Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Codec c malware


  • This topic is locked This topic is locked
26 replies to this topic

#1 sfaccountant

sfaccountant

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 24 March 2012 - 08:55 AM

Hi,

My problem is the same as this post. http://www.bleepingcomputer.com/forums/topic447403.html

I downloaded premiumplay codec c trying to view a video but it turns out it was not the smart thing to do. I see codec c in my control panel programs list but uninstalling it does nothing. From my start menu my programs list has got nothing in it. No matter what antivirus, anti malware anti spyware i use to fish out viruses they all come clean. how should i remove this ?

thanks

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19190 BrowserJavaVersion: 1.6.0_29
Run by Shazu at 18:26:33 on 2012-03-24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2941.1000 [GMT -4:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxebserv.exe
C:\Windows\system32\lxebcoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\TRCMan\TRCMan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar =
uSearch Page =
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant =
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\YTNavAssist.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Google Update] "c:\users\shazu\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [TRCMan] c:\program files\toshiba\trcman\TRCMan.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Skytel] Skytel.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|12.0"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: friendster.com\www
Trusted Zone: google.com\www
Trusted Zone: intuit.com\community
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{62B49ED9-8B04-47E1-BD08-38273797A039} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\shazu\appdata\roaming\mozilla\firefox\profiles\06va4qdv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.searchonme.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B53d73553-1c9b-446a-afb0-bb753ec6d91d%7D&mid=5a457974a58947d09e50d15775a9eab1-d9b2a3374cab2deced1e8ae2f778e25a1fa30c04&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2012-03-21%2014%3A19%3A00&sap=ku&q=
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.1.3\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\users\shazu\appdata\roaming\mozilla\firefox\profiles\06va4qdv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\shazu\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\users\shazu\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\users\shazu\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\shazu\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2011-8-4 50624]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-8-4 118104]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2011-8-4 33656]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-6-10 20352]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKslcb2a5bea;MpKslcb2a5bea;c:\programdata\microsoft\microsoft antimalware\definition updates\{71bbf188-5b9c-4b75-8c14-e9f393e09e3b}\MpKslcb2a5bea.sys [2012-3-24 29904]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2011-8-9 163424]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-9-22 974944]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-7-15 47640]
R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
R2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxebserv.exe [2010-4-25 193192]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2009-9-19 45312]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-7-6 2002728]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-3-21 106104]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-13 7168]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-8-22 27632]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
RUnknown SymIRON;SymIRON; [x]
RUnknown SYMTDIv;SYMTDIv; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca3d6523682720;Google Update Service (gupdate1ca3d6523682720);c:\program files\google\update\GoogleUpdate.exe [2009-9-24 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-15 158856]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-9-29 29472]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-3 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-12-10 13224]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-13 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-24 133104]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-6-10 937984]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-13 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-13 40552]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-4-25 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-4-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-4-25 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-4-25 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-4-25 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-4-25 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-4-25 117544]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2012-3-18 155320]
S3 SUSCOM;Susteen Serial port driver;c:\windows\system32\drivers\SUSCOM.SYS [2002-10-22 40448]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-03-24 14:56:45 -------- d-----w- c:\users\shazu\appdata\local\{84A7C267-5A30-4FE3-9382-001CB332FCA1}
2012-03-24 13:17:55 -------- d-----w- c:\users\shazu\appdata\roaming\ESET
2012-03-24 13:17:55 -------- d-----w- c:\users\shazu\appdata\local\ESET
2012-03-24 13:01:12 -------- d-----w- c:\program files\ESET
2012-03-24 06:37:57 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{71bbf188-5b9c-4b75-8c14-e9f393e09e3b}\MpKslcb2a5bea.sys
2012-03-24 05:39:51 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{71bbf188-5b9c-4b75-8c14-e9f393e09e3b}\offreg.dll
2012-03-24 02:56:21 -------- d-----w- c:\users\shazu\appdata\local\{5C8C847E-1427-4FA7-834B-B16C456BC7F8}
2012-03-24 02:56:18 -------- d-----w- c:\users\shazu\appdata\local\{2BAB4EEE-38B1-43F8-8364-C136A07E47A3}
2012-03-24 00:07:01 -------- dc----w- C:\sh4ldr
2012-03-24 00:07:01 -------- d-----w- c:\program files\Enigma Software Group
2012-03-24 00:05:08 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-03-24 00:05:01 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-03-23 15:18:52 -------- d-----w- c:\program files\MSECache
2012-03-23 14:55:41 -------- d-----w- c:\users\shazu\appdata\local\{F7868301-145E-44C5-BEB7-B61E6FA562D1}
2012-03-23 14:55:28 -------- d-----w- c:\users\shazu\appdata\local\{27DEF9B9-1619-44B0-839E-286737F6A2DD}
2012-03-23 14:01:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-23 14:01:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-23 05:22:00 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-03-23 05:21:13 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{71bbf188-5b9c-4b75-8c14-e9f393e09e3b}\mpengine.dll
2012-03-22 00:08:04 -------- d-----w- c:\program files\Norton AntiVirus
2012-03-22 00:04:15 -------- d-----w- c:\program files\NortonInstaller
2012-03-21 23:16:27 -------- dc-h--w- C:\$AVG
2012-03-21 17:32:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-21 17:25:10 -------- d-----w- c:\programdata\AVG2012
2012-03-21 17:18:52 -------- d-----w- c:\programdata\MFAData
2012-03-21 17:01:36 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ea586497-61d5-4813-a92a-13d40faa4054}\gapaengine.dll
2012-03-21 16:42:38 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-21 03:30:27 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0f4bb366-1ef4-4127-ba08-385a5535aec2}\mpengine.dll
2012-03-20 23:43:31 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-03-20 23:27:48 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-03-20 23:27:48 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-03-20 23:27:48 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-03-20 23:27:48 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-03-20 23:27:48 153088 ----a-w- c:\windows\system32\unrar3.dll
2012-03-20 23:27:25 -------- d-----w- c:\users\shazu\appdata\roaming\Simply Super Software
2012-03-20 23:27:25 -------- d-----w- c:\programdata\Simply Super Software
2012-03-20 13:22:29 81984 ----a-w- c:\windows\system32\bdod.bin
2012-03-20 13:13:16 -------- d-----w- c:\program files\common files\Softwin
2012-03-20 09:23:18 -------- d-----w- c:\users\shazu\appdata\local\{DFCF6FE7-CB71-43FC-8A84-E00AC6BD1BE0}
2012-03-20 09:23:08 -------- d-----w- c:\users\shazu\appdata\local\{82FF7D91-79A7-4687-87F2-42814345FB29}
2012-03-20 00:20:08 -------- dcsh--w- C:\$RECYCLE.BIN
2012-03-19 21:37:49 -------- d-----w- c:\users\shazu\appdata\local\FixItCenter
2012-03-19 21:29:02 -------- d-----w- c:\windows\MATS
2012-03-19 21:28:58 -------- d-----w- c:\program files\Microsoft Fix it Center
2012-03-19 21:23:22 -------- d-----w- c:\users\shazu\appdata\local\{FF6A7262-5D20-442F-BC5F-59B578B4A777}
2012-03-19 03:36:15 -------- d-----w- c:\users\shazu\appdata\local\{31BEACF8-F333-486A-9C64-B753D724FC89}
2012-03-19 03:36:07 -------- d-----w- c:\users\shazu\appdata\local\{A9797B12-7D0C-48F7-BE71-C6D359314F31}
2012-03-18 15:35:54 -------- d-----w- c:\users\shazu\appdata\local\{CC8300FD-B3F8-4E06-A7E1-10B4E4AD74BC}
2012-03-18 15:35:45 -------- d-----w- c:\users\shazu\appdata\local\{223A52B7-41DB-4106-BA7D-B7DE9DE78B6B}
2012-03-18 03:35:32 -------- d-----w- c:\users\shazu\appdata\local\{67572446-A702-4178-A76D-8FAD7C586D8E}
