.0737 4296 i2omp - ok
23:08:41.0798 4296 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:08:41.0800 4296 i8042prt - ok
23:08:41.0837 4296 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
23:08:41.0842 4296 iaStorV - ok
23:08:42.0086 4296 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:08:42.0112 4296 idsvc - ok
23:08:42.0231 4296 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:08:42.0233 4296 iirsp - ok
23:08:42.0303 4296 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
23:08:42.0320 4296 IKEEXT - ok
23:08:42.0355 4296 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
23:08:42.0357 4296 intelide - ok
23:08:42.0374 4296 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:08:42.0376 4296 intelppm - ok
23:08:42.0440 4296 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
23:08:42.0443 4296 IPBusEnum - ok
23:08:42.0471 4296 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:08:42.0473 4296 IpFilterDriver - ok
23:08:42.0547 4296 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
23:08:42.0552 4296 iphlpsvc - ok
23:08:42.0561 4296 IpInIp - ok
23:08:42.0595 4296 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
23:08:42.0597 4296 IPMIDRV - ok
23:08:42.0618 4296 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:08:42.0621 4296 IPNAT - ok
23:08:42.0650 4296 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:08:42.0651 4296 IRENUM - ok
23:08:42.0709 4296 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
23:08:42.0711 4296 isapnp - ok
23:08:42.0788 4296 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
23:08:42.0791 4296 iScsiPrt - ok
23:08:42.0877 4296 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:08:42.0879 4296 iteatapi - ok
23:08:42.0918 4296 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:08:42.0920 4296 iteraid - ok
23:08:42.0950 4296 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:08:42.0952 4296 kbdclass - ok
23:08:42.0985 4296 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
23:08:42.0987 4296 kbdhid - ok
23:08:43.0095 4296 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:08:43.0097 4296 KeyIso - ok
23:08:43.0167 4296 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
23:08:43.0184 4296 KSecDD - ok
23:08:43.0251 4296 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
23:08:43.0268 4296 KtmRm - ok
23:08:43.0330 4296 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
23:08:43.0335 4296 LanmanServer - ok
23:08:43.0379 4296 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
23:08:43.0387 4296 LanmanWorkstation - ok
23:08:43.0604 4296 LeapFrog Connect Device Service (549b88970b3cfd211a354a016edf766e) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
23:08:43.0637 4296 LeapFrog Connect Device Service - ok
23:08:43.0733 4296 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:08:43.0735 4296 lltdio - ok
23:08:43.0865 4296 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
23:08:43.0870 4296 lltdsvc - ok
23:08:43.0908 4296 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
23:08:43.0910 4296 lmhosts - ok
23:08:43.0983 4296 LMIGuardianSvc (2375e7e01635fbccde2f796a9e078e07) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
23:08:43.0986 4296 LMIGuardianSvc - ok
23:08:44.0023 4296 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
23:08:44.0024 4296 LMIInfo - ok
23:08:44.0036 4296 LMIMaint (b9c127273eaba403311854a8dcb6d0aa) C:\Program Files\LogMeIn\x86\RaMaint.exe
23:08:44.0038 4296 LMIMaint - ok
23:08:44.0164 4296 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
23:08:44.0166 4296 lmimirr - ok
23:08:44.0185 4296 LMIRfsClientNP - ok
23:08:44.0239 4296 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
23:08:44.0241 4296 LMIRfsDriver - ok
23:08:44.0276 4296 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
23:08:44.0279 4296 LogMeIn - ok
23:08:44.0316 4296 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
23:08:44.0319 4296 LSI_FC - ok
23:08:44.0353 4296 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
23:08:44.0356 4296 LSI_SAS - ok
23:08:44.0391 4296 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
23:08:44.0394 4296 LSI_SCSI - ok
23:08:44.0425 4296 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:08:44.0428 4296 luafv - ok
23:08:44.0550 4296 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files\Common Files\Motive\McciCMService.exe
23:08:44.0555 4296 McciCMService - ok
23:08:44.0681 4296 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
23:08:44.0683 4296 megasas - ok
23:08:44.0725 4296 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
23:08:44.0741 4296 MegaSR - ok
23:08:44.0864 4296 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
