Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJackThis Log


  • This topic is locked This topic is locked
8 replies to this topic

#1 JReich

JReich

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 27 March 2012 - 08:59 PM

Long story short. What should be there and what shouldn't be there?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:53:34 PM, on 3/27/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\FaxTalk Trial\FTclctrl.exe
C:\WINDOWS\System32\wpcumi.exe
C:\WINDOWS\WindowsMobile\wmdc.exe
C:\WINDOWS\System32\WFXSNT40.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atng.exe
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Kerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z7LIEB13\msert.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kerry\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/webhp?sourceid=navclient&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - (no file)
R3 - URLSearchHook: (no name) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\17.0.963.83\npchrome_frame.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [FaxTalk FaxCenter Pro 7.5] "C:\Program Files\FaxTalk Trial\FTClCtrl.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files\Searchqu Toolbar"
O4 - HKLM\..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar"
O4 - HKCU\..\Run: [PxDotNetLoader] "C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C4F3AFC-21C2-4CFD-B9C8-DD9F781EE7FD}: NameServer = 205.208.227.13 205.208.227.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C4F3AFC-21C2-4CFD-B9C8-DD9F781EE7FD}: NameServer = 205.208.227.13 205.208.227.14
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\17.0.963.83\npchrome_frame.dll
O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - C:\Program Files\Intuit2\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FaxTalk FaxCenter Pro 7.5 - Thought Communications, Inc. - C:\Program Files\FaxTalk Trial\FTmsgsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Net Burner iSCSI Service (NetBurnerService) - Paragon GmbH - C:\Program Files\Paragon Software\Drive Backup 9 Professional\Net Burner Service\NetBurnerService.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\Windows\system32\WFXSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15982 bytes


Thanks,
Jordan

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:22 PM

Posted 29 March 2012 - 06:54 AM

Important! Temporarily disable your anti-virus and any anti-malware real-time protection programs you are using so they will not interfere with the entries we will be fixing in HijackThis. Click this link to see a list of such programs and how to disable them.

Run HijackThis, and press "Scan." When the scan is complete place a check mark next to the following entries (if they are still present): (Please be careful and do not check any other boxes)

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - (no file)
R3 - URLSearchHook: (no name) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O4 - HKLM\..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files\Searchqu Toolbar"
O4 - HKLM\..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar"
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
After checking these items CLOSE ALL open windows except HijackThis and click "Fix Checked" to remove the entries you checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, close HijackThis and reboot your computer normally.


Other than that, nothing of significant concern showing in your log and no obvious signs of infection. However, HijackThis only scans certain areas of a computer's system/registry to help diagnose the presence of undetected malware in known hiding places. Given the sophistication of malware hiding techniques used by attackers in today's environment, HijackThis is limited in its ability to detect infection and generate a report outside these known hiding places. This limitation has made its usefulness nearly obsolete since a HijackThis log cannot reveal all the malware residing on a computer. As such, HijackThis has been replaced by other preferred tools like DDS, OTL and RSIT that provide comprehensive logs with specific details about more areas of a computer's system, files, folders and registry keys which may have been modified by malware infection.

What specific issues are you having that require a request for assistance with malware removal? Please describe any problem(s) in detail as they could provide a clue as to whether your issues are malware related or not.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 JReich

JReich
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 30 March 2012 - 11:37 AM

Thank you for providing a response to my inquiry. The computer is experiencing a number of issues. For awhile the Control Panel would not let me open it. When I tried to open the entire computer crashed. Next, AVG would popup with a popup of a different infection about every five minutes. Then when I complete searches on Google it will redirect me back to Google without ever actually going to the webpage. With an obscured URL instead of the normal Google URL. I'm very computer adept and if it comes down to I can always clean wipe and ghost a copy of the standard PC back onto the machine and reset it up. Which might be less time consuming in actuality. However, you guys have more experience looking through the logs so I appreciate your help.

I've ran Spybot, Malware Bytes, a whole slew of Spyware and Malware removal programs and services and while it does make it better it is not getting at the root of the problem. AVG hasn't been able to provide a real fix to the problem either.

As per your recommendation I went ahead and ran RSIT and provided the results here for your study.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Kerry at 2012-03-29 17:56:32
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 136 GB (59%) free of 232 GB
Total RAM: 2550 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:56:54 PM, on 3/29/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\FaxTalk Trial\FTclctrl.exe
C:\WINDOWS\System32\wpcumi.exe
C:\WINDOWS\WindowsMobile\wmdc.exe
C:\WINDOWS\System32\WFXSNT40.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kerry\Desktop\RSIT.exe
C:\Program Files\trend micro\Kerry.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/webhp?sourceid=navclient&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\18.0.1025.142\npchrome_frame.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [FaxTalk FaxCenter Pro 7.5] "C:\Program Files\FaxTalk Trial\FTClCtrl.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [PxDotNetLoader] "C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C4F3AFC-21C2-4CFD-B9C8-DD9F781EE7FD}: NameServer = 205.208.227.13 205.208.227.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C4F3AFC-21C2-4CFD-B9C8-DD9F781EE7FD}: NameServer = 205.208.227.13 205.208.227.14
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\18.0.1025.142\npchrome_frame.dll
O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - C:\Program Files\Intuit2\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FaxTalk FaxCenter Pro 7.5 - Thought Communications, Inc. - C:\Program Files\FaxTalk Trial\FTmsgsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Net Burner iSCSI Service (NetBurnerService) - Paragon GmbH - C:\Program Files\Paragon Software\Drive Backup 9 Professional\Net Burner Service\NetBurnerService.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\Windows\system32\WFXSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14124 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Paragon Archive name arc_140811210754983.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Kerry\AppData\Roaming\Mozilla\Firefox\Profiles\hhnocywm.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.searchnu.com/406"
prefs.js - "extensions.enabledItems" - "avg@toolbar:10.0.0.7, {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25, {20a82645-c095-46ed-80e3-08825760534b}:0.0.0, {cb84136f-9c44-433a-9048-c5cd9df1dc16}:4.0.0.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"
prefs.js - "keyword.URL" - "http://dts.search-results.com/sr?src=ffb&appid=139&systemid=406&sr=0&q="

"{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
"{3f963a5b-e555-4543-90e2-c3908898db71}"=C:\Program Files\AVG\AVG2012\Firefox\
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG2012\Firefox4\
"avg@toolbar"=C:\ProgramData\AVG Secure Search\10.2.0.3\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/MycameraPlugin]
"Description"=Canon MycameraPlugin
"Path"=C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Description"=ZoneAlarm Toolbar Api
"Path"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
answers.xml
AOL Search.xml
avg-secure-search.xml
creativecommons.xml
eBay.xml
google.xml
SafeSearch.xml
Search_Results.xml
wikipedia.xml
yahoo.xml