2012-03-18 03:35:23 -------- d-----w- c:\users\shazu\appdata\local\{4143A60E-2D29-4AFD-91FC-77FF7C0D4F0C}
2012-03-17 15:34:59 -------- d-----w- c:\users\shazu\appdata\local\{21A24A31-DD87-4E77-B2BE-C067232575B9}
2012-03-17 15:34:50 -------- d-----w- c:\users\shazu\appdata\local\{BD8F2243-D02C-4115-BCF3-1EAC24B1D923}
2012-03-17 03:55:48 -------- d-----w- c:\programdata\Premium
2012-03-17 03:53:55 -------- d-----w- c:\programdata\Codec-C
2012-03-17 03:53:18 -------- d-----w- c:\programdata\InstallMate
2012-03-17 03:34:37 -------- d-----w- c:\users\shazu\appdata\local\{D76F6FF4-1E6C-4641-8FBA-08CAB297AF56}
2012-03-17 03:34:25 -------- d-----w- c:\users\shazu\appdata\local\{6D98E284-076D-45D3-B906-94EADD6E3EBE}
2012-03-16 15:25:59 -------- d-----w- c:\users\shazu\appdata\local\{DA917316-84F4-4FFD-94FF-1A652BDBD941}
2012-03-16 15:25:47 -------- d-----w- c:\users\shazu\appdata\local\{21BEBA7A-92DD-4AB2-A393-E7EFEC4BC8EA}
2012-03-16 03:25:33 -------- d-----w- c:\users\shazu\appdata\local\{EF6BFBCF-1CF0-4091-B238-78D010F7AA32}
2012-03-16 03:25:24 -------- d-----w- c:\users\shazu\appdata\local\{A62DC816-7623-4CD1-9C2B-EBF2BEA5A81E}
2012-03-15 15:25:12 -------- d-----w- c:\users\shazu\appdata\local\{A3B4082E-B8D6-441E-AD29-7AC11A0278B3}
2012-03-15 15:25:03 -------- d-----w- c:\users\shazu\appdata\local\{ECCF2054-9668-4A2B-8822-EC0B98F32265}
2012-03-15 03:24:35 -------- d-----w- c:\users\shazu\appdata\local\{3D409A68-869F-4CE3-94EB-01BC74B53FFF}
2012-03-15 03:24:23 -------- d-----w- c:\users\shazu\appdata\local\{94DF2F49-4E4A-471F-95C3-2EB58C36EA11}
2012-03-14 15:41:19 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 15:41:16 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 15:41:16 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 15:41:16 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 15:41:16 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 15:41:16 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 15:41:13 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 15:41:13 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 15:40:55 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-14 15:24:02 -------- d-----w- c:\users\shazu\appdata\local\{F3A43025-C9EE-433E-9D95-D2748229F6A2}
2012-03-14 15:23:40 -------- d-----w- c:\users\shazu\appdata\local\{DF296D6E-FF40-4625-A918-DE3B6F6A6605}
2012-03-14 01:51:18 -------- d-----w- c:\users\shazu\appdata\local\{88FAA82A-31BF-4CB9-B4A1-FF2B95DC63A3}
2012-03-14 01:51:09 -------- d-----w- c:\users\shazu\appdata\local\{782565EE-FF14-40AD-B161-A98F90F4419A}
2012-03-13 13:50:56 -------- d-----w- c:\users\shazu\appdata\local\{9F942FE3-3895-4C59-A51E-B6C188E689F3}
2012-03-13 13:50:34 -------- d-----w- c:\users\shazu\appdata\local\{4F7058D4-8298-4653-A2C7-D35965ACA375}
2012-03-13 01:44:09 -------- d-----w- c:\users\shazu\appdata\local\{4F4780B7-AE05-4001-ABD3-14FBC0C41174}
2012-03-13 01:43:59 -------- d-----w- c:\users\shazu\appdata\local\{89323DC1-3CB4-46CD-A71D-658988C0C99A}
2012-03-12 13:43:44 -------- d-----w- c:\users\shazu\appdata\local\{87A46852-57A7-47F1-80CB-199E214A8EE2}
2012-03-12 13:43:26 -------- d-----w- c:\users\shazu\appdata\local\{1D709065-202E-4031-98F5-0C73A871A897}
2012-03-11 18:07:09 -------- d-----w- c:\users\shazu\appdata\local\{1AB1959F-DBC9-41C7-ACE7-AF28D54B2614}
2012-03-11 18:06:54 -------- d-----w- c:\users\shazu\appdata\local\{364A5F4C-C165-4BF3-8428-2D82D40E4299}
2012-03-11 03:21:15 -------- d-----w- c:\users\shazu\appdata\local\{6770F5AB-2EC6-4B32-B630-C9F893526D70}
2012-03-11 03:21:04 -------- d-----w- c:\users\shazu\appdata\local\{50F6019A-FF89-49B7-9133-7961D47A1E56}
2012-03-10 06:44:21 -------- d-----w- c:\users\shazu\appdata\local\{F5560937-77B5-4917-8C35-6C2338CFFFFB}
2012-03-10 06:44:13 -------- d-----w- c:\users\shazu\appdata\local\{6B0957DA-CDC3-4E05-B2D2-4BC6321F02FA}
2012-03-09 18:44:27 -------- d-----w- c:\users\shazu\appdata\local\{81822C71-390C-4E8C-8D9A-1AD770D0DFFE}
2012-03-09 18:44:16 -------- d-----w- c:\users\shazu\appdata\local\{6170E75E-398C-4C02-A1A4-C436CE66D7FD}
2012-03-07 04:35:11 -------- d-----w- c:\users\shazu\appdata\local\{6481E198-0E3B-45B8-AAB7-C5D2A6B686ED}
2012-03-07 04:35:03 -------- d-----w- c:\users\shazu\appdata\local\{5250F336-4051-4999-8697-7F026D71C190}
2012-03-06 16:34:50 -------- d-----w- c:\users\shazu\appdata\local\{8E5438C5-8A6C-45A2-9B78-805E00CE5CE5}
2012-03-06 16:34:41 -------- d-----w- c:\users\shazu\appdata\local\{E5F2AA0D-0082-4DDF-B98A-6EC308E2E52F}
2012-03-06 04:34:30 -------- d-----w- c:\users\shazu\appdata\local\{CC1906E4-F963-42E7-AC5D-C1B067D52F6F}
2012-03-06 04:34:21 -------- d-----w- c:\users\shazu\appdata\local\{5F3717C4-CB3E-4C99-B84D-98321366F7A5}
2012-03-05 16:34:08 -------- d-----w- c:\users\shazu\appdata\local\{D2A34550-553A-496A-8378-03684E80A677}
2012-03-05 04:33:44 -------- d-----w- c:\users\shazu\appdata\local\{26BDB775-4C59-4E77-BC69-D41C65051CCF}
2012-03-05 04:33:36 -------- d-----w- c:\users\shazu\appdata\local\{1290031E-B727-431D-A4CC-CFE82757B2BD}
2012-03-04 16:33:08 -------- d-----w- c:\users\shazu\appdata\local\{1DB6EAC0-7EED-4936-9D86-205170B35F57}
2012-03-04 16:32:48 -------- d-----w- c:\users\shazu\appdata\local\{2577E92F-68B6-4D7B-BB1B-8CD8013BE179}
2012-03-04 04:32:39 -------- d-----w- c:\users\shazu\appdata\local\{92BEFC44-9A15-4C6D-9EB2-A3B4B0A7D3F3}
2012-03-04 04:32:33 -------- d-----w- c:\users\shazu\appdata\local\{D824F357-DD79-4AD6-B9D1-DF62D5B6DFCF}
2012-03-03 16:32:24 -------- d-----w- c:\users\shazu\appdata\local\{C2281E90-5D6A-4C22-A921-2DE81C9709F7}
2012-03-03 16:32:21 -------- d-----w- c:\users\shazu\appdata\local\{0BC2037A-D48D-439A-B60F-34D5F185954A}
2012-03-03 04:32:07 -------- d-----w- c:\users\shazu\appdata\local\{7F9DB4BE-6353-47A4-BA43-DE653075219E}
2012-03-03 04:31:51 -------- d-----w- c:\users\shazu\appdata\local\{3CB1060C-C7F3-4DE3-9C83-9BEC58C8BC19}
2012-03-02 16:33:00 -------- d-----w- c:\users\shazu\appdata\local\{E4C0B36D-65C6-46FD-9964-32841542848C}
2012-03-02 02:39:32 -------- d-----w- c:\users\shazu\appdata\local\{28F2F4BC-430D-4C2D-8528-F0CBF3A4AEC3}
2012-03-02 02:39:27 -------- d-----w- c:\users\shazu\appdata\local\{3E5CDE02-AD23-441E-ABD0-B4660D486319}
2012-03-01 14:36:12 -------- d-----w- c:\users\shazu\appdata\local\{46E9FA3D-B200-4111-B0F6-3D03DE067090}
2012-03-01 14:32:58 -------- d-----w- c:\users\shazu\appdata\local\{88332879-D7A3-41C4-8971-CFB690850115}
2012-03-01 02:32:37 -------- d-----w- c:\users\shazu\appdata\local\{544000DB-79CB-494A-B187-3EEB4A017FB3}
2012-03-01 02:32:25 -------- d-----w- c:\users\shazu\appdata\local\{6AD8B272-BF5B-4366-854F-0227ECEAB97C}
2012-02-29 14:32:07 -------- d-----w- c:\users\shazu\appdata\local\{890DF135-2012-459E-8F1F-471DDFC4DE35}
2012-02-29 14:31:54 -------- d-----w- c:\users\shazu\appdata\local\{645AE6F4-50DD-4BDA-9C4B-E20CA428424D}
2012-02-29 02:31:22 -------- d-----w- c:\users\shazu\appdata\local\{799630A4-C3AD-4473-9B5A-457DE4316CFE}
2012-02-29 02:30:33 -------- d-----w- c:\users\shazu\appdata\local\{77AE76AC-5CDF-440E-9A94-91049B03E1A1}
2012-02-28 13:28:48 -------- d-----w- c:\users\shazu\appdata\local\{2EDC09EC-96A6-4713-A659-D90CEB4A47D1}
2012-02-28 13:27:52 -------- d-----w- c:\users\shazu\appdata\local\{5769B0C5-BD60-48ED-8D8E-9521A4239C1A}
2012-02-27 17:41:13 -------- d-----w- c:\users\shazu\appdata\local\{0758DCA0-C1CD-4F84-A1AE-A709DC3C106A}
2012-02-27 17:41:00 -------- d-----w- c:\users\shazu\appdata\local\{036CF832-63B1-42D5-A145-2A33406B4775}
2012-02-27 05:43:14 -------- d-----w- c:\users\shazu\appdata\local\{89E3947E-6A62-4357-BCEF-AB85873A9D61}
2012-02-26 16:31:27 -------- d-----w- c:\users\shazu\appdata\local\{4C9B6C03-DD12-460D-84AB-0C64E53AB4B7}
2012-02-26 16:31:18 -------- d-----w- c:\users\shazu\appdata\local\{BDB6A0F0-F1CE-4E49-B687-0A679CE6F59E}
2012-02-26 04:31:04 -------- d-----w- c:\users\shazu\appdata\local\{E7C21389-AD64-41CD-B15D-EEB4D6B1C9E7}
2012-02-26 04:30:57 -------- d-----w- c:\users\shazu\appdata\local\{E35AE977-F9CB-4B5C-B6C9-3635242D2BFE}
2012-02-25 16:30:37 -------- d-----w- c:\users\shazu\appdata\local\{F7BD8FED-38CB-4E5D-8774-746074D09B55}
2012-02-25 16:30:19 -------- d-----w- c:\users\shazu\appdata\local\{38C2D184-B4C6-4802-9FC2-8C16E2410B92}
2012-02-25 04:30:07 -------- d-----w- c:\users\shazu\appdata\local\{1E02DC39-E44A-4128-98E6-30C76DD99934}
2012-02-25 04:30:00 -------- d-----w- c:\users\shazu\appdata\local\{E7D46F2C-48ED-46E2-8DEF-5B888595A173}
2012-02-24 16:29:45 -------- d-----w- c:\users\shazu\appdata\local\{CC8D171B-2588-4BBD-B7A6-D2173B364A8A}
2012-02-24 16:29:35 -------- d-----w- c:\users\shazu\appdata\local\{95EC5705-2768-476F-A2BA-3D2EEABDF6C8}
2012-02-24 04:29:17 -------- d-----w- c:\users\shazu\appdata\local\{572F4D62-B37B-4667-A9C1-57085D7679C5}
2012-02-24 04:29:05 -------- d-----w- c:\users\shazu\appdata\local\{8EE60466-DAD5-479F-AC16-F1060DE7270C}
.
==================== Find3M ====================
.
2012-02-27 19:16:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 13:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
1 ntkrnlpa!IofCallDriver[0x83053912] -> \Device\Harddisk0\DR0[0x867752A8]
3 CLASSPNP[0x8B3188B3] -> ntkrnlpa!IofCallDriver[0x83053912] -> [0x8674E820]
5 acpi[0x806176BC] -> ntkrnlpa!IofCallDriver[0x83053912] -> \Device\Ide\IdeDeviceP0T0L0-0[0x86769030]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user != kernel MBR !!!
.
============= FINISH: 18:27:43.43 ===============