23:08:44.0867 4296 Microsoft Office Groove Audit Service - ok
23:08:44.0937 4296 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
23:08:44.0939 4296 MMCSS - ok
23:08:44.0971 4296 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:08:44.0973 4296 Modem - ok
23:08:45.0002 4296 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:08:45.0003 4296 monitor - ok
23:08:45.0021 4296 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:08:45.0023 4296 mouclass - ok
23:08:45.0129 4296 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:08:45.0131 4296 mouhid - ok
23:08:45.0147 4296 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:08:45.0149 4296 MountMgr - ok
23:08:45.0193 4296 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
23:08:45.0196 4296 mpio - ok
23:08:45.0228 4296 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:08:45.0230 4296 mpsdrv - ok
23:08:45.0305 4296 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
23:08:45.0322 4296 MpsSvc - ok
23:08:45.0349 4296 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:08:45.0351 4296 Mraid35x - ok
23:08:45.0495 4296 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
23:08:45.0497 4296 MREMP50 - ok
23:08:45.0501 4296 MREMPR5 - ok
23:08:45.0508 4296 MRENDIS5 - ok
23:08:45.0567 4296 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
23:08:45.0567 4296 MRESP50 - ok
23:08:45.0670 4296 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
23:08:45.0673 4296 MRxDAV - ok
23:08:45.0756 4296 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:08:45.0759 4296 mrxsmb - ok
23:08:45.0820 4296 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:08:45.0824 4296 mrxsmb10 - ok
23:08:45.0851 4296 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:08:45.0853 4296 mrxsmb20 - ok
23:08:45.0934 4296 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
23:08:45.0936 4296 msahci - ok
23:08:45.0992 4296 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
23:08:46.0023 4296 msdsm - ok
23:08:46.0085 4296 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
23:08:46.0089 4296 MSDTC - ok
23:08:46.0151 4296 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:08:46.0152 4296 Msfs - ok
23:08:46.0225 4296 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:08:46.0227 4296 msisadrv - ok
23:08:46.0281 4296 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
23:08:46.0285 4296 MSiSCSI - ok
23:08:46.0294 4296 msiserver - ok
23:08:46.0319 4296 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:08:46.0321 4296 MSKSSRV - ok
23:08:46.0365 4296 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:08:46.0366 4296 MSPCLOCK - ok
23:08:46.0405 4296 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:08:46.0406 4296 MSPQM - ok
23:08:46.0467 4296 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
23:08:46.0471 4296 MsRPC - ok
23:08:46.0493 4296 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:08:46.0494 4296 mssmbios - ok
23:08:46.0543 4296 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:08:46.0545 4296 MSTEE - ok
23:08:46.0635 4296 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
23:08:46.0635 4296 Mup - ok
23:08:46.0684 4296 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
23:08:46.0701 4296 napagent - ok
23:08:46.0840 4296 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
23:08:46.0843 4296 NativeWifiP - ok
23:08:46.0932 4296 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
23:08:46.0936 4296 NDIS - ok
23:08:46.0975 4296 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:08:46.0977 4296 NdisTapi - ok
23:08:47.0033 4296 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:08:47.0034 4296 Ndisuio - ok
23:08:47.0099 4296 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:08:47.0102 4296 NdisWan - ok
23:08:47.0162 4296 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:08:47.0164 4296 NDProxy - ok
23:08:47.0313 4296 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll
23:08:47.0315 4296 Net Driver HPZ12 - ok
23:08:47.0377 4296 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:08:47.0379 4296 NetBIOS - ok
23:08:47.0445 4296 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
23:08:47.0449 4296 netbt - ok
23:08:47.0513 4296 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:08:47.0515 4296 Netlogon - ok
23:08:47.0576 4296 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
23:08:47.0580 4296 Netman - ok
23:08:47.0600 4296 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
23:08:47.0607 4296 netprofm - ok
23:08:47.0772 4296 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:08:47.0775 4296 NetTcpPortSharing - ok
23:08:47.0809 4296 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:08:47.0811 4296 nfrd960 - ok