C:\Users\Kerry\AppData\Roaming\Mozilla\Firefox\Profiles\hhnocywm.default\searchplugins\
alot-search.xml
AOL Search.xml
bing-zugo.xml
conduit.xml
search-defender.xml
Search_Results.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2011-11-11 1378144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll [2012-03-12 1869152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-16 192112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-01 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}]
ChromeFrame BHO - C:\Program Files\Google\Chrome Frame\Application\18.0.1025.142\npchrome_frame.dll [2012-03-26 2092016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll [2012-03-12 1869152]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-16 192112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2006-09-28 65536]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-09-29 151552]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-09 3784704]
""= []
"FaxTalk FaxCenter Pro 7.5"=C:\Program Files\FaxTalk Trial\FTClCtrl.exe [2009-08-11 114688]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"WinFaxAppPortStarter"=C:\Windows\system32\wfxsnt40.exe [2000-09-28 43008]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2012-01-24 2416480]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"Intuit SyncManager"=C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2009-11-25 1087752]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-04-01 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-04-01 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-04-01 133656]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2012-03-12 982880]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2011-10-24 421888]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"ROC_roc_dec12"=C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe [2012-01-16 928096]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-01-07 253672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PxDotNetLoader"=C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe [2011-04-25 42392]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-23 203928]
"ISUSPM"=C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [2007-07-12 226904]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Compaq Connections.lnk - C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
Google Calendar Sync.lnk - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Users\Kerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
5m2NzxGRQco.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-03-25 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"=C:\Program Files\WinFax\WfxSeh32.Dll [1998-07-27 38400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77872688.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\77872688.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-03-29 17:56:33 ----D---- C:\Program Files\trend micro
2012-03-29 17:56:32 ----D---- C:\rsit
2012-03-29 14:08:46 ----D---- C:\TDSSKiller_Quarantine
2012-03-29 14:00:39 ----A---- C:\TDSSKiller.2.7.23.0_29.03.2012_14.00.39_log.txt
2012-03-28 18:58:44 ----D---- C:\Windows\Minidump
2012-03-28 17:36:55 ----D---- C:\Program Files\PC Tools
2012-03-28 17:13:02 ----A---- C:\Windows\system32\drivers\Cat.DB
2012-03-28 17:11:17 ----D---- C:\Program Files\Common Files\PC Tools
2012-03-28 17:11:17 ----A---- C:\Windows\system32\drivers\PCTSD.sys
2012-03-28 17:06:11 ----D---- C:\ProgramData\PC Tools
2012-03-28 17:06:08 ----D---- C:\Users\Kerry\AppData\Roaming\TestApp
2012-03-28 16:33:10 ----D---- C:\Users\Kerry\AppData\Roaming\MicroST
2012-03-27 19:17:46 ----SD---- C:\ComboFix
2012-03-27 19:15:15 ----A---- C:\Windows\zip.exe
2012-03-27 19:15:15 ----A---- C:\Windows\SWSC.exe
2012-03-27 19:15:15 ----A---- C:\Windows\SWREG.exe
2012-03-27 19:15:15 ----A---- C:\Windows\sed.exe
2012-03-27 19:15:15 ----A---- C:\Windows\PEV.exe
2012-03-27 19:15:15 ----A---- C:\Windows\NIRCMD.exe
2012-03-27 19:15:15 ----A---- C:\Windows\MBR.exe
2012-03-27 19:15:15 ----A---- C:\Windows\grep.exe
2012-03-27 19:15:04 ----D---- C:\Windows\ERDNT
2012-03-27 19:13:37 ----D---- C:\Qoobox
2012-03-27 09:29:27 ----ASH---- C:\Windows\system32\dds_trash_log.cmd
2012-03-23 09:07:46 ----HD---- C:\Windows\msdownld.tmp
2012-03-23 08:16:07 ----D---- C:\ProgramData\Tarma Installer
2012-03-22 10:09:25 ----D---- C:\ProgramData\boost_interprocess
2012-03-18 03:01:55 ----A---- C:\hb_1649.tmp
2012-03-13 23:24:27 ----A---- C:\Windows\system32\win32k.sys
2012-03-13 23:24:24 ----A---- C:\Windows\system32\DWrite.dll
2012-03-13 23:24:24 ----A---- C:\Windows\system32\d3d10warp.dll
2012-03-13 23:24:24 ----A---- C:\Windows\system32\d3d10_1core.dll
2012-03-13 23:24:23 ----A---- C:\Windows\system32\d3d10_1.dll
2012-03-13 23:24:23 ----A---- C:\Windows\system32\d2d1.dll
2012-03-13 23:20:52 ----A---- C:\Windows\system32\rdpencom.dll
2012-03-13 23:20:50 ----A---- C:\Windows\system32\drivers\rdpwd.sys

======List of files/folders modified in the last 1 month======

2012-03-29 17:56:47 ----RD---- C:\Program Files
2012-03-29 17:47:41 ----D---- C:\Windows\Temp
2012-03-29 17:45:45 ----SHD---- C:\System Volume Information
2012-03-29 17:42:53 ----AD---- C:\ProgramData\Temp
2012-03-29 17:42:40 ----D---- C:\Windows\system32\drivers
2012-03-29 17:42:33 ----D---- C:\WINDOWS
2012-03-29 15:01:40 ----A---- C:\java_log.txt
2012-03-29 14:10:50 ----DC---- C:\Windows\$NtUninstallKB56145$
2012-03-29 13:58:42 ----D---- C:\Windows\System32
2012-03-29 11:29:52 ----HD---- C:\ProgramData
2012-03-29 11:27:33 ----SHD---- C:\Windows\Installer
2012-03-29 11:27:33 ----HD---- C:\Config.Msi
2012-03-29 11:27:15 ----D---- C:\ProgramData\Lavasoft
2012-03-29 11:26:11 ----D---- C:\Windows\system32\Tasks
2012-03-29 11:24:41 ----DC---- C:\Windows\system32\DRVSTORE
2012-03-29 11:12:58 ----D---- C:\Windows\Prefetch
2012-03-29 10:04:28 ----D---- C:\Windows\system32\drivers\AVG
2012-03-29 10:04:28 ----D---- C:\ProgramData\MFAData
2012-03-29 07:48:38 ----D---- C:\Program Files\Mozilla Firefox
2012-03-28 19:15:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-03-28 19:15:21 ----D---- C:\Windows\inf
2012-03-28 17:11:17 ----D---- C:\Program Files\Common Files
2012-03-28 07:49:29 ----D---- C:\Windows\Tasks
2012-03-27 21:14:46 ----SHD---- C:\$Recycle.Bin
2012-03-27 18:43:23 ----HD---- C:\Program Files\InstallShield Installation Information
2012-03-27 18:32:51 ----D---- C:\Windows\Debug
2012-03-25 10:44:33 ----D---- C:\Windows\system32\drivers\etc
2012-03-25 10:41:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-03-23 09:07:47 ----D---- C:\Program Files\Internet Explorer
2012-03-22 11:45:59 ----D---- C:\Program Files\Yahoo!
2012-03-22 10:25:06 ----SD---- C:\Users\Kerry\AppData\Roaming\Microsoft
2012-03-15 00:00:48 ----D---- C:\Windows\system32\catroot2
2012-03-14 03:40:12 ----D---- C:\Windows\winsxs
2012-03-14 03:05:25 ----D---- C:\Windows\system32\catroot
2012-03-14 03:02:13 ----D---- C:\Program Files\Windows Mail
2012-03-12 14:36:18 ----D---- C:\ProgramData\AVG Secure Search
2012-03-12 14:36:15 ----D---- C:\Program Files\AVG Secure Search
2012-03-02 10:27:49 ----D---- C:\Program Files\Typing Instructor Deluxe 17