was not able to zip it

Attached Files


Edited by boopme, 24 March 2012 - 06:31 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:28 PM

Posted 25 March 2012 - 12:33 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 sfaccountant

sfaccountant
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 25 March 2012 - 08:13 AM

Hi Gringo,

I ran the GMER last night. DO you need the report from that first? And do you need me to run combofix as well ?

#4 sfaccountant

sfaccountant
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 25 March 2012 - 11:35 AM

Attached File  ark.txt   27.73KB   0 downloads

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:28 PM

Posted 25 March 2012 - 12:10 PM

thank you for the report and now you may run combofix for me



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 sfaccountant

sfaccountant
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 25 March 2012 - 05:38 PM

I dont know why AVG, ESET all showed as running. I had uninstalled them. Here is the combofix report.

#7 sfaccountant

sfaccountant
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 25 March 2012 - 06:23 PM

Attached File  log.txt   22.01KB   3 downloads



I still dont see any changes. I am still not able to see any programs in my program list from the start menu.

ComboFix 12-03-22.01 - Shazu 03/25/2012 12:46:22.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2941.1256 [GMT -4:00]
Running from: c:\users\Shazu\Downloads\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3b0f4ec1.tmp
c:\programdata\51bab171.tmp
c:\programdata\51bea688.tmp
c:\programdata\51c11cff.tmp
c:\programdata\SPL178B.tmp
c:\programdata\SPL8C5.tmp
c:\programdata\SPLB386.tmp
c:\programdata\SPLC9D7.tmp
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{08BE2BF1-8B71-41F3-9131-8C55377FFD6A}\_Setup.dll
c:\programdata\Tarma Installer\{08BE2BF1-8B71-41F3-9131-8C55377FFD6A}\Setup.dat
c:\programdata\Tarma Installer\{08BE2BF1-8B71-41F3-9131-8C55377FFD6A}\Setup.exe
c:\programdata\Tarma Installer\{08BE2BF1-8B71-41F3-9131-8C55377FFD6A}\Setup.ico
c:\users\Guest\AppData\Roaming\3M
c:\users\Guest\AppData\Roaming\3M\PSNotes\PSNData
c:\users\Shazu\AppData\Local\Temp\HijriDate[0].dll
c:\users\Shazu\AppData\Roaming\3M
c:\users\Shazu\AppData\Roaming\3M\PSNotes\PSNData
.
.
((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))))
.
.
2012-03-25 16:58 . 2012-03-25 16:58 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-03-25 16:58 . 2012-03-25 16:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-25 16:58 . 2012-03-25 16:58 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-03-25 00:09 . 2012-03-20 07:53 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A4B74145-53D6-4EF2-AF13-A67CDCCB529D}\mpengine.dll
2012-03-24 22:29 . 2012-03-24 22:29 -------- d-----w- c:\users\Shazu\AppData\Local\CrashDumps
2012-03-24 13:17 . 2012-03-24 13:17 -------- d-----w- c:\users\Shazu\AppData\Local\ESET
2012-03-24 13:09 . 2012-03-24 13:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\ESET
2012-03-24 13:01 . 2012-03-24 13:01 -------- d-----w- c:\program files\ESET
2012-03-24 00:07 . 2012-03-24 19:37 -------- dc----w- C:\sh4ldr
2012-03-24 00:07 . 2012-03-24 00:07 -------- d-----w- c:\program files\Enigma Software Group
2012-03-24 00:05 . 2012-03-24 19:37 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-03-24 00:05 . 2012-03-24 00:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-03-23 15:18 . 2012-03-23 15:18 -------- d-----w- c:\program files\MSECache
2012-03-23 14:01 . 2012-03-25 17:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-23 14:01 . 2012-03-24 19:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-23 05:22 . 2012-03-20 07:53 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-22 00:04 . 2012-03-24 19:42 -------- d-----w- c:\program files\NortonInstaller
2012-03-21 23:16 . 2012-03-21 23:16 -------- dc----w- C:\$AVG
2012-03-21 17:32 . 2012-03-22 03:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-21 17:25 . 2012-03-23 21:40 -------- d-----w- c:\programdata\AVG2012
2012-03-21 17:18 . 2012-03-23 05:29 -------- d-----w- c:\programdata\MFAData
2012-03-21 17:01 . 2012-02-09 17:17 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA586497-61D5-4813-A92A-13D40FAA4054}\gapaengine.dll
2012-03-21 16:42 . 2012-03-21 16:43 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-21 03:30 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F4BB366-1EF4-4127-BA08-385A5535AEC2}\mpengine.dll
2012-03-20 23:43 . 2012-03-21 03:06 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-03-20 23:27 . 2006-06-19 16:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-03-20 23:27 . 2006-05-25 18:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-03-20 23:27 . 2005-08-26 04:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-03-20 23:27 . 2003-02-02 23:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2012-03-20 23:27 . 2002-03-06 04:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-03-20 23:27 . 2012-03-20 23:27 -------- d-----w- c:\users\Shazu\AppData\Roaming\Simply Super Software
2012-03-20 23:27 . 2012-03-20 23:27 -------- d-----w- c:\programdata\Simply Super Software
2012-03-20 13:32 . 2012-03-20 13:32 -------- d-----w- c:\users\Shazu\AppData\Roaming\HPAppData
2012-03-20 13:22 . 2012-03-21 02:27 81984 ----a-w- c:\windows\system32\bdod.bin
2012-03-20 13:13 . 2012-03-21 02:28 -------- d-----w- c:\program files\Common Files\Softwin
2012-03-19 21:37 . 2012-03-19 21:37 -------- d-----w- c:\users\Shazu\AppData\Local\FixItCenter
2012-03-19 21:29 . 2012-03-19 21:29 -------- d-----w- c:\windows\MATS
2012-03-19 21:28 . 2012-03-19 21:29 -------- d-----w- c:\program files\Microsoft Fix it Center
2012-03-17 03:55 . 2012-03-17 03:55 -------- d-----w- c:\programdata\Premium
2012-03-17 03:53 . 2012-03-19 13:13 -------- d-----w- c:\programdata\Codec-C
2012-03-17 03:53 . 2012-03-17 03:55 -------- d-----w- c:\programdata\InstallMate
2012-03-14 15:41 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 15:41 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 15:41 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 15:41 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 15:41 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 15:41 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 15:41 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 15:41 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 15:40 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-01 15:36 . 2012-03-01 15:36 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-27 19:16 . 2011-06-07 10:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 13:18 . 2009-10-03 04:39 237072 ------w- c:\windows\system32\MpSigStub.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2010-07-27 14:21 . 2010-02-04 03:01 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-08 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-30 4911104]
"TRCMan"="c:\program files\TOSHIBA\TRCMan\TRCMan.exe" [2008-01-11 692224]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-26 413696]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-02-14 19:08 184320 ----a-w- c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2009-10-01 15:45 139944 ----a-w- c:\program files\Lexmark Pro200-S500 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-27 14:21 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxebmon.exe]
2010-05-05 12:58 770728 ----a-w- c:\program files\Lexmark Pro200-S500 Series\lxebmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMAgent]
2007-12-14 03:52 143360 ----a-w- c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-08 03:12 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-08-01 10:51 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-13 17:52]
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-24 22:19]
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-24 22:19]
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1615074959-2129127131-3248481234-1000Core.job
- c:\users\Shazu\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-14 05:16]
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1615074959-2129127131-3248481234-1000UA.job
- c:\users\Shazu\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-14 05:16]
.
2012-01-01 c:\windows\Tasks\User_Feed_Synchronization-{BFE6C61E-3376-45DA-95E3-F4AB38513B77}.job
- c:\windows\system32\msfeedssync.exe [2012-02-16 04:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: friendster.com\www
Trusted Zone: google.com\www
Trusted Zone: intuit.com\community
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Shazu\AppData\Roaming\Mozilla\Firefox\Profiles\06va4qdv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.searchonme.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B53d73553-1c9b-446a-afb0-bb753ec6d91d%7D&mid=5a457974a58947d09e50d15775a9eab1-d9b2a3374cab2deced1e8ae2f778e25a1fa30c04&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2012-03-21%2014%3A19%3A00&sap=ku&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKU-Default-RunOnce-RealUpgradeHelper - c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-InCD - c:\program files\Ahead\InCD\InCD.exe
MSConfigStartUp-nR9TTXqjYekVOtx - c:\users\Shazu\AppData\Roaming\dwme.exe
AddRemove-{08BE2BF1-8B71-41F3-9131-8C55377FFD6A} - c:\progra~2\TARMAI~1\{08BE2~1\Setup.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4340)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\ESET\ESET Smart Security\ekrn.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\lxebserv.exe
c:\windows\system32\lxebcoms.exe
c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TeamViewer\Version5\TeamViewer_Service.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-03-25 13:12:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-25 17:11
.
Pre-Run: 37,773,230,080 bytes free
Post-Run: 37,879,689,216 bytes free
.
- - End Of File - - F93174C03B2763F60C51CD0AFBF1F092