23:08:47.0842 4296 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
23:08:47.0845 4296 NlaSvc - ok
23:08:47.0979 4296 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
23:08:47.0981 4296 Npfs - ok
23:08:48.0062 4296 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
23:08:48.0065 4296 nsi - ok
23:08:48.0082 4296 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:08:48.0084 4296 nsiproxy - ok
23:08:48.0178 4296 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
23:08:48.0213 4296 Ntfs - ok
23:08:48.0242 4296 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:08:48.0243 4296 ntrigdigi - ok
23:08:48.0274 4296 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:08:48.0276 4296 Null - ok
23:08:48.0497 4296 NVIDIA Performance Driver Service (e00696d78af663c523d3483410c66f21) C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
23:08:48.0583 4296 NVIDIA Performance Driver Service - ok
23:08:48.0908 4296 nvlddmkm (6e7d37bc913a8614de9a8d05ccac22a1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:08:49.0115 4296 nvlddmkm - ok
23:08:49.0144 4296 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
23:08:49.0147 4296 nvraid - ok
23:08:49.0177 4296 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
23:08:49.0180 4296 nvstor - ok
23:08:49.0213 4296 nvsvc (c8333178d6a92a001eba6d4abc5e60c9) C:\Windows\system32\nvvsvc.exe
23:08:49.0217 4296 nvsvc - ok
23:08:49.0253 4296 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
23:08:49.0256 4296 nv_agp - ok
23:08:49.0313 4296 NwlnkFlt - ok
23:08:49.0324 4296 NwlnkFwd - ok
23:08:49.0454 4296 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:08:49.0471 4296 odserv - ok
23:08:49.0523 4296 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
23:08:49.0534 4296 ohci1394 - ok
23:08:49.0581 4296 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:08:49.0585 4296 ose - ok
23:08:49.0678 4296 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:08:49.0704 4296 p2pimsvc - ok
23:08:49.0767 4296 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:08:49.0774 4296 p2psvc - ok
23:08:49.0885 4296 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
23:08:49.0885 4296 Parport - ok
23:08:49.0994 4296 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
23:08:49.0996 4296 partmgr - ok
23:08:50.0009 4296 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
23:08:50.0011 4296 Parvdm - ok
23:08:50.0068 4296 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
23:08:50.0072 4296 PcaSvc - ok
23:08:50.0137 4296 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
23:08:50.0142 4296 pci - ok
23:08:50.0200 4296 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
23:08:50.0202 4296 pciide - ok
23:08:50.0229 4296 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
23:08:50.0233 4296 pcmcia - ok
23:08:50.0350 4296 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:08:50.0375 4296 PEAUTH - ok
23:08:50.0457 4296 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
23:08:50.0499 4296 pla - ok
23:08:50.0573 4296 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
23:08:50.0599 4296 PlugPlay - ok
23:08:50.0679 4296 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll
23:08:50.0682 4296 Pml Driver HPZ12 - ok
23:08:50.0760 4296 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:08:50.0767 4296 PNRPAutoReg - ok
23:08:50.0802 4296 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:08:50.0808 4296 PNRPsvc - ok
23:08:50.0968 4296 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
23:08:50.0984 4296 PolicyAgent - ok
23:08:51.0135 4296 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:08:51.0137 4296 PptpMiniport - ok
23:08:51.0191 4296 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
23:08:51.0193 4296 Processor - ok
23:08:51.0252 4296 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
23:08:51.0257 4296 ProfSvc - ok
23:08:51.0374 4296 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:08:51.0376 4296 ProtectedStorage - ok
23:08:51.0439 4296 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
23:08:51.0440 4296 PSched - ok
23:08:51.0582 4296 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
23:08:51.0585 4296 PSI_SVC_2 - ok
23:08:51.0659 4296 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
23:08:51.0759 4296 ql2300 - ok
23:08:51.0840 4296 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:08:51.0843 4296 ql40xx - ok
23:08:51.0930 4296 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
23:08:51.0955 4296 QWAVE - ok
23:08:52.0099 4296 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:08:52.0099 4296 QWAVEdrv - ok
23:08:52.0163 4296 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:08:52.0165 4296 RasAcd - ok