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
R0 hotcore3;hc3ServiceName; C:\Windows\system32\DRIVERS\hotcore3.sys [2008-06-07 40464]
R0 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iastor.sys [2006-09-29 250368]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-01-09 721904]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2011-08-08 40016]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R1 NetBurn;Paragon NetBurning Driver; C:\Windows\system32\DRIVERS\NetBurn.sys [2008-06-07 84752]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\Windows\System32\Drivers\Uim_IM.sys [2008-06-07 130688]
R1 UimBus;Universal Image Mounter Controller; C:\Windows\system32\DRIVERS\UimBus.sys [2008-06-07 33072]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
R3 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
R3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-18 131584]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-18 16384]
R3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2008-01-18 10752]
R3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-18 36864]
R3 E100B;Intel® PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2008-01-18 159744]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 2307072]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-08 1647976]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
S0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys []
S1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys []
S3 AdfuUd;Actions USB Device; C:\Windows\System32\Drivers\ActionsUSB.sys [2010-12-01 16384]
S3 catchme;S716mdm; \??\C:\Users\Kerry\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 TSHWMDTCP;TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [2006-07-13 4608]
S3 winusb;WinUsb Driver; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-10 31616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R2 FaxTalk FaxCenter Pro 7.5;FaxTalk FaxCenter Pro 7.5; C:\Program Files\FaxTalk Trial\FTmsgsvc.exe [2009-08-11 27136]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-09-29 81920]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 NetBurnerService;Net Burner iSCSI Service; C:\Program Files\Paragon Software\Drive Backup 9 Professional\Net Burner Service\NetBurnerService.exe [2008-06-07 223248]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2009-12-16 45056]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TeamViewer7;TeamViewer 7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-12 918880]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2009-07-23 61440]
S2 acedrv05;Portmapper; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 admjoy;AR5416; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 Afc;Hpgate; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 AMDPCI;MSMQTriggers; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 botcbs;Vcsw; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 buslogic;Mwsarcpkt; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 cicsclient;Tmxpflt; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 cicssfs.scmmc223;Ixiaendpoint; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 DevUpper;S125mdm; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 earthlinksafeconnectagent;L8042mou; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 epson_pm_rpcv4_01;CTEXFIFX.DLL; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 es1371;V124; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 fasttrackinstallerservice;Cdr4_xp; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 ftdisk;Btkrnl; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 ghaio;Backupclientsvc; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-05 135664]
S2 igateway;S116bus; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 IntelDHSvcConf;Intel DH Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
S2 kavsvc;Hsxhwazl; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 klif;AsDsm; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 lvusbsta;Hpqwmi; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 MaxtorFrontPanel1;Ctxhttp; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 mwstick;Upnp; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 nhcDriverDevice;NVR0FLASHDev; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 nmsaccess;Epfwndis; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 NPPTNT;USA49W2KP; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 NVXBAR;Nvatabus; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 NWHOST;Wpsnuio; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 oraclewebassistant;Pelmouse; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 pageserver;BCMWLNPF; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 parallel;Jukebox3; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 pelusblf;Fsaa; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 pmj151la;SABSVC; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 prodrv06;Cqmghost; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 purendis;Lxcccustomerconnect; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 qcmerced;SGIR; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 roxupnpserver;Ha20x2k; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 rt73;CTMMOUNT; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 RTLE8023xp;L6POD; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 s616unic;Lxcgcustomerconnect; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 se59unic;Symantecantibotfilter; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 servicemgr;Oraclexeclragent; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 Sk99202k;SE2Dmgmt; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 StkScan;Z800bus; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 SunkFilt39;Qconsvc; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 tappsrv;Usnjsvc; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 tm_cfw;ATSWPDRV; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 tosrfhid;Rxmssync; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 USB_NDIS_51;USBModem; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 usbsermptxp;Spcflt; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 W700mdm;Zpjava; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 wfxsvc;WinFax PRO; C:\Windows\system32\WFXSVC.EXE [2000-09-28 129536]
S3 AlertService;Intel® Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-09-11 188416]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-05-17 655624]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-05 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-05 182768]
S3 ISSM;Intel® Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-09-11 75264]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 M1 Server;Intel® Viiv™ Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-09-01 26624]
S3 MCLServiceATL;Intel® Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-09-11 167936]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 Remote UI Service;Intel® Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-09-11 544256]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 78752]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------


Thanks Again,
Jordan

Edited by JReich, 30 March 2012 - 11:38 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:22 PM

Posted 30 March 2012 - 05:26 PM

Please post the complete results of your last MBAM scan for review (even if nothing was found).

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
  • The log will be named by the date of scan in the following format: mbam-log-yyyy-mm-dd
    -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log will automatically open in Notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
If you have a previous log where any infections were detected/removed, please post that log too.

Before doing anything further, if you have not already done so, you should back up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. If that occurs there may be no option but to reformat and reinstall the OS or perform a full system recovery. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.


Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!
Be sure to print out and follow the instructions for performing a scan.
  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
  • Alternatively, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.
  • When the program opens, click the Change parameters.

    Posted Image

  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image

  • Click the Start Scan button.

    Posted Image

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
  • If Malicious objects are detected, they will show in the Scan results - Select action for found objects and offer three options.

    Posted Image

  • Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.

    Posted Image

  • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 JReich

JReich
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 31 March 2012 - 12:26 PM

MBAM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.25.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Kerry :: REICHFAMILY-PC [administrator]

3/27/2012 2:22:38 PM
mbam-log-2012-03-27 (14-22-38).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 555471
Time elapsed: 3 hour(s), 48 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