Edited by gringo_pr, 25 March 2012 - 08:47 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:28 PM

Posted 25 March 2012 - 08:51 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\programdata\Premium
c:\programdata\Codec-C
c:\programdata\InstallMate

Firefox::
FF - ProfilePath - c:\users\Shazu\AppData\Roaming\Mozilla\Firefox\Profiles\06va4qdv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.searchonme.com/

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 sfaccountant

sfaccountant
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 26 March 2012 - 08:24 AM

it seems like codec c was removed as i did not see it in my uninstall programs list anymore. eset still showed up in that list but when i clicked uninstall this time i was able to uninstall it. however my programs list from my start menu still doesnt show up.

Attached Files

  • Attached File  log2.txt   21.44KB   1 downloads


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:28 PM

Posted 26 March 2012 - 08:27 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 sfaccountant

sfaccountant
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 26 March 2012 - 09:43 AM

tdskiller report

===============================


10:36:45.0704 5372 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
10:36:46.0114 5372 ============================================================
10:36:46.0114 5372 Current date / time: 2012/03/26 10:36:46.0114
10:36:46.0114 5372 SystemInfo:
10:36:46.0114 5372
10:36:46.0114 5372 OS Version: 6.0.6002 ServicePack: 2.0
10:36:46.0114 5372 Product type: Workstation
10:36:46.0114 5372 ComputerName: SHAZU-PC
10:36:46.0115 5372 UserName: Shazu
10:36:46.0115 5372 Windows directory: C:\Windows
10:36:46.0115 5372 System windows directory: C:\Windows
10:36:46.0115 5372 Processor architecture: Intel x86
10:36:46.0115 5372 Number of processors: 2
10:36:46.0115 5372 Page size: 0x1000
10:36:46.0115 5372 Boot type: Normal boot
10:36:46.0115 5372 ============================================================
10:36:47.0822 5372 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:36:47.0825 5372 \Device\Harddisk0\DR0:
10:36:47.0825 5372 MBR used
10:36:47.0825 5372 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x171B01B0
10:36:47.0844 5372 Initialize success
10:36:47.0845 5372 ============================================================
10:37:04.0212 5208 ============================================================
10:37:04.0212 5208 Scan started
10:37:04.0212 5208 Mode: Manual;
10:37:04.0212 5208 ============================================================
10:37:05.0030 5208 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:37:05.0078 5208 ACPI - ok
10:37:05.0201 5208 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:37:05.0202 5208 AdobeARMservice - ok
10:37:05.0342 5208 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
10:37:05.0351 5208 adp94xx - ok
10:37:05.0378 5208 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
10:37:05.0385 5208 adpahci - ok
10:37:05.0405 5208 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
10:37:05.0408 5208 adpu160m - ok
10:37:05.0438 5208 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
10:37:05.0443 5208 adpu320 - ok
10:37:05.0529 5208 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
10:37:05.0531 5208 AeLookupSvc - ok
10:37:05.0630 5208 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
10:37:05.0637 5208 AFD - ok
10:37:05.0681 5208 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
10:37:05.0683 5208 AgereModemAudio - ok
10:37:05.0870 5208 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
10:37:05.0893 5208 AgereSoftModem - ok
10:37:05.0978 5208 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
10:37:05.0983 5208 agp440 - ok
10:37:06.0032 5208 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:37:06.0035 5208 aic78xx - ok
10:37:06.0074 5208 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
10:37:06.0076 5208 ALG - ok
10:37:06.0096 5208 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
10:37:06.0098 5208 aliide - ok
10:37:06.0191 5208 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
10:37:06.0194 5208 amdagp - ok
10:37:06.0222 5208 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
10:37:06.0223 5208 amdide - ok
10:37:06.0257 5208 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
10:37:06.0259 5208 AmdK7 - ok
10:37:06.0281 5208 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
10:37:06.0282 5208 AmdK8 - ok
10:37:06.0342 5208 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
10:37:06.0344 5208 Appinfo - ok
10:37:06.0473 5208 Apple Mobile Device (b8e865d24f2753a35cc2a9a6a3ce1ad4) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
10:37:06.0477 5208 Apple Mobile Device - ok
10:37:06.0630 5208 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
10:37:06.0635 5208 arc - ok
10:37:06.0682 5208 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
10:37:06.0685 5208 arcsas - ok
10:37:06.0723 5208 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:37:06.0724 5208 AsyncMac - ok
10:37:06.0760 5208 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
10:37:06.0761 5208 atapi - ok
10:37:06.0908 5208 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
10:37:06.0925 5208 athr - ok
10:37:06.0995 5208 Ati External Event Utility (581b9be9e92a0f3856cc85ec011edc6f) C:\Windows\system32\Ati2evxx.exe
10:37:07.0001 5208 Ati External Event Utility - ok
10:37:07.0190 5208 atikmdag (22d300f835600c9c634860cf2912f9cf) C:\Windows\system32\DRIVERS\atikmdag.sys
10:37:07.0230 5208 atikmdag - ok
10:37:07.0304 5208 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
10:37:07.0306 5208 AtiPcie - ok
10:37:07.0361 5208 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:37:07.0366 5208 AudioEndpointBuilder - ok
10:37:07.0378 5208 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:37:07.0383 5208 Audiosrv - ok
10:37:07.0452 5208 bdfdll - ok
10:37:07.0475 5208 BDFsDrv - ok
10:37:07.0500 5208 BDRsDrv - ok
10:37:07.0596 5208 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:37:07.0599 5208 Beep - ok
10:37:07.0672 5208 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
10:37:07.0681 5208 BFE - ok
10:37:07.0806 5208 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
10:37:07.0817 5208 BITS - ok
10:37:07.0885 5208 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
10:37:07.0887 5208 blbdrive - ok
10:37:07.0959 5208 Bonjour Service (9efe4236f8670846b6e7c5b0eff6e715) C:\Program Files\Bonjour\mDNSResponder.exe
10:37:07.0962 5208 Bonjour Service - ok
10:37:08.0046 5208 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
10:37:08.0051 5208 bowser - ok
10:37:08.0120 5208 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:37:08.0122 5208 BrFiltLo - ok
10:37:08.0149 5208 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:37:08.0151 5208 BrFiltUp - ok
10:37:08.0233 5208 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
10:37:08.0235 5208 Browser - ok
10:37:08.0261 5208 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:37:08.0264 5208 Brserid - ok
10:37:08.0288 5208 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:37:08.0291 5208 BrSerWdm - ok
10:37:08.0347 5208 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:37:08.0349 5208 BrUsbMdm - ok
10:37:08.0374 5208 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:37:08.0376 5208 BrUsbSer - ok
10:37:08.0481 5208 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
10:37:08.0484 5208 BthEnum - ok
10:37:08.0540 5208 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
10:37:08.0542 5208 BTHMODEM - ok
10:37:08.0590 5208 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
10:37:08.0593 5208 BthPan - ok
10:37:08.0716 5208 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
10:37:08.0728 5208 BTHPORT - ok
10:37:08.0779 5208 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
10:37:08.0780 5208 BthServ - ok
10:37:08.0829 5208 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
10:37:08.0832 5208 BTHUSB - ok
10:37:08.0930 5208 btwaudio (ce5833c144ca6623bcbde93b188aa850) C:\Windows\system32\drivers\btwaudio.sys
10:37:08.0936 5208 btwaudio - ok
10:37:09.0026 5208 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\Windows\system32\drivers\btwavdt.sys
10:37:09.0032 5208 btwavdt - ok
10:37:09.0153 5208 btwdins (f55c99818fd1eacfc7784958a8592536) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
10:37:09.0165 5208 btwdins - ok
10:37:09.0325 5208 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
10:37:09.0329 5208 btwl2cap - ok
10:37:09.0360 5208 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\Windows\system32\DRIVERS\btwrchid.sys
10:37:09.0363 5208 btwrchid - ok
10:37:09.0515 5208 catchme - ok
10:37:09.0663 5208 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:37:09.0668 5208 cdfs - ok
10:37:09.0722 5208 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
10:37:09.0726 5208 cdrom - ok
10:37:09.0834 5208 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
10:37:09.0837 5208 CertPropSvc - ok
10:37:09.0905 5208 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
10:37:09.0909 5208 circlass - ok
10:37:09.0953 5208 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:37:09.0963 5208 CLFS - ok
10:37:10.0034 5208 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:37:10.0037 5208 clr_optimization_v2.0.50727_32 - ok
10:37:10.0145 5208 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:37:10.0148 5208 clr_optimization_v4.0.30319_32 - ok
10:37:10.0222 5208 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
10:37:10.0224 5208 CmBatt - ok
10:37:10.0252 5208 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
10:37:10.0254 5208 cmdide - ok
10:37:10.0273 5208 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
10:37:10.0274 5208 Compbatt - ok
10:37:10.0298 5208 COMSysApp - ok
10:37:10.0393 5208 ConfigFree Service (596e452b5152ec9afe8153d296459d2b) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
10:37:10.0394 5208 ConfigFree Service - ok
10:37:10.0443 5208 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
10:37:10.0445 5208 crcdisk - ok
10:37:10.0480 5208 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
10:37:10.0482 5208 Crusoe - ok
10:37:10.0561 5208 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
10:37:10.0564 5208 CryptSvc - ok
10:37:10.0664 5208 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
10:37:10.0674 5208 DcomLaunch - ok
10:37:10.0745 5208 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
10:37:10.0748 5208 DfsC - ok
10:37:10.0902 5208 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