23:08:52.0199 4296 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
23:08:52.0203 4296 RasAuto - ok
23:08:52.0217 4296 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:08:52.0219 4296 Rasl2tp - ok
23:08:52.0321 4296 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
23:08:52.0328 4296 RasMan - ok
23:08:52.0398 4296 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
23:08:52.0399 4296 RasPppoe - ok
23:08:52.0476 4296 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
23:08:52.0488 4296 RasSstp - ok
23:08:52.0573 4296 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
23:08:52.0578 4296 rdbss - ok
23:08:52.0626 4296 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:08:52.0627 4296 RDPCDD - ok
23:08:52.0741 4296 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
23:08:52.0747 4296 rdpdr - ok
23:08:53.0002 4296 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:08:53.0004 4296 RDPENCDD - ok
23:08:53.0151 4296 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
23:08:53.0151 4296 RDPWD - ok
23:08:53.0221 4296 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
23:08:53.0224 4296 RemoteAccess - ok
23:08:53.0291 4296 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
23:08:53.0294 4296 RemoteRegistry - ok
23:08:53.0370 4296 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
23:08:53.0372 4296 RimUsb - ok
23:08:53.0447 4296 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
23:08:53.0449 4296 RpcLocator - ok
23:08:53.0586 4296 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
23:08:53.0593 4296 RpcSs - ok
23:08:53.0727 4296 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:08:53.0757 4296 rspndr - ok
23:08:54.0219 4296 rt61x86 (6de7a483204ca5a57b672dcb25716361) C:\Windows\system32\DRIVERS\WMP54Gv41x86.sys
23:08:54.0219 4296 rt61x86 - ok
23:08:54.0394 4296 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:08:54.0396 4296 SamSs - ok
23:08:54.0636 4296 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:08:54.0639 4296 sbp2port - ok
23:08:54.0978 4296 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
23:08:54.0982 4296 SCardSvr - ok
23:08:55.0180 4296 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
23:08:55.0187 4296 Schedule - ok
23:08:55.0366 4296 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
23:08:55.0367 4296 SCPolicySvc - ok
23:08:55.0540 4296 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
23:08:55.0544 4296 SDRSVC - ok
23:08:55.0854 4296 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:08:55.0858 4296 secdrv - ok
23:08:56.0123 4296 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
23:08:56.0126 4296 seclogon - ok
23:08:56.0151 4296 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
23:08:56.0154 4296 SENS - ok
23:08:56.0270 4296 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
23:08:56.0272 4296 Serenum - ok
23:08:56.0349 4296 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
23:08:56.0351 4296 Serial - ok
23:08:56.0504 4296 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\DRIVERS\sermouse.sys
23:08:56.0506 4296 sermouse - ok
23:08:56.0588 4296 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
23:08:56.0591 4296 SessionEnv - ok
23:08:56.0627 4296 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
23:08:56.0629 4296 sffdisk - ok
23:08:56.0674 4296 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
23:08:56.0676 4296 sffp_mmc - ok
23:08:56.0717 4296 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
23:08:56.0785 4296 sffp_sd - ok
23:08:57.0023 4296 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:08:57.0025 4296 sfloppy - ok
23:08:57.0118 4296 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
23:08:57.0143 4296 SharedAccess - ok
23:08:57.0322 4296 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
23:08:57.0326 4296 ShellHWDetection - ok
23:08:57.0468 4296 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
23:08:57.0468 4296 sisagp - ok
23:08:57.0567 4296 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
23:08:57.0569 4296 SiSRaid2 - ok
23:08:57.0612 4296 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
23:08:57.0614 4296 SiSRaid4 - ok
23:08:57.0853 4296 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
23:08:57.0951 4296 slsvc - ok
23:08:58.0147 4296 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
23:08:58.0151 4296 SLUINotify - ok
23:08:58.0278 4296 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
23:08:58.0287 4296 Smb - ok
23:08:58.0493 4296 smhwser (7838a9d808266e1e952eacba599c136f) C:\Windows\system32\DRIVERS\smhwser.sys
23:08:58.0496 4296 smhwser - ok
23:08:58.0690 4296 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
23:08:58.0693 4296 SNMPTRAP - ok