TDSSKiller

10:17:10.0254 5620 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
10:17:10.0785 5620 ============================================================
10:17:10.0785 5620 Current date / time: 2012/03/31 10:17:10.0785
10:17:10.0785 5620 SystemInfo:
10:17:10.0785 5620
10:17:10.0785 5620 OS Version: 6.0.6002 ServicePack: 2.0
10:17:10.0785 5620 Product type: Workstation
10:17:10.0785 5620 ComputerName: REICHFAMILY-PC
10:17:10.0785 5620 UserName: Kerry
10:17:10.0785 5620 Windows directory: C:\Windows
10:17:10.0785 5620 System windows directory: C:\Windows
10:17:10.0785 5620 Processor architecture: Intel x86
10:17:10.0785 5620 Number of processors: 2
10:17:10.0785 5620 Page size: 0x1000
10:17:10.0785 5620 Boot type: Normal boot
10:17:10.0785 5620 ============================================================
10:17:11.0221 5620 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:17:11.0237 5620 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:17:11.0253 5620 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:17:11.0268 5620 \Device\Harddisk0\DR0:
10:17:11.0268 5620 MBR used
10:17:11.0268 5620 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C576DDF
10:17:11.0268 5620 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C576E1E, BlocksNum 0xC4D763
10:17:11.0268 5620 \Device\Harddisk1\DR1:
10:17:11.0268 5620 MBR used
10:17:11.0268 5620 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
10:17:11.0268 5620 \Device\Harddisk2\DR2:
10:17:11.0268 5620 MBR used
10:17:11.0268 5620 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
10:17:11.0315 5620 Initialize success
10:17:11.0315 5620 ============================================================
10:17:31.0673 2664 ============================================================
10:17:31.0673 2664 Scan started
10:17:31.0673 2664 Mode: Manual; SigCheck; TDLFS;
10:17:31.0673 2664 ============================================================
10:17:32.0313 2664 acedrv05 - ok
10:17:32.0437 2664 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:17:32.0640 2664 ACPI - ok
10:17:32.0765 2664 AdfuUd (e1e1660090c2efec2dd38ed203130e80) C:\Windows\system32\Drivers\ActionsUSB.sys
10:17:32.0859 2664 AdfuUd ( UnsignedFile.Multi.Generic ) - warning
10:17:32.0859 2664 AdfuUd - detected UnsignedFile.Multi.Generic (1)
10:17:32.0859 2664 admjoy - ok
10:17:32.0983 2664 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
10:17:33.0030 2664 adp94xx - ok
10:17:33.0155 2664 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
10:17:33.0186 2664 adpahci - ok
10:17:33.0233 2664 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
10:17:33.0249 2664 adpu160m - ok
10:17:33.0295 2664 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
10:17:33.0311 2664 adpu320 - ok
10:17:33.0373 2664 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
10:17:33.0498 2664 AeLookupSvc - ok
10:17:33.0623 2664 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
10:17:33.0717 2664 AFD - ok
10:17:33.0795 2664 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
10:17:33.0810 2664 agp440 - ok
10:17:33.0966 2664 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:17:33.0982 2664 aic78xx - ok
10:17:34.0091 2664 AlertService (c86d177967d27c80e466d4ed95c26db9) C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
10:17:34.0153 2664 AlertService ( UnsignedFile.Multi.Generic ) - warning
10:17:34.0153 2664 AlertService - detected UnsignedFile.Multi.Generic (1)
10:17:34.0247 2664 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
10:17:34.0294 2664 ALG - ok
10:17:34.0356 2664 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
10:17:34.0372 2664 aliide - ok
10:17:34.0419 2664 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
10:17:34.0434 2664 amdagp - ok
10:17:34.0512 2664 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
10:17:34.0528 2664 amdide - ok
10:17:34.0559 2664 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
10:17:34.0637 2664 AmdK7 - ok
10:17:34.0668 2664 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
10:17:34.0746 2664 AmdK8 - ok
10:17:34.0746 2664 AMDPCI - ok
10:17:34.0840 2664 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
10:17:34.0902 2664 Appinfo - ok
10:17:34.0980 2664 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
10:17:34.0996 2664 arc - ok
10:17:35.0058 2664 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
10:17:35.0074 2664 arcsas - ok
10:17:35.0199 2664 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:17:35.0261 2664 AsyncMac - ok
10:17:35.0401 2664 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
10:17:35.0448 2664 atapi - ok
10:17:35.0589 2664 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:17:35.0651 2664 AudioEndpointBuilder - ok
10:17:35.0760 2664 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:17:35.0791 2664 Audiosrv - ok
10:17:35.0979 2664 AVG Security Toolbar Service (3a457c2f798cad79cd30224e723e01fb) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
10:17:36.0072 2664 AVG Security Toolbar Service - ok
10:17:36.0556 2664 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
10:17:36.0805 2664 AVGIDSAgent - ok
10:17:36.0993 2664 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
10:17:37.0055 2664 AVGIDSDriver - ok
10:17:37.0180 2664 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
10:17:37.0211 2664 AVGIDSEH - ok
10:17:37.0273 2664 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
10:17:37.0289 2664 AVGIDSFilter - ok
10:17:37.0429 2664 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
10:17:37.0445 2664 AVGIDSShim - ok
10:17:37.0461 2664 Avgldx86 - ok
10:17:37.0492 2664 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
10:17:37.0507 2664 Avgmfx86 - ok
10:17:37.0539 2664 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
10:17:37.0554 2664 Avgrkx86 - ok
10:17:37.0695 2664 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
10:17:37.0710 2664 Avgtdix - ok
10:17:37.0882 2664 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
10:17:37.0913 2664 avgwd - ok
10:17:38.0085 2664 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:17:38.0178 2664 Beep - ok
10:17:38.0272 2664 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
10:17:38.0397 2664 BITS - ok
10:17:38.0412 2664 blbdrive - ok
10:17:38.0459 2664 botcbs - ok
10:17:38.0568 2664 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
10:17:38.0615 2664 bowser - ok
10:17:38.0677 2664 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:17:38.0740 2664 BrFiltLo - ok
10:17:38.0771 2664 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:17:38.0818 2664 BrFiltUp - ok
10:17:39.0021 2664 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
10:17:39.0067 2664 Browser - ok
10:17:39.0145 2664 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:17:39.0223 2664 Brserid - ok
10:17:39.0255 2664 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:17:39.0333 2664 BrSerWdm - ok
10:17:39.0364 2664 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:17:39.0411 2664 BrUsbMdm - ok
10:17:39.0442 2664 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:17:39.0504 2664 BrUsbSer - ok
10:17:39.0535 2664 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:17:39.0613 2664 BTHMODEM - ok
10:17:39.0691 2664 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
10:17:39.0738 2664 BthServ - ok
10:17:39.0816 2664 catchme - ok
10:17:39.0972 2664 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:17:40.0019 2664 cdfs - ok
10:17:40.0128 2664 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
10:17:40.0175 2664 cdrom - ok
10:17:40.0269 2664 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
10:17:40.0315 2664 CertPropSvc - ok
10:17:40.0347 2664 cicsclient - ok
10:17:40.0362 2664 cicssfs.scmmc223 - ok
10:17:40.0425 2664 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
10:17:40.0503 2664 circlass - ok