10:37:10.0923 5208 DFSR - ok
10:37:11.0025 5208 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
10:37:11.0030 5208 Dhcp - ok
10:37:11.0106 5208 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:37:11.0109 5208 disk - ok
10:37:11.0148 5208 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
10:37:11.0153 5208 Dnscache - ok
10:37:11.0237 5208 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
10:37:11.0243 5208 dot3svc - ok
10:37:11.0307 5208 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
10:37:11.0314 5208 Dot4 - ok
10:37:11.0416 5208 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:37:11.0420 5208 Dot4Print - ok
10:37:11.0515 5208 Dot4Scan (a84d8a9006b1ae515cc7b6b3586c295a) C:\Windows\system32\DRIVERS\Dot4Scan.sys
10:37:11.0518 5208 Dot4Scan - ok
10:37:11.0560 5208 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
10:37:11.0564 5208 dot4usb - ok
10:37:11.0658 5208 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
10:37:11.0664 5208 DPS - ok
10:37:11.0757 5208 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:37:11.0761 5208 drmkaud - ok
10:37:11.0833 5208 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
10:37:11.0846 5208 DXGKrnl - ok
10:37:11.0979 5208 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:37:11.0986 5208 E1G60 - ok
10:37:12.0046 5208 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
10:37:12.0050 5208 EapHost - ok
10:37:12.0194 5208 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:37:12.0200 5208 Ecache - ok
10:37:12.0322 5208 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
10:37:12.0336 5208 eeCtrl - ok
10:37:12.0419 5208 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
10:37:12.0430 5208 ehRecvr - ok
10:37:12.0451 5208 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
10:37:12.0457 5208 ehSched - ok
10:37:12.0485 5208 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
10:37:12.0488 5208 ehstart - ok
10:37:12.0569 5208 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
10:37:12.0577 5208 elxstor - ok
10:37:12.0652 5208 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
10:37:12.0664 5208 EMDMgmt - ok
10:37:12.0776 5208 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:37:12.0779 5208 EraserUtilRebootDrv - ok
10:37:12.0869 5208 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
10:37:12.0871 5208 ErrDev - ok
10:37:12.0953 5208 esgiguard - ok
10:37:13.0038 5208 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
10:37:13.0043 5208 EventSystem - ok
10:37:13.0141 5208 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:37:13.0145 5208 exfat - ok
10:37:13.0189 5208 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:37:13.0193 5208 fastfat - ok
10:37:13.0250 5208 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
10:37:13.0251 5208 fdc - ok
10:37:13.0319 5208 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
10:37:13.0320 5208 fdPHost - ok
10:37:13.0338 5208 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
10:37:13.0340 5208 FDResPub - ok
10:37:13.0364 5208 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:37:13.0366 5208 FileInfo - ok
10:37:13.0390 5208 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:37:13.0392 5208 Filetrace - ok
10:37:13.0424 5208 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:37:13.0426 5208 flpydisk - ok
10:37:13.0500 5208 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:37:13.0503 5208 FltMgr - ok
10:37:13.0582 5208 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
10:37:13.0590 5208 FontCache - ok
10:37:13.0695 5208 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:37:13.0696 5208 FontCache3.0.0.0 - ok
10:37:13.0797 5208 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
10:37:13.0801 5208 fssfltr - ok
10:37:13.0976 5208 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
10:37:14.0023 5208 fsssvc - ok
10:37:14.0116 5208 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
10:37:14.0119 5208 Fs_Rec - ok
10:37:14.0161 5208 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
10:37:14.0165 5208 FwLnk - ok
10:37:14.0194 5208 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
10:37:14.0199 5208 gagp30kx - ok
10:37:14.0303 5208 GameConsoleService (01a5829dd261b4f3dd66d7e9f9b973f5) C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
10:37:14.0307 5208 GameConsoleService - ok
10:37:14.0401 5208 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\Windows\system32\Drivers\GEARAspiWDM.sys
10:37:14.0402 5208 GEARAspiWDM - ok
10:37:14.0456 5208 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
10:37:14.0458 5208 ggflt - ok
10:37:14.0475 5208 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
10:37:14.0477 5208 ggsemc - ok
10:37:14.0561 5208 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
10:37:14.0562 5208 GoogleDesktopManager-051210-111108 - ok
10:37:14.0646 5208 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
10:37:14.0653 5208 gpsvc - ok
10:37:14.0775 5208 gupdate1ca3d6523682720 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
10:37:14.0777 5208 gupdate1ca3d6523682720 - ok
10:37:14.0797 5208 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
10:37:14.0799 5208 gupdatem - ok
10:37:14.0835 5208 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:37:14.0838 5208 gusvc - ok
10:37:14.0938 5208 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
10:37:14.0944 5208 HdAudAddService - ok
10:37:14.0996 5208 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:37:15.0006 5208 HDAudBus - ok
10:37:15.0046 5208 HidBth (204c3b1846e9cbaaef88b8e1f86782f8) C:\Windows\system32\DRIVERS\hidbth.sys
10:37:15.0048 5208 HidBth - ok
10:37:15.0120 5208 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:37:15.0123 5208 HidIr - ok
10:37:15.0186 5208 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
10:37:15.0191 5208 hidserv - ok
10:37:15.0237 5208 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:37:15.0238 5208 HidUsb - ok
10:37:15.0266 5208 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
10:37:15.0269 5208 hkmsvc - ok
10:37:15.0334 5208 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
10:37:15.0336 5208 HpCISSs - ok
10:37:15.0502 5208 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:37:15.0505 5208 hpqcxs08 - ok
10:37:15.0528 5208 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
10:37:15.0532 5208 hpqddsvc - ok
10:37:15.0583 5208 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
10:37:15.0598 5208 HPSLPSVC - ok
10:37:15.0677 5208 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:37:15.0685 5208 HTTP - ok
10:37:15.0719 5208 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
10:37:15.0721 5208 i2omp - ok
10:37:15.0801 5208 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:37:15.0803 5208 i8042prt - ok
10:37:15.0834 5208 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
10:37:15.0840 5208 iaStorV - ok
10:37:15.0925 5208 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
10:37:15.0930 5208 IDriverT - ok
10:37:16.0038 5208 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:37:16.0056 5208 idsvc - ok
10:37:16.0114 5208 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:37:16.0116 5208 iirsp - ok
10:37:16.0184 5208 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
10:37:16.0190 5208 IKEEXT - ok
10:37:16.0331 5208 InCDsrv (7e4803ffb24c83367f7d50fd5a940f88) C:\Program Files\Ahead\InCD\InCDsrv.exe
10:37:16.0347 5208 InCDsrv - ok
10:37:16.0498 5208 IntcAzAudAddService (8a4341616976e47712b60f18c7049dcc) C:\Windows\system32\drivers\RTKVHDA.sys
10:37:16.0539 5208 IntcAzAudAddService - ok
10:37:16.0628 5208 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
10:37:16.0630 5208 intelide - ok
10:37:16.0649 5208 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:37:16.0651 5208 intelppm - ok
10:37:16.0688 5208 IO_Memory - ok
10:37:16.0724 5208 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
10:37:16.0727 5208 IPBusEnum - ok
10:37:16.0803 5208 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:37:16.0805 5208 IpFilterDriver - ok
10:37:16.0851 5208 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
10:37:16.0855 5208 iphlpsvc - ok
10:37:16.0866 5208 IpInIp - ok
10:37:16.0902 5208 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
10:37:16.0905 5208 IPMIDRV - ok
10:37:16.0937 5208 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:37:16.0940 5208 IPNAT - ok
10:37:17.0006 5208 iPod Service (d2e8efb8af35fcf5a7af22f5a0ce1a82) C:\Program Files\iPod\bin\iPodService.exe
10:37:17.0012 5208 iPod Service - ok
10:37:17.0085 5208 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:37:17.0086 5208 IRENUM - ok
10:37:17.0120 5208 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
10:37:17.0122 5208 isapnp - ok
10:37:17.0182 5208 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:37:17.0185 5208 iScsiPrt - ok
10:37:17.0212 5208 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:37:17.0214 5208 iteatapi - ok
10:37:17.0260 5208 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:37:17.0262 5208 iteraid - ok
10:37:17.0369 5208 jswpsapi (723ba0aec942e91c0a9ce146e73deceb) C:\Program Files\Jumpstart\jswpsapi.exe
10:37:17.0388 5208 jswpsapi - ok
10:37:17.0460 5208 jswpslwf (7e72514a3a1c5a9f3bff0660b3866c2b) C:\Windows\system32\DRIVERS\jswpslwf.sys
10:37:17.0462 5208 jswpslwf - ok
10:37:17.0486 5208 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:37:17.0487 5208 kbdclass - ok
10:37:17.0522 5208 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
10:37:17.0525 5208 kbdhid - ok
10:37:17.0572 5208 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:37:17.0577 5208 KeyIso - ok
10:37:17.0671 5208 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
10:37:17.0672 5208 KMWDFILTER - ok
10:37:17.0715 5208 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
10:37:17.0720 5208 KR10I - ok
10:37:17.0743 5208 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
10:37:17.0748 5208 KR10N - ok
10:37:17.0807 5208 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
10:37:17.0817 5208 KSecDD - ok
10:37:17.0898 5208 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
10:37:17.0904 5208 KtmRm - ok
10:37:17.0973 5208 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
10:37:17.0977 5208 LanmanServer - ok
10:37:18.0025 5208 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
10:37:18.0031 5208 LanmanWorkstation - ok
10:37:18.0109 5208 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:37:18.0112 5208 lltdio - ok
10:37:18.0145 5208 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
10:37:18.0151 5208 lltdsvc - ok
10:37:18.0175 5208 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