23:08:58.0834 4296 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:08:58.0846 4296 spldr - ok
23:08:58.0990 4296 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
23:08:58.0993 4296 Spooler - ok
23:08:59.0220 4296 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
23:08:59.0235 4296 srv - ok
23:08:59.0465 4296 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
23:08:59.0469 4296 srv2 - ok
23:08:59.0729 4296 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
23:08:59.0733 4296 srvnet - ok
23:08:59.0999 4296 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\Windows\system32\DRIVERS\sscdbus.sys
23:09:00.0002 4296 sscdbus - ok
23:09:00.0260 4296 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\Windows\system32\DRIVERS\sscdmdfl.sys
23:09:00.0276 4296 sscdmdfl - ok
23:09:00.0331 4296 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\Windows\system32\DRIVERS\sscdmdm.sys
23:09:00.0334 4296 sscdmdm - ok
23:09:00.0588 4296 sscdserd (9fa66e361a99f8920c7609bae6814a0e) C:\Windows\system32\DRIVERS\sscdserd.sys
23:09:00.0591 4296 sscdserd - ok
23:09:00.0684 4296 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
23:09:00.0687 4296 SSDPSRV - ok
23:09:00.0879 4296 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
23:09:00.0884 4296 SstpSvc - ok
23:09:01.0070 4296 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
23:09:01.0076 4296 stisvc - ok
23:09:01.0313 4296 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:09:01.0314 4296 swenum - ok
23:09:01.0483 4296 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
23:09:01.0500 4296 swprv - ok
23:09:01.0749 4296 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:09:01.0749 4296 Symc8xx - ok
23:09:01.0960 4296 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:09:01.0962 4296 Sym_hi - ok
23:09:02.0153 4296 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:09:02.0155 4296 Sym_u3 - ok
23:09:02.0341 4296 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
23:09:02.0367 4296 SysMain - ok
23:09:02.0547 4296 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
23:09:02.0551 4296 TabletInputService - ok
23:09:02.0725 4296 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
23:09:02.0730 4296 TapiSrv - ok
23:09:02.0941 4296 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
23:09:02.0944 4296 TBS - ok
23:09:03.0209 4296 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
23:09:03.0216 4296 Tcpip - ok
23:09:03.0467 4296 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
23:09:03.0474 4296 Tcpip6 - ok
23:09:03.0691 4296 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
23:09:03.0693 4296 tcpipreg - ok
23:09:03.0950 4296 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:09:03.0952 4296 TDPIPE - ok
23:09:04.0173 4296 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:09:04.0192 4296 TDTCP - ok
23:09:04.0373 4296 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
23:09:04.0376 4296 tdx - ok
23:09:04.0621 4296 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
23:09:04.0623 4296 TermDD - ok
23:09:04.0807 4296 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
23:09:04.0813 4296 TermService - ok
23:09:05.0014 4296 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
23:09:05.0014 4296 Themes - ok
23:09:05.0172 4296 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
23:09:05.0174 4296 THREADORDER - ok
23:09:05.0401 4296 tmactmon (de87a23d2ddc7378d1c7ab681e20de47) C:\Windows\system32\DRIVERS\tmactmon.sys
23:09:05.0404 4296 tmactmon - ok
23:09:05.0604 4296 tmcomm (540c2b5dc47651c572c2804dc72fdda8) C:\Windows\system32\DRIVERS\tmcomm.sys
23:09:05.0609 4296 tmcomm - ok
23:09:05.0854 4296 tmevtmgr (2de1fa64ebaff376f2c038f64492f62c) C:\Windows\system32\DRIVERS\tmevtmgr.sys
23:09:05.0856 4296 tmevtmgr - ok
23:09:06.0050 4296 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
23:09:06.0050 4296 TrkWks - ok
23:09:06.0191 4296 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
23:09:06.0192 4296 TrustedInstaller - ok
23:09:06.0395 4296 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:09:06.0397 4296 tssecsrv - ok
23:09:06.0628 4296 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:09:06.0629 4296 tunmp - ok
23:09:06.0876 4296 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
23:09:06.0878 4296 tunnel - ok
23:09:07.0134 4296 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
23:09:07.0134 4296 uagp35 - ok
23:09:07.0353 4296 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
23:09:07.0358 4296 udfs - ok
23:09:07.0552 4296 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
23:09:07.0555 4296 UI0Detect - ok
23:09:07.0779 4296 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
23:09:07.0781 4296 uliagpkx - ok