10:17:40.0534 2664 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:17:40.0565 2664 CLFS - ok
10:17:40.0705 2664 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:17:40.0721 2664 clr_optimization_v2.0.50727_32 - ok
10:17:40.0877 2664 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:17:40.0924 2664 clr_optimization_v4.0.30319_32 - ok
10:17:40.0986 2664 CLTNetCnService - ok
10:17:41.0080 2664 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
10:17:41.0095 2664 cmdide - ok
10:17:41.0127 2664 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
10:17:41.0142 2664 Compbatt - ok
10:17:41.0158 2664 COMSysApp - ok
10:17:41.0189 2664 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
10:17:41.0205 2664 crcdisk - ok
10:17:41.0251 2664 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
10:17:41.0345 2664 Crusoe - ok
10:17:41.0423 2664 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
10:17:41.0454 2664 CryptSvc - ok
10:17:41.0563 2664 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
10:17:41.0626 2664 DcomLaunch - ok
10:17:41.0657 2664 DevUpper - ok
10:17:41.0719 2664 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
10:17:41.0766 2664 DfsC - ok
10:17:41.0891 2664 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
10:17:42.0031 2664 DFSR - ok
10:17:42.0203 2664 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
10:17:42.0250 2664 Dhcp - ok
10:17:42.0375 2664 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:17:42.0390 2664 disk - ok
10:17:42.0515 2664 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
10:17:42.0562 2664 Dnscache - ok
10:17:42.0624 2664 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
10:17:42.0671 2664 dot3svc - ok
10:17:42.0733 2664 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
10:17:42.0780 2664 dot4 - ok
10:17:42.0874 2664 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:17:42.0921 2664 Dot4Print - ok
10:17:42.0983 2664 Dot4Scan (a84d8a9006b1ae515cc7b6b3586c295a) C:\Windows\system32\DRIVERS\Dot4Scan.sys
10:17:43.0030 2664 Dot4Scan - ok
10:17:43.0061 2664 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
10:17:43.0092 2664 dot4usb - ok
10:17:43.0139 2664 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
10:17:43.0201 2664 DPS - ok
10:17:43.0295 2664 DQLWinService (a0b584c33f55545d56f9e71fb4e203ac) C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
10:17:43.0326 2664 DQLWinService ( UnsignedFile.Multi.Generic ) - warning
10:17:43.0326 2664 DQLWinService - detected UnsignedFile.Multi.Generic (1)
10:17:43.0467 2664 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:17:43.0513 2664 drmkaud - ok
10:17:43.0591 2664 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
10:17:43.0638 2664 DXGKrnl - ok
10:17:43.0732 2664 E100B (d00eeae1cacd77a1a8396bbc19140bba) C:\Windows\system32\DRIVERS\e100b325.sys
10:17:43.0779 2664 E100B - ok
10:17:43.0841 2664 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:17:43.0935 2664 E1G60 - ok
10:17:44.0013 2664 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
10:17:44.0044 2664 EapHost - ok
10:17:44.0044 2664 earthlinksafeconnectagent - ok
10:17:44.0169 2664 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:17:44.0184 2664 Ecache - ok
10:17:44.0247 2664 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
10:17:44.0293 2664 ehRecvr - ok
10:17:44.0325 2664 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
10:17:44.0371 2664 ehSched - ok
10:17:44.0403 2664 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
10:17:44.0449 2664 ehstart - ok
10:17:44.0543 2664 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
10:17:44.0559 2664 elxstor - ok
10:17:44.0668 2664 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
10:17:44.0730 2664 EMDMgmt - ok
10:17:44.0793 2664 epson_pm_rpcv4_01 - ok
10:17:44.0808 2664 es1371 - ok
10:17:44.0902 2664 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
10:17:44.0949 2664 EventSystem - ok
10:17:44.0995 2664 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:17:45.0073 2664 exfat - ok
10:17:45.0120 2664 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:17:45.0167 2664 fastfat - ok
10:17:45.0183 2664 fasttrackinstallerservice - ok
10:17:45.0276 2664 FaxTalk FaxCenter Pro 7.5 (291401764b9b67424c3e5958fe4f571d) C:\Program Files\FaxTalk Trial\FTmsgsvc.exe
10:17:45.0292 2664 FaxTalk FaxCenter Pro 7.5 ( UnsignedFile.Multi.Generic ) - warning
10:17:45.0292 2664 FaxTalk FaxCenter Pro 7.5 - detected UnsignedFile.Multi.Generic (1)
10:17:45.0354 2664 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
10:17:45.0432 2664 fdc - ok
10:17:45.0495 2664 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
10:17:45.0541 2664 fdPHost - ok
10:17:45.0573 2664 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
10:17:45.0635 2664 FDResPub - ok
10:17:45.0744 2664 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:17:45.0760 2664 FileInfo - ok
10:17:45.0791 2664 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:17:45.0853 2664 Filetrace - ok
10:17:46.0009 2664 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:17:46.0056 2664 FLEXnet Licensing Service - ok
10:17:46.0165 2664 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
10:17:46.0259 2664 flpydisk - ok
10:17:46.0384 2664 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:17:46.0415 2664 FltMgr - ok
10:17:46.0555 2664 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
10:17:46.0665 2664 FontCache - ok
10:17:46.0789 2664 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:17:46.0805 2664 FontCache3.0.0.0 - ok
10:17:46.0930 2664 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
10:17:46.0945 2664 Fs_Rec - ok
10:17:46.0977 2664 ftdisk - ok
10:17:47.0023 2664 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
10:17:47.0055 2664 gagp30kx - ok
10:17:47.0226 2664 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
10:17:47.0351 2664 gpsvc - ok
10:17:47.0413 2664 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
10:17:47.0429 2664 gupdate - ok
10:17:47.0476 2664 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
10:17:47.0491 2664 gupdatem - ok
10:17:47.0523 2664 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:17:47.0538 2664 gusvc - ok
10:17:47.0694 2664 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
10:17:47.0803 2664 HdAudAddService - ok
10:17:47.0913 2664 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:17:47.0975 2664 HDAudBus - ok
10:17:48.0022 2664 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:17:48.0084 2664 HidBth - ok
10:17:48.0131 2664 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:17:48.0209 2664 HidIr - ok
10:17:48.0303 2664 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
10:17:48.0334 2664 hidserv - ok
10:17:48.0365 2664 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:17:48.0427 2664 HidUsb - ok
10:17:48.0490 2664 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
10:17:48.0537 2664 hkmsvc - ok
10:17:48.0630 2664 hotcore3 (c0ed270475fc2ecb21019bb7728fa1c2) C:\Windows\system32\DRIVERS\hotcore3.sys
10:17:48.0646 2664 hotcore3 - ok
10:17:48.0724 2664 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
10:17:48.0739 2664 HpCISSs - ok
10:17:48.0864 2664 hpqcxs08 (af81f7ba6a09119006fe041a2f2f3ece) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:17:48.0895 2664 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
10:17:48.0895 2664 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
10:17:48.0911 2664 hpqddsvc (7244f63db8ea883b3dc8e730c645d073) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
10:17:48.0942 2664 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
10:17:48.0942 2664 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
10:17:49.0036 2664 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
10:17:49.0145 2664 HSF_DP - ok
10:17:49.0301 2664 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