10:37:18.0178 5208 lmhosts - ok
10:37:18.0224 5208 LMIInfo - ok
10:37:18.0293 5208 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
10:37:18.0294 5208 lmimirr - ok
10:37:18.0327 5208 LMIRfsClientNP - ok
10:37:18.0359 5208 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
10:37:18.0361 5208 LMIRfsDriver - ok
10:37:18.0408 5208 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
10:37:18.0411 5208 LSI_FC - ok
10:37:18.0437 5208 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
10:37:18.0440 5208 LSI_SAS - ok
10:37:18.0497 5208 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
10:37:18.0501 5208 LSI_SCSI - ok
10:37:18.0527 5208 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:37:18.0530 5208 luafv - ok
10:37:18.0630 5208 lxebCATSCustConnectService (a69ad7128300dfd6a8b113356fb7ee3b) C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxebserv.exe
10:37:18.0640 5208 lxebCATSCustConnectService - ok
10:37:18.0680 5208 lxeb_device - ok
10:37:18.0779 5208 MatSvc (ddf15a42e27e8efe27b18fd403151a86) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
10:37:18.0782 5208 MatSvc - ok
10:37:18.0823 5208 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
10:37:18.0826 5208 Mcx2Svc - ok
10:37:18.0889 5208 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
10:37:18.0891 5208 megasas - ok
10:37:18.0920 5208 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
10:37:18.0930 5208 MegaSR - ok
10:37:19.0000 5208 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
10:37:19.0002 5208 mferkdk - ok
10:37:19.0078 5208 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
10:37:19.0080 5208 mfesmfk - ok
10:37:19.0158 5208 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
10:37:19.0163 5208 Microsoft Office Groove Audit Service - ok
10:37:19.0210 5208 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:37:19.0214 5208 MMCSS - ok
10:37:19.0279 5208 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:37:19.0281 5208 Modem - ok
10:37:19.0305 5208 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:37:19.0307 5208 monitor - ok
10:37:19.0337 5208 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:37:19.0338 5208 mouclass - ok
10:37:19.0359 5208 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:37:19.0361 5208 mouhid - ok
10:37:19.0420 5208 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:37:19.0422 5208 MountMgr - ok
10:37:19.0489 5208 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
10:37:19.0493 5208 MpFilter - ok
10:37:19.0531 5208 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
10:37:19.0534 5208 mpio - ok
10:37:19.0595 5208 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
10:37:19.0597 5208 MpNWMon - ok
10:37:19.0631 5208 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:37:19.0634 5208 mpsdrv - ok
10:37:19.0687 5208 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
10:37:19.0696 5208 MpsSvc - ok
10:37:19.0727 5208 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:37:19.0729 5208 Mraid35x - ok
10:37:19.0802 5208 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:37:19.0806 5208 MRxDAV - ok
10:37:19.0858 5208 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:37:19.0864 5208 mrxsmb - ok
10:37:19.0911 5208 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:37:19.0917 5208 mrxsmb10 - ok
10:37:19.0977 5208 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:37:19.0981 5208 mrxsmb20 - ok
10:37:20.0011 5208 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
10:37:20.0013 5208 msahci - ok
10:37:20.0037 5208 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
10:37:20.0041 5208 msdsm - ok
10:37:20.0085 5208 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
10:37:20.0089 5208 MSDTC - ok
10:37:20.0121 5208 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:37:20.0123 5208 Msfs - ok
10:37:20.0189 5208 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:37:20.0191 5208 msisadrv - ok
10:37:20.0229 5208 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
10:37:20.0233 5208 MSiSCSI - ok
10:37:20.0245 5208 msiserver - ok
10:37:20.0296 5208 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:37:20.0298 5208 MSKSSRV - ok
10:37:20.0391 5208 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
10:37:20.0392 5208 MsMpSvc - ok
10:37:20.0495 5208 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:37:20.0499 5208 MSPCLOCK - ok
10:37:20.0524 5208 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:37:20.0529 5208 MSPQM - ok
10:37:20.0580 5208 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:37:20.0587 5208 MsRPC - ok
10:37:20.0624 5208 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:37:20.0627 5208 mssmbios - ok
10:37:20.0720 5208 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:37:20.0724 5208 MSTEE - ok
10:37:20.0756 5208 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:37:20.0761 5208 Mup - ok
10:37:20.0814 5208 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
10:37:20.0821 5208 napagent - ok
10:37:20.0902 5208 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:37:20.0906 5208 NativeWifiP - ok
10:37:20.0973 5208 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:37:20.0984 5208 NDIS - ok
10:37:21.0051 5208 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:37:21.0053 5208 NdisTapi - ok
10:37:21.0087 5208 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:37:21.0089 5208 Ndisuio - ok
10:37:21.0129 5208 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:37:21.0135 5208 NdisWan - ok
10:37:21.0165 5208 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:37:21.0169 5208 NDProxy - ok
10:37:21.0253 5208 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll
10:37:21.0255 5208 Net Driver HPZ12 - ok
10:37:21.0320 5208 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:37:21.0322 5208 NetBIOS - ok
10:37:21.0368 5208 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:37:21.0373 5208 netbt - ok
10:37:21.0417 5208 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:37:21.0419 5208 Netlogon - ok
10:37:21.0486 5208 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
10:37:21.0493 5208 Netman - ok
10:37:21.0534 5208 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
10:37:21.0540 5208 netprofm - ok
10:37:21.0625 5208 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:37:21.0628 5208 NetTcpPortSharing - ok
10:37:21.0700 5208 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:37:21.0702 5208 nfrd960 - ok
10:37:21.0756 5208 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:37:21.0759 5208 NisDrv - ok
10:37:21.0813 5208 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
10:37:21.0816 5208 NisSrv - ok
10:37:21.0878 5208 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
10:37:21.0883 5208 NlaSvc - ok
10:37:21.0981 5208 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:37:21.0983 5208 Npfs - ok
10:37:21.0996 5208 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
10:37:21.0999 5208 nsi - ok
10:37:22.0033 5208 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:37:22.0034 5208 nsiproxy - ok
10:37:22.0105 5208 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:37:22.0127 5208 Ntfs - ok
10:37:22.0195 5208 NTI BackupNowEZSvr (a8a5d32399cddf5a2153f067037f00f4) C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
10:37:22.0196 5208 NTI BackupNowEZSvr - ok
10:37:22.0279 5208 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys
10:37:22.0281 5208 NTIDrvr - ok
10:37:22.0317 5208 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:37:22.0321 5208 ntrigdigi - ok
10:37:22.0347 5208 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:37:22.0350 5208 Null - ok
10:37:22.0390 5208 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
10:37:22.0396 5208 nvraid - ok
10:37:22.0425 5208 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
10:37:22.0427 5208 nvstor - ok
10:37:22.0501 5208 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
10:37:22.0504 5208 nv_agp - ok
10:37:22.0516 5208 NwlnkFlt - ok
10:37:22.0532 5208 NwlnkFwd - ok
10:37:22.0630 5208 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:37:22.0640 5208 odserv - ok
10:37:22.0726 5208 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
10:37:22.0729 5208 ohci1394 - ok
10:37:22.0797 5208 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:37:22.0804 5208 ose - ok
10:37:22.0917 5208 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:37:22.0927 5208 p2pimsvc - ok
10:37:22.0945 5208 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:37:22.0954 5208 p2psvc - ok
10:37:23.0004 5208 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:37:23.0008 5208 Parport - ok
10:37:23.0054 5208 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
10:37:23.0057 5208 partmgr - ok
10:37:23.0127 5208 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:37:23.0131 5208 Parvdm - ok
10:37:23.0165 5208 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
10:37:23.0171 5208 PcaSvc - ok
10:37:23.0224 5208 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:37:23.0228 5208 pci - ok
10:37:23.0259 5208 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
10:37:23.0261 5208 pciide - ok
10:37:23.0336 5208 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
10:37:23.0341 5208 pcmcia - ok
10:37:23.0415 5208 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:37:23.0433 5208 PEAUTH - ok
10:37:23.0507 5208 pinger (6dbf2ac2bdaff355995ab25eccc4cfe1) C:\Toshiba\IVP\ISM\pinger.exe
10:37:23.0511 5208 pinger - ok
10:37:23.0614 5208 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
10:37:23.0634 5208 pla - ok
10:37:23.0677 5208 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
10:37:23.0685 5208 PlugPlay - ok
10:37:23.0763 5208 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll
10:37:23.0765 5208 Pml Driver HPZ12 - ok
10:37:23.0817 5208 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:37:23.0826 5208 PNRPAutoReg - ok
10:37:23.0844 5208 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:37:23.0853 5208 PNRPsvc - ok
10:37:23.0900 5208 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
10:37:23.0905 5208 PolicyAgent - ok
10:37:23.0976 5208 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:37:23.0978 5208 PptpMiniport - ok
10:37:24.0006 5208 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
10:37:24.0009 5208 Processor - ok
10:37:24.0068 5208 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
10:37:24.0077 5208 ProfSvc - ok
10:37:24.0117 5208 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:37:24.0119 5208 ProtectedStorage - ok