23:09:07.0919 4296 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
23:09:07.0924 4296 uliahci - ok
23:09:08.0080 4296 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:09:08.0083 4296 UlSata - ok
23:09:08.0311 4296 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:09:08.0315 4296 ulsata2 - ok
23:09:08.0433 4296 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:09:08.0435 4296 umbus - ok
23:09:08.0514 4296 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
23:09:08.0531 4296 UmRdpService - ok
23:09:08.0726 4296 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
23:09:08.0730 4296 upnphost - ok
23:09:08.0881 4296 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:09:08.0883 4296 usbccgp - ok
23:09:09.0185 4296 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:09:09.0188 4296 usbcir - ok
23:09:09.0334 4296 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
23:09:09.0336 4296 usbehci - ok
23:09:09.0453 4296 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
23:09:09.0457 4296 usbhub - ok
23:09:09.0694 4296 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
23:09:09.0696 4296 usbohci - ok
23:09:09.0780 4296 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
23:09:09.0782 4296 usbprint - ok
23:09:10.0031 4296 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
23:09:10.0033 4296 usbscan - ok
23:09:10.0076 4296 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:09:10.0078 4296 USBSTOR - ok
23:09:10.0335 4296 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
23:09:10.0335 4296 usbuhci - ok
23:09:10.0398 4296 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
23:09:10.0398 4296 UxSms - ok
23:09:10.0571 4296 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
23:09:10.0588 4296 vds - ok
23:09:10.0841 4296 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
23:09:10.0844 4296 vga - ok
23:09:11.0107 4296 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:09:11.0120 4296 VgaSave - ok
23:09:11.0268 4296 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
23:09:11.0270 4296 viaagp - ok
23:09:11.0418 4296 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
23:09:11.0418 4296 ViaC7 - ok
23:09:11.0545 4296 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
23:09:11.0547 4296 viaide - ok
23:09:11.0689 4296 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:09:11.0691 4296 volmgr - ok
23:09:11.0927 4296 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
23:09:11.0978 4296 volmgrx - ok
23:09:12.0329 4296 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
23:09:12.0333 4296 volsnap - ok
23:09:12.0581 4296 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
23:09:12.0584 4296 vsmraid - ok
23:09:12.0784 4296 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
23:09:12.0819 4296 VSS - ok
23:09:13.0087 4296 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
23:09:13.0092 4296 W32Time - ok
23:09:13.0321 4296 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:09:13.0323 4296 WacomPen - ok
23:09:13.0362 4296 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:09:13.0364 4296 Wanarp - ok
23:09:13.0370 4296 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:09:13.0371 4296 Wanarpv6 - ok
23:09:13.0583 4296 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
23:09:13.0613 4296 wbengine - ok
23:09:13.0809 4296 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
23:09:13.0826 4296 wcncsvc - ok
23:09:13.0953 4296 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
23:09:13.0957 4296 WcsPlugInService - ok
23:09:14.0170 4296 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
23:09:14.0172 4296 Wd - ok
23:09:14.0234 4296 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:09:14.0252 4296 Wdf01000 - ok
23:09:14.0459 4296 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
23:09:14.0463 4296 WdiServiceHost - ok
23:09:14.0468 4296 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
23:09:14.0471 4296 WdiSystemHost - ok
23:09:14.0584 4296 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
23:09:14.0590 4296 WebClient - ok
23:09:14.0667 4296 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
23:09:14.0667 4296 Wecsvc - ok
23:09:14.0729 4296 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
23:09:14.0729 4296 wercplsupport - ok
23:09:14.0839 4296 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
23:09:14.0843 4296 WerSvc - ok
23:09:15.0029 4296 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
23:09:15.0044 4296 WinDefend - ok
23:09:15.0050 4296 WinHttpAutoProxySvc - ok
23:09:15.0177 4296 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
23:09:15.0181 4296 Winmgmt - ok
23:09:15.0342 4296 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