10:17:49.0317 2664 HSXHWBS2 - ok
10:17:49.0395 2664 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:17:49.0457 2664 HTTP - ok
10:17:49.0535 2664 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
10:17:49.0551 2664 i2omp - ok
10:17:49.0644 2664 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:17:49.0707 2664 i8042prt - ok
10:17:49.0800 2664 IAANTMON (0bcee844a02747dd7f1e30352e619f2e) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
10:17:49.0816 2664 IAANTMON ( UnsignedFile.Multi.Generic ) - warning
10:17:49.0816 2664 IAANTMON - detected UnsignedFile.Multi.Generic (1)
10:17:49.0909 2664 iaStor (e9f704ca833bd24bfaa3b4a59707633a) C:\Windows\system32\drivers\iastor.sys
10:17:49.0972 2664 iaStor - ok
10:17:50.0019 2664 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
10:17:50.0050 2664 iaStorV - ok
10:17:50.0143 2664 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:17:50.0206 2664 idsvc - ok
10:17:50.0206 2664 igateway - ok
10:17:50.0362 2664 igfx (62f534791ae488a475a3e508d92af4cc) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:17:50.0549 2664 igfx - ok
10:17:50.0721 2664 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:17:50.0752 2664 iirsp - ok
10:17:51.0001 2664 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
10:17:51.0064 2664 IKEEXT - ok
10:17:51.0173 2664 IntcAzAudAddService (a47b2875680ad67b35c6150bd0203056) C:\Windows\system32\drivers\RTKVHDA.sys
10:17:51.0267 2664 IntcAzAudAddService - ok
10:17:51.0469 2664 IntelDHSvcConf (ce5af42679dd85947d2d287594f22ce0) C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
10:17:51.0501 2664 IntelDHSvcConf ( UnsignedFile.Multi.Generic ) - warning
10:17:51.0501 2664 IntelDHSvcConf - detected UnsignedFile.Multi.Generic (1)
10:17:51.0719 2664 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
10:17:51.0735 2664 intelide - ok
10:17:51.0844 2664 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:17:51.0906 2664 intelppm - ok
10:17:51.0984 2664 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
10:17:52.0047 2664 IPBusEnum - ok
10:17:52.0171 2664 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:17:52.0218 2664 IpFilterDriver - ok
10:17:52.0296 2664 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
10:17:52.0390 2664 iphlpsvc - ok
10:17:52.0499 2664 IpInIp - ok
10:17:52.0639 2664 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
10:17:52.0717 2664 IPMIDRV - ok
10:17:52.0764 2664 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:17:52.0795 2664 IPNAT - ok
10:17:52.0889 2664 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:17:52.0920 2664 IRENUM - ok
10:17:52.0951 2664 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
10:17:52.0967 2664 isapnp - ok
10:17:53.0061 2664 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:17:53.0076 2664 iScsiPrt - ok
10:17:53.0154 2664 ISSM (e29ba28f76c5a703e7f30f74cf36df22) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
10:17:53.0185 2664 ISSM ( UnsignedFile.Multi.Generic ) - warning
10:17:53.0185 2664 ISSM - detected UnsignedFile.Multi.Generic (1)
10:17:53.0232 2664 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:17:53.0248 2664 iteatapi - ok
10:17:53.0295 2664 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:17:53.0310 2664 iteraid - ok
10:17:53.0357 2664 kavsvc - ok
10:17:53.0435 2664 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:17:53.0451 2664 kbdclass - ok
10:17:53.0513 2664 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
10:17:53.0591 2664 kbdhid - ok
10:17:53.0700 2664 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:17:53.0747 2664 KeyIso - ok
10:17:53.0825 2664 klif - ok
10:17:53.0872 2664 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
10:17:53.0919 2664 KSecDD - ok
10:17:54.0012 2664 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
10:17:54.0137 2664 KtmRm - ok
10:17:54.0199 2664 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
10:17:54.0246 2664 LanmanServer - ok
10:17:54.0387 2664 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
10:17:54.0449 2664 LanmanWorkstation - ok
10:17:54.0558 2664 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
10:17:54.0589 2664 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
10:17:54.0589 2664 LightScribeService - detected UnsignedFile.Multi.Generic (1)
10:17:54.0730 2664 LiveUpdate (a97eeb81f05bce3d7aa6c81f04ef39a4) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
10:17:54.0979 2664 LiveUpdate - ok
10:17:55.0135 2664 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:17:55.0182 2664 lltdio - ok
10:17:55.0323 2664 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
10:17:55.0385 2664 lltdsvc - ok
10:17:55.0510 2664 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
10:17:55.0557 2664 lmhosts - ok
10:17:55.0619 2664 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
10:17:55.0635 2664 LSI_FC - ok
10:17:55.0666 2664 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
10:17:55.0681 2664 LSI_SAS - ok
10:17:55.0744 2664 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
10:17:55.0759 2664 LSI_SCSI - ok
10:17:55.0853 2664 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:17:55.0900 2664 luafv - ok
10:17:56.0009 2664 M1 Server (7b073fd0133346d0e555353f164057d7) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
10:17:56.0009 2664 M1 Server ( UnsignedFile.Multi.Generic ) - warning
10:17:56.0009 2664 M1 Server - detected UnsignedFile.Multi.Generic (1)
10:17:56.0071 2664 MaxtorFrontPanel1 - ok
10:17:56.0134 2664 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
10:17:56.0149 2664 mcdbus ( UnsignedFile.Multi.Generic ) - warning
10:17:56.0149 2664 mcdbus - detected UnsignedFile.Multi.Generic (1)
10:17:56.0196 2664 MCLServiceATL (7bba15ca5a2aa4e50c7cbfb78d11db25) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
10:17:56.0227 2664 MCLServiceATL ( UnsignedFile.Multi.Generic ) - warning
10:17:56.0227 2664 MCLServiceATL - detected UnsignedFile.Multi.Generic (1)
10:17:56.0305 2664 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2svc.dll
10:17:56.0337 2664 Mcx2Svc - ok
10:17:56.0368 2664 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:17:56.0415 2664 mdmxsdk - ok
10:17:56.0477 2664 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
10:17:56.0493 2664 megasas - ok
10:17:56.0602 2664 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:17:56.0633 2664 MMCSS - ok
10:17:56.0664 2664 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:17:56.0742 2664 Modem - ok
10:17:56.0867 2664 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:17:56.0929 2664 monitor - ok
10:17:57.0007 2664 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:17:57.0039 2664 mouclass - ok
10:17:57.0101 2664 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:17:57.0132 2664 mouhid - ok
10:17:57.0195 2664 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:17:57.0210 2664 MountMgr - ok
10:17:57.0273 2664 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
10:17:57.0288 2664 mpio - ok
10:17:57.0335 2664 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:17:57.0382 2664 mpsdrv - ok
10:17:57.0429 2664 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:17:57.0444 2664 Mraid35x - ok
10:17:57.0538 2664 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:17:57.0553 2664 MRxDAV - ok
10:17:57.0600 2664 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:17:57.0663 2664 mrxsmb - ok
10:17:57.0741 2664 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:17:57.0772 2664 mrxsmb10 - ok
10:17:57.0803 2664 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:17:57.0834 2664 mrxsmb20 - ok
10:17:57.0881 2664 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
10:17:57.0897 2664 msahci - ok
10:17:57.0959 2664 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
10:17:57.0975 2664 msdsm - ok
10:17:58.0084 2664 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