10:37:24.0206 5208 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:37:24.0209 5208 PSched - ok
10:37:24.0227 5208 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
10:37:24.0229 5208 PxHelp20 - ok
10:37:24.0325 5208 QBCFMonitorService (17996ca5c59259ae02ca95bd11d7beec) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
10:37:24.0326 5208 QBCFMonitorService - ok
10:37:24.0375 5208 QBFCService (2241eaf40e472c471cb80cf6b97cca11) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
10:37:24.0378 5208 QBFCService - ok
10:37:24.0506 5208 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
10:37:24.0541 5208 ql2300 - ok
10:37:24.0575 5208 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:37:24.0581 5208 ql40xx - ok
10:37:24.0662 5208 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
10:37:24.0670 5208 QWAVE - ok
10:37:24.0713 5208 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:37:24.0715 5208 QWAVEdrv - ok
10:37:24.0728 5208 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:37:24.0730 5208 RasAcd - ok
10:37:24.0758 5208 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
10:37:24.0764 5208 RasAuto - ok
10:37:24.0784 5208 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:37:24.0787 5208 Rasl2tp - ok
10:37:24.0882 5208 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
10:37:24.0888 5208 RasMan - ok
10:37:24.0943 5208 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:37:24.0947 5208 RasPppoe - ok
10:37:24.0989 5208 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:37:24.0994 5208 RasSstp - ok
10:37:25.0085 5208 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:37:25.0092 5208 rdbss - ok
10:37:25.0125 5208 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:37:25.0127 5208 RDPCDD - ok
10:37:25.0175 5208 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
10:37:25.0181 5208 rdpdr - ok
10:37:25.0217 5208 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:37:25.0219 5208 RDPENCDD - ok
10:37:25.0284 5208 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
10:37:25.0289 5208 RDPWD - ok
10:37:25.0334 5208 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
10:37:25.0339 5208 RemoteAccess - ok
10:37:25.0370 5208 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
10:37:25.0376 5208 RemoteRegistry - ok
10:37:25.0456 5208 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
10:37:25.0461 5208 RFCOMM - ok
10:37:25.0552 5208 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
10:37:25.0556 5208 rimmptsk - ok
10:37:25.0615 5208 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
10:37:25.0617 5208 rimsptsk - ok
10:37:25.0694 5208 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
10:37:25.0696 5208 rismxdp - ok
10:37:25.0736 5208 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
10:37:25.0739 5208 RpcLocator - ok
10:37:25.0803 5208 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
10:37:25.0811 5208 RpcSs - ok
10:37:25.0866 5208 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:37:25.0868 5208 rspndr - ok
10:37:25.0926 5208 RTHDMIAzAudService - ok
10:37:26.0017 5208 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
10:37:26.0028 5208 RTL8169 - ok
10:37:26.0154 5208 s1018bus (27ccf532a08f437ffc795158b8b7a7f6) C:\Windows\system32\DRIVERS\s1018bus.sys
10:37:26.0160 5208 s1018bus - ok
10:37:26.0240 5208 s1018mdfl (2443aca3551cfb160ecaa642f6718b99) C:\Windows\system32\DRIVERS\s1018mdfl.sys
10:37:26.0243 5208 s1018mdfl - ok
10:37:26.0283 5208 s1018mdm (9d273a6cf8f984097e61ecd68827d8c0) C:\Windows\system32\DRIVERS\s1018mdm.sys
10:37:26.0290 5208 s1018mdm - ok
10:37:26.0371 5208 s1018mgmt (57d4d2efd2f3dc4bb8a351702ae01ba5) C:\Windows\system32\DRIVERS\s1018mgmt.sys
10:37:26.0377 5208 s1018mgmt - ok
10:37:26.0420 5208 s1018nd5 (2102d69ed2ed4b89a607c4e09504fb59) C:\Windows\system32\DRIVERS\s1018nd5.sys
10:37:26.0424 5208 s1018nd5 - ok
10:37:26.0483 5208 s1018obex (382921439a5fb855cc6e000ac24d0c95) C:\Windows\system32\DRIVERS\s1018obex.sys
10:37:26.0489 5208 s1018obex - ok
10:37:26.0567 5208 s1018unic (4e2c788d013e567bd68ae4ad36485239) C:\Windows\system32\DRIVERS\s1018unic.sys
10:37:26.0573 5208 s1018unic - ok
10:37:26.0617 5208 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:37:26.0619 5208 SamSs - ok
10:37:26.0688 5208 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:37:26.0691 5208 sbp2port - ok
10:37:26.0770 5208 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
10:37:26.0775 5208 SCardSvr - ok
10:37:26.0849 5208 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
10:37:26.0858 5208 Schedule - ok
10:37:26.0923 5208 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
10:37:26.0926 5208 SCPolicySvc - ok
10:37:27.0016 5208 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
10:37:27.0021 5208 sdbus - ok
10:37:27.0069 5208 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
10:37:27.0079 5208 SDRSVC - ok
10:37:27.0141 5208 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:37:27.0144 5208 secdrv - ok
10:37:27.0185 5208 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
10:37:27.0192 5208 seclogon - ok
10:37:27.0326 5208 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
10:37:27.0330 5208 seehcri - ok
10:37:27.0393 5208 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
10:37:27.0401 5208 SENS - ok
10:37:27.0448 5208 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
10:37:27.0451 5208 Serenum - ok
10:37:27.0513 5208 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
10:37:27.0518 5208 Serial - ok
10:37:27.0578 5208 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:37:27.0582 5208 sermouse - ok
10:37:27.0650 5208 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
10:37:27.0654 5208 SessionEnv - ok
10:37:27.0698 5208 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
10:37:27.0700 5208 sffdisk - ok
10:37:27.0727 5208 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
10:37:27.0729 5208 sffp_mmc - ok
10:37:27.0804 5208 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
10:37:27.0805 5208 sffp_sd - ok
10:37:27.0832 5208 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:37:27.0833 5208 sfloppy - ok
10:37:27.0890 5208 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
10:37:27.0898 5208 SharedAccess - ok
10:37:27.0947 5208 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
10:37:27.0954 5208 ShellHWDetection - ok
10:37:28.0017 5208 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
10:37:28.0020 5208 sisagp - ok
10:37:28.0065 5208 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
10:37:28.0067 5208 SiSRaid2 - ok
10:37:28.0093 5208 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
10:37:28.0096 5208 SiSRaid4 - ok
10:37:28.0235 5208 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files\Skype\Updater\Updater.exe
10:37:28.0239 5208 SkypeUpdate - ok
10:37:28.0415 5208 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
10:37:28.0484 5208 slsvc - ok
10:37:28.0585 5208 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
10:37:28.0590 5208 SLUINotify - ok
10:37:28.0645 5208 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
10:37:28.0648 5208 Smb - ok
10:37:28.0694 5208 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
10:37:28.0698 5208 SNMPTRAP - ok
10:37:28.0821 5208 Sony PC Companion (5177d14a78e60fd61dcfc6b388e7e971) C:\Program Files\Sony\Sony PC Companion\PCCService.exe
10:37:28.0825 5208 Sony PC Companion - ok
10:37:28.0927 5208 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:37:28.0931 5208 spldr - ok
10:37:28.0967 5208 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
10:37:28.0976 5208 Spooler - ok
10:37:29.0034 5208 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
10:37:29.0042 5208 srv - ok
10:37:29.0135 5208 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
10:37:29.0139 5208 srv2 - ok
10:37:29.0159 5208 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
10:37:29.0163 5208 srvnet - ok
10:37:29.0200 5208 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
10:37:29.0205 5208 SSDPSRV - ok
10:37:29.0278 5208 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
10:37:29.0283 5208 SstpSvc - ok
10:37:29.0352 5208 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
10:37:29.0354 5208 StillCam - ok
10:37:29.0408 5208 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
10:37:29.0426 5208 stisvc - ok
10:37:29.0508 5208 SUSCOM (16767dce5814bc80aaa9b9c6cd2596a7) C:\Windows\system32\DRIVERS\SUSCOM.SYS
10:37:29.0511 5208 SUSCOM - ok
10:37:29.0545 5208 SVRPEDRV - ok
10:37:29.0597 5208 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:37:29.0598 5208 swenum - ok
10:37:29.0648 5208 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
10:37:29.0657 5208 swprv - ok
10:37:29.0695 5208 Swupdtmr (e1292c1ed4deb17b8a9b586d22cb2061) c:\Toshiba\IVP\swupdate\swupdtmr.exe
10:37:29.0698 5208 Swupdtmr - ok
10:37:29.0771 5208 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:37:29.0774 5208 Symc8xx - ok
10:37:29.0792 5208 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:37:29.0794 5208 Sym_hi - ok
10:37:29.0818 5208 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:37:29.0822 5208 Sym_u3 - ok
10:37:29.0874 5208 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
10:37:29.0882 5208 SynTP - ok
10:37:29.0987 5208 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
10:37:30.0009 5208 SysMain - ok
10:37:30.0042 5208 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
10:37:30.0053 5208 TabletInputService - ok
10:37:30.0173 5208 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
10:37:30.0177 5208 taphss - ok
10:37:30.0264 5208 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
10:37:30.0278 5208 TapiSrv - ok
10:37:30.0323 5208 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
10:37:30.0332 5208 TBS - ok
10:37:30.0420 5208 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
10:37:30.0439 5208 Tcpip - ok
10:37:30.0509 5208 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
10:37:30.0519 5208 Tcpip6 - ok
10:37:30.0559 5208 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
10:37:30.0561 5208 tcpipreg - ok
10:37:30.0603 5208 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
10:37:30.0605 5208 tdcmdpst - ok
10:37:30.0640 5208 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:37:30.0642 5208 TDPIPE - ok
10:37:30.0667 5208 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:37:30.0670 5208 TDTCP - ok
10:37:30.0764 5208 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:37:30.0767 5208 tdx - ok
10:37:30.0953 5208 TeamViewer5 (960c1194dc43744c4851995f7daf0552) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
10:37:30.0993 5208 TeamViewer5 - ok