23:09:15.0368 4296 WinRM - ok
23:09:15.0485 4296 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
23:09:15.0487 4296 WinUSB - ok
23:09:15.0616 4296 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
23:09:15.0633 4296 Wlansvc - ok
23:09:15.0698 4296 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
23:09:15.0700 4296 WmiAcpi - ok
23:09:15.0879 4296 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
23:09:15.0883 4296 wmiApSrv - ok
23:09:16.0057 4296 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:09:16.0083 4296 WMPNetworkSvc - ok
23:09:16.0165 4296 WMZuneComm (a3ba4712ebf768edfbccec09fa120b6f) f:\Zune\WMZuneComm.exe
23:09:16.0177 4296 WMZuneComm - ok
23:09:16.0310 4296 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
23:09:16.0314 4296 WPDBusEnum - ok
23:09:16.0445 4296 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
23:09:16.0447 4296 WpdUsb - ok
23:09:16.0511 4296 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:09:16.0512 4296 ws2ifsl - ok
23:09:16.0598 4296 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
23:09:16.0601 4296 wscsvc - ok
23:09:16.0611 4296 WSearch - ok
23:09:16.0718 4296 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
23:09:16.0801 4296 wuauserv - ok
23:09:16.0867 4296 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
23:09:16.0870 4296 WudfPf - ok
23:09:17.0016 4296 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:09:17.0019 4296 WUDFRd - ok
23:09:17.0085 4296 wudfsvc (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll
23:09:17.0089 4296 wudfsvc - ok
23:09:17.0389 4296 ZuneNetworkSvc (5bdcacd5b2b0fb972bc570e70f616acf) f:\Zune\ZuneNss.exe
23:09:17.0629 4296 ZuneNetworkSvc - ok
23:09:17.0708 4296 ZuneWlanCfgSvc (e22e48654a66aa3e24f4646c6bc1756c) f:\Zune\ZuneWlanCfgSvc.exe
23:09:17.0734 4296 ZuneWlanCfgSvc - ok
23:09:17.0774 4296 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:09:17.0880 4296 \Device\Harddisk0\DR0 - ok
23:09:17.0896 4296 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk1\DR1
23:09:18.0717 4296 \Device\Harddisk1\DR1 - ok
23:09:18.0741 4296 Boot (0x1200) (867c17efc8ddf51b333f7fdf1733741a) \Device\Harddisk0\DR0\Partition0
23:09:18.0743 4296 \Device\Harddisk0\DR0\Partition0 - ok
23:09:18.0747 4296 Boot (0x1200) (c57552553bfec0fcaffcad3775db1ce5) \Device\Harddisk0\DR0\Partition1
23:09:18.0750 4296 \Device\Harddisk0\DR0\Partition1 - ok
23:09:18.0780 4296 Boot (0x1200) (55f986f551066048cd87a2d3bac0cd0c) \Device\Harddisk1\DR1\Partition0
23:09:18.0782 4296 \Device\Harddisk1\DR1\Partition0 - ok
23:09:18.0782 4296 ============================================================
23:09:18.0782 4296 Scan finished
23:09:18.0782 4296 ============================================================
23:09:18.0794 4492 Detected object count: 0
23:09:18.0794 4492 Actual detected object count: 0

======
aswmbr log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-29 23:12:19
-----------------------------
23:12:19.728 OS Version: Windows 6.0.6002 Service Pack 2
23:12:19.728 Number of processors: 2 586 0xF02
23:12:19.729 ComputerName: KATY-PC UserName: Katy
23:12:20.573 Initialize success
23:13:50.241 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
23:13:50.245 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
23:13:50.259 Disk 0 MBR read successfully
23:13:50.261 Disk 0 MBR scan
23:13:50.263 Disk 0 Windows VISTA default MBR code
23:13:50.266 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
23:13:50.276 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 2048 MB offset 98304
23:13:50.286 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 74196 MB offset 4292608
23:13:50.290 Disk 0 scanning sectors +156246016
23:13:50.376 Disk 0 scanning C:\Windows\system32\drivers
23:14:00.791 Service scanning
23:14:26.672 Modules scanning
23:14:36.040 Disk 0 trace - called modules:
23:14:36.062 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
23:14:36.068 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85dc58f8]
23:14:36.076 3 CLASSPNP.SYS[8b3a58b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x84c2b8a0]
23:14:36.084 Scan finished successfully
23:15:28.249 Disk 0 MBR has been saved successfully to "C:\Users\Katy\Desktop\MBR.dat"
23:15:28.257 The log file has been saved successfully to "C:\Users\Katy\Desktop\aswMBR.txt"


Thanks!

max

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:35 AM

Posted 30 March 2012 - 01:57 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\program files\Zynga

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:35 AM

Posted 04 April 2012 - 01:22 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:35 AM

Posted 07 April 2012 - 02:49 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users