10:17:58.0131 2664 MSDTC - ok
10:17:58.0177 2664 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:17:58.0224 2664 Msfs - ok
10:17:58.0287 2664 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:17:58.0302 2664 msisadrv - ok
10:17:58.0411 2664 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
10:17:58.0474 2664 MSiSCSI - ok
10:17:58.0505 2664 msiserver - ok
10:17:58.0599 2664 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:17:58.0645 2664 MSKSSRV - ok
10:17:58.0739 2664 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:17:58.0770 2664 MSPCLOCK - ok
10:17:58.0911 2664 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:17:58.0957 2664 MSPQM - ok
10:17:59.0051 2664 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:17:59.0067 2664 MsRPC - ok
10:17:59.0145 2664 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:17:59.0160 2664 mssmbios - ok
10:17:59.0191 2664 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:17:59.0254 2664 MSTEE - ok
10:17:59.0332 2664 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:17:59.0347 2664 Mup - ok
10:17:59.0363 2664 mwstick - ok
10:17:59.0441 2664 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
10:17:59.0488 2664 napagent - ok
10:17:59.0566 2664 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:17:59.0613 2664 NativeWifiP - ok
10:17:59.0644 2664 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:17:59.0675 2664 NDIS - ok
10:17:59.0753 2664 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:17:59.0784 2664 NdisTapi - ok
10:17:59.0800 2664 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:17:59.0847 2664 Ndisuio - ok
10:17:59.0893 2664 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:17:59.0940 2664 NdisWan - ok
10:18:00.0003 2664 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:18:00.0034 2664 NDProxy - ok
10:18:00.0174 2664 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
10:18:00.0190 2664 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:18:00.0190 2664 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:18:00.0252 2664 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:18:00.0299 2664 NetBIOS - ok
10:18:00.0361 2664 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:18:00.0393 2664 netbt - ok
10:18:00.0502 2664 NetBurn (521ac031b415ae02c4c18ac5085a32f1) C:\Windows\system32\DRIVERS\NetBurn.sys
10:18:00.0517 2664 NetBurn - ok
10:18:00.0627 2664 NetBurnerService (451397251d8be3cc42af6e21e0243bed) C:\Program Files\Paragon Software\Drive Backup 9 Professional\Net Burner Service\NetBurnerService.exe
10:18:00.0642 2664 NetBurnerService - ok
10:18:00.0767 2664 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:18:00.0783 2664 Netlogon - ok
10:18:00.0861 2664 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
10:18:00.0907 2664 Netman - ok
10:18:01.0001 2664 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
10:18:01.0063 2664 netprofm - ok
10:18:01.0157 2664 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:18:01.0188 2664 NetTcpPortSharing - ok
10:18:01.0251 2664 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:18:01.0266 2664 nfrd960 - ok
10:18:01.0282 2664 nhcDriverDevice - ok
10:18:01.0313 2664 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
10:18:01.0360 2664 NlaSvc - ok
10:18:01.0391 2664 nmsaccess - ok
10:18:01.0469 2664 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:18:01.0500 2664 Npfs - ok
10:18:01.0531 2664 NPPTNT - ok
10:18:01.0609 2664 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
10:18:01.0641 2664 nsi - ok
10:18:01.0703 2664 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:18:01.0797 2664 nsiproxy - ok
10:18:01.0921 2664 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:18:01.0984 2664 Ntfs - ok
10:18:02.0031 2664 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:18:02.0140 2664 ntrigdigi - ok
10:18:02.0202 2664 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:18:02.0265 2664 Null - ok
10:18:02.0296 2664 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
10:18:02.0311 2664 nvraid - ok
10:18:02.0389 2664 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
10:18:02.0405 2664 nvstor - ok
10:18:02.0467 2664 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
10:18:02.0499 2664 nv_agp - ok
10:18:02.0499 2664 NWHOST - ok
10:18:02.0530 2664 NwlnkFlt - ok
10:18:02.0545 2664 NwlnkFwd - ok
10:18:02.0639 2664 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:18:02.0670 2664 odserv - ok
10:18:02.0795 2664 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
10:18:02.0826 2664 ohci1394 - ok
10:18:02.0842 2664 oraclewebassistant - ok
10:18:02.0889 2664 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:18:02.0904 2664 ose - ok
10:18:03.0138 2664 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:18:03.0372 2664 osppsvc - ok
10:18:03.0528 2664 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:18:03.0637 2664 p2pimsvc - ok
10:18:03.0715 2664 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:18:03.0778 2664 p2psvc - ok
10:18:03.0856 2664 pageserver - ok
10:18:03.0871 2664 parallel - ok
10:18:03.0949 2664 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:18:03.0996 2664 Parport - ok
10:18:04.0074 2664 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
10:18:04.0090 2664 partmgr - ok
10:18:04.0152 2664 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:18:04.0199 2664 Parvdm - ok
10:18:04.0293 2664 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
10:18:04.0386 2664 PcaSvc - ok
10:18:04.0464 2664 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:18:04.0495 2664 pci - ok
10:18:04.0605 2664 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
10:18:04.0620 2664 pciide - ok
10:18:04.0667 2664 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
10:18:04.0683 2664 pcmcia - ok
10:18:04.0807 2664 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:18:04.0932 2664 PEAUTH - ok
10:18:05.0041 2664 pelusblf - ok
10:18:05.0166 2664 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
10:18:05.0369 2664 pla - ok
10:18:05.0494 2664 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
10:18:05.0572 2664 PlugPlay - ok
10:18:05.0603 2664 pmj151la - ok
10:18:05.0665 2664 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
10:18:05.0681 2664 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:18:05.0681 2664 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:18:05.0775 2664 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:18:05.0806 2664 PNRPAutoReg - ok
10:18:05.0868 2664 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:18:05.0931 2664 PNRPsvc - ok
10:18:06.0071 2664 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
10:18:06.0133 2664 PolicyAgent - ok
10:18:06.0243 2664 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:18:06.0274 2664 PptpMiniport - ok
10:18:06.0352 2664 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
10:18:06.0399 2664 Processor - ok
10:18:06.0477 2664 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
10:18:06.0508 2664 ProfSvc - ok
10:18:06.0570 2664 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:18:06.0586 2664 ProtectedStorage - ok
10:18:06.0648 2664 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:18:06.0726 2664 PSched - ok
10:18:06.0742 2664 PxHelp20 - ok
10:18:06.0898 2664 QBCFMonitorService (c8afe59e2d1fda67a6c5777a13082103) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
10:18:06.0913 2664 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
10:18:06.0913 2664 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
10:18:06.0976 2664 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
10:18:07.0038 2664 QBFCService ( UnsignedFile.Multi.Generic ) - warning
10:18:07.0038 2664 QBFCService - detected UnsignedFile.Multi.Generic (1)
10:18:07.0116 2664 qcmerced - ok
10:18:07.0272 2664 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