10:37:31.0082 5208 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
10:37:31.0084 5208 TermDD - ok
10:37:31.0132 5208 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
10:37:31.0142 5208 TermService - ok
10:37:31.0191 5208 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
10:37:31.0196 5208 Themes - ok
10:37:31.0266 5208 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:37:31.0269 5208 THREADORDER - ok
10:37:31.0337 5208 TNaviSrv (e47f35a87ff0da38def37a0eb0c2d2df) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
10:37:31.0339 5208 TNaviSrv - ok
10:37:31.0370 5208 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
10:37:31.0376 5208 TODDSrv - ok
10:37:31.0427 5208 TosCoSrv (da6903958cbdc091ffcbbca70ccff34c) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
10:37:31.0432 5208 TosCoSrv - ok
10:37:31.0479 5208 TOSHIBA SMART Log Service (22690dffc7f2a18279a7a0489aa02bac) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
10:37:31.0480 5208 TOSHIBA SMART Log Service - ok
10:37:31.0539 5208 tosporte - ok
10:37:31.0569 5208 Tosrfcom - ok
10:37:31.0610 5208 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
10:37:31.0612 5208 tosrfec - ok
10:37:31.0652 5208 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
10:37:31.0659 5208 tos_sps32 - ok
10:37:31.0727 5208 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
10:37:31.0732 5208 TrkWks - ok
10:37:31.0773 5208 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
10:37:31.0774 5208 TrustedInstaller - ok
10:37:31.0819 5208 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:37:31.0821 5208 tssecsrv - ok
10:37:31.0849 5208 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:37:31.0851 5208 tunmp - ok
10:37:31.0910 5208 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
10:37:31.0912 5208 tunnel - ok
10:37:31.0942 5208 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
10:37:31.0947 5208 TVALZ - ok
10:37:32.0000 5208 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
10:37:32.0005 5208 uagp35 - ok
10:37:32.0106 5208 UBHelper (d79c0b9bb011218b93705cbf77fa3e5e) C:\Windows\system32\drivers\UBHelper.sys
10:37:32.0108 5208 UBHelper - ok
10:37:32.0161 5208 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:37:32.0167 5208 udfs - ok
10:37:32.0208 5208 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
10:37:32.0213 5208 UI0Detect - ok
10:37:32.0299 5208 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
10:37:32.0300 5208 UleadBurningHelper - ok
10:37:32.0387 5208 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
10:37:32.0391 5208 uliagpkx - ok
10:37:32.0426 5208 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
10:37:32.0436 5208 uliahci - ok
10:37:32.0471 5208 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:37:32.0477 5208 UlSata - ok
10:37:32.0509 5208 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:37:32.0514 5208 ulsata2 - ok
10:37:32.0598 5208 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:37:32.0600 5208 umbus - ok
10:37:32.0640 5208 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
10:37:32.0649 5208 upnphost - ok
10:37:32.0677 5208 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:37:32.0680 5208 usbccgp - ok
10:37:32.0702 5208 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:37:32.0705 5208 usbcir - ok
10:37:32.0792 5208 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:37:32.0795 5208 usbehci - ok
10:37:32.0840 5208 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:37:32.0845 5208 usbhub - ok
10:37:32.0870 5208 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
10:37:32.0872 5208 usbohci - ok
10:37:32.0908 5208 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:37:32.0910 5208 usbprint - ok
10:37:32.0994 5208 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
10:37:32.0996 5208 usbscan - ok
10:37:33.0043 5208 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:37:33.0045 5208 USBSTOR - ok
10:37:33.0100 5208 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:37:33.0102 5208 usbuhci - ok
10:37:33.0152 5208 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
10:37:33.0156 5208 usbvideo - ok
10:37:33.0227 5208 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
10:37:33.0231 5208 UVCFTR - ok
10:37:33.0283 5208 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
10:37:33.0292 5208 UxSms - ok
10:37:33.0350 5208 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
10:37:33.0362 5208 vds - ok
10:37:33.0445 5208 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
10:37:33.0447 5208 vga - ok
10:37:33.0467 5208 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:37:33.0469 5208 VgaSave - ok
10:37:33.0498 5208 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
10:37:33.0500 5208 viaagp - ok
10:37:33.0519 5208 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
10:37:33.0521 5208 ViaC7 - ok
10:37:33.0541 5208 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
10:37:33.0543 5208 viaide - ok
10:37:33.0614 5208 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:37:33.0617 5208 volmgr - ok
10:37:33.0661 5208 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:37:33.0668 5208 volmgrx - ok
10:37:33.0718 5208 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:37:33.0725 5208 volsnap - ok
10:37:33.0801 5208 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
10:37:33.0808 5208 vsmraid - ok
10:37:33.0880 5208 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
10:37:33.0894 5208 VSS - ok
10:37:33.0979 5208 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
10:37:33.0988 5208 W32Time - ok
10:37:34.0053 5208 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:37:34.0055 5208 WacomPen - ok
10:37:34.0087 5208 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:37:34.0090 5208 Wanarp - ok
10:37:34.0096 5208 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:37:34.0098 5208 Wanarpv6 - ok
10:37:34.0135 5208 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
10:37:34.0147 5208 wcncsvc - ok
10:37:34.0220 5208 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
10:37:34.0230 5208 WcsPlugInService - ok
10:37:34.0288 5208 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
10:37:34.0291 5208 Wd - ok
10:37:34.0336 5208 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
10:37:34.0347 5208 Wdf01000 - ok
10:37:34.0396 5208 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:37:34.0401 5208 WdiServiceHost - ok
10:37:34.0409 5208 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:37:34.0413 5208 WdiSystemHost - ok
10:37:34.0467 5208 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
10:37:34.0475 5208 WebClient - ok
10:37:34.0518 5208 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
10:37:34.0524 5208 Wecsvc - ok
10:37:34.0552 5208 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
10:37:34.0557 5208 wercplsupport - ok
10:37:34.0631 5208 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
10:37:34.0637 5208 WerSvc - ok
10:37:34.0698 5208 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
10:37:34.0704 5208 WinDefend - ok
10:37:34.0718 5208 WinHttpAutoProxySvc - ok
10:37:34.0805 5208 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
10:37:34.0810 5208 Winmgmt - ok
10:37:34.0926 5208 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
10:37:34.0954 5208 WinRM - ok
10:37:35.0073 5208 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
10:37:35.0075 5208 WinUSB - ok
10:37:35.0164 5208 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
10:37:35.0179 5208 Wlansvc - ok
10:37:35.0313 5208 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:37:35.0318 5208 wlcrasvc - ok
10:37:35.0460 5208 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:37:35.0497 5208 wlidsvc - ok
10:37:35.0586 5208 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
10:37:35.0588 5208 WmiAcpi - ok
10:37:35.0661 5208 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
10:37:35.0663 5208 wmiApSrv - ok
10:37:35.0743 5208 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:37:35.0761 5208 WMPNetworkSvc - ok
10:37:35.0843 5208 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
10:37:35.0851 5208 WPCSvc - ok
10:37:35.0899 5208 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
10:37:35.0904 5208 WPDBusEnum - ok
10:37:35.0975 5208 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
10:37:35.0978 5208 WpdUsb - ok
10:37:36.0136 5208 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:37:36.0153 5208 WPFFontCache_v0400 - ok
10:37:36.0233 5208 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:37:36.0235 5208 ws2ifsl - ok
10:37:36.0280 5208 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
10:37:36.0284 5208 wscsvc - ok
10:37:36.0315 5208 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
10:37:36.0317 5208 WSDPrintDevice - ok
10:37:36.0331 5208 WSearch - ok
10:37:36.0446 5208 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
10:37:36.0488 5208 wuauserv - ok
10:37:36.0589 5208 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:37:36.0592 5208 WUDFRd - ok
10:37:36.0624 5208 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
10:37:36.0629 5208 wudfsvc - ok
10:37:36.0740 5208 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
10:37:36.0746 5208 YahooAUService - ok
10:37:36.0786 5208 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
10:37:36.0816 5208 \Device\Harddisk0\DR0 - ok
10:37:36.0822 5208 Boot (0x1200) (9c166fce69e55e2466032066069028be) \Device\Harddisk0\DR0\Partition0
10:37:36.0824 5208 \Device\Harddisk0\DR0\Partition0 - ok
10:37:36.0827 5208 ============================================================
10:37:36.0827 5208 Scan finished
10:37:36.0827 5208 ============================================================
10:37:36.0849 5380 Detected object count: 0
10:37:36.0849 5380 Actual detected object count: 0

Attached Files



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:28 PM

Posted 26 March 2012 - 10:00 AM

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 29 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 sfaccountant

sfaccountant
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 26 March 2012 - 03:00 PM

malwarebytes did not find anything. hijakthis gives me a blank notepad file.

Attached Files



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:28 PM

Posted 26 March 2012 - 03:06 PM

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 sfaccountant

sfaccountant
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 26 March 2012 - 03:29 PM

i dont have the ru as admin option




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users