10:18:07.0319 2664 ql2300 - ok
10:18:07.0381 2664 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:18:07.0397 2664 ql40xx - ok
10:18:07.0459 2664 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
10:18:07.0522 2664 QWAVE - ok
10:18:07.0600 2664 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:18:07.0631 2664 QWAVEdrv - ok
10:18:07.0725 2664 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
10:18:07.0740 2664 RapiMgr - ok
10:18:07.0818 2664 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:18:07.0865 2664 RasAcd - ok
10:18:07.0927 2664 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
10:18:07.0974 2664 RasAuto - ok
10:18:08.0115 2664 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:18:08.0161 2664 Rasl2tp - ok
10:18:08.0224 2664 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
10:18:08.0271 2664 RasMan - ok
10:18:08.0333 2664 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:18:08.0364 2664 RasPppoe - ok
10:18:08.0411 2664 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:18:08.0442 2664 RasSstp - ok
10:18:08.0505 2664 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:18:08.0551 2664 rdbss - ok
10:18:08.0583 2664 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:18:08.0629 2664 RDPCDD - ok
10:18:08.0692 2664 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
10:18:08.0770 2664 rdpdr - ok
10:18:08.0848 2664 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:18:08.0879 2664 RDPENCDD - ok
10:18:08.0973 2664 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
10:18:09.0051 2664 RDPWD - ok
10:18:09.0160 2664 Remote UI Service (752402f6bd5fa012805813c329f88dd3) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
10:18:09.0191 2664 Remote UI Service ( UnsignedFile.Multi.Generic ) - warning
10:18:09.0191 2664 Remote UI Service - detected UnsignedFile.Multi.Generic (1)
10:18:09.0316 2664 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
10:18:09.0347 2664 RemoteAccess - ok
10:18:09.0409 2664 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
10:18:09.0456 2664 RemoteRegistry - ok
10:18:09.0487 2664 roxupnpserver - ok
10:18:09.0534 2664 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
10:18:09.0581 2664 RpcLocator - ok
10:18:09.0659 2664 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
10:18:09.0706 2664 RpcSs - ok
10:18:09.0799 2664 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:18:09.0846 2664 rspndr - ok
10:18:09.0862 2664 rt73 - ok
10:18:09.0893 2664 s616unic - ok
10:18:09.0940 2664 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:18:09.0955 2664 SamSs - ok
10:18:10.0033 2664 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:18:10.0049 2664 sbp2port - ok
10:18:10.0158 2664 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
10:18:10.0189 2664 SBSDWSCService - ok
10:18:10.0330 2664 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
10:18:10.0361 2664 SCardSvr - ok
10:18:10.0455 2664 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
10:18:10.0548 2664 Schedule - ok
10:18:10.0626 2664 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
10:18:10.0657 2664 SCPolicySvc - ok
10:18:10.0735 2664 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
10:18:10.0813 2664 SDRSVC - ok
10:18:10.0891 2664 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:18:10.0954 2664 secdrv - ok
10:18:10.0969 2664 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
10:18:11.0032 2664 seclogon - ok
10:18:11.0094 2664 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
10:18:11.0141 2664 SENS - ok
10:18:11.0172 2664 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
10:18:11.0219 2664 Serenum - ok
10:18:11.0250 2664 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
10:18:11.0313 2664 Serial - ok
10:18:11.0391 2664 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:18:11.0422 2664 sermouse - ok
10:18:11.0484 2664 servicemgr - ok
10:18:11.0531 2664 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
10:18:11.0578 2664 SessionEnv - ok
10:18:11.0609 2664 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
10:18:11.0656 2664 sffdisk - ok
10:18:11.0671 2664 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
10:18:11.0749 2664 sffp_mmc - ok
10:18:11.0765 2664 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
10:18:11.0843 2664 sffp_sd - ok
10:18:11.0874 2664 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:18:11.0968 2664 sfloppy - ok
10:18:12.0046 2664 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
10:18:12.0108 2664 SharedAccess - ok
10:18:12.0217 2664 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
10:18:12.0280 2664 ShellHWDetection - ok
10:18:12.0342 2664 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
10:18:12.0358 2664 sisagp - ok
10:18:12.0389 2664 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
10:18:12.0420 2664 SiSRaid2 - ok
10:18:12.0467 2664 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
10:18:12.0483 2664 SiSRaid4 - ok
10:18:12.0576 2664 Sk99202k - ok
10:18:12.0748 2664 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
10:18:12.0966 2664 slsvc - ok
10:18:13.0091 2664 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
10:18:13.0153 2664 SLUINotify - ok
10:18:13.0216 2664 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
10:18:13.0263 2664 Smb - ok
10:18:13.0294 2664 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
10:18:13.0309 2664 SNMPTRAP - ok
10:18:13.0387 2664 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:18:13.0419 2664 spldr - ok
10:18:13.0481 2664 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
10:18:13.0512 2664 Spooler - ok
10:18:13.0559 2664 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
10:18:13.0559 2664 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
10:18:13.0559 2664 sptd ( LockedFile.Multi.Generic ) - warning
10:18:13.0559 2664 sptd - detected LockedFile.Multi.Generic (1)
10:18:13.0653 2664 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
10:18:13.0699 2664 srv - ok
10:18:13.0809 2664 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
10:18:13.0871 2664 srv2 - ok
10:18:13.0949 2664 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
10:18:13.0965 2664 srvnet - ok
10:18:13.0980 2664 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
10:18:14.0043 2664 SSDPSRV - ok
10:18:14.0152 2664 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
10:18:14.0183 2664 SstpSvc - ok
10:18:14.0292 2664 StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
10:18:14.0308 2664 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
10:18:14.0308 2664 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
10:18:14.0370 2664 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
10:18:14.0448 2664 stisvc - ok
10:18:14.0526 2664 StkScan - ok
10:18:14.0651 2664 stllssvr (d4ce4d370a26ae1bf41be9f69d24d049) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
10:18:14.0667 2664 stllssvr - ok
10:18:14.0760 2664 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:18:14.0776 2664 swenum - ok
10:18:14.0854 2664 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
10:18:14.0963 2664 swprv - ok
10:18:15.0041 2664 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:18:15.0057 2664 Symc8xx - ok
10:18:15.0103 2664 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:18:15.0119 2664 Sym_hi - ok
10:18:15.0166 2664 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:18:15.0181 2664 Sym_u3 - ok
10:18:15.0244 2664 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
10:18:15.0291 2664 SysMain - ok
10:18:15.0353 2664 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
10:18:15.0384 2664 TabletInputService - ok
10:18:15.0462 2664 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
10:18:15.0493 2664 TapiSrv - ok
10:18:15.0587 2664 tappsrv - ok
10:18:15.0618 2664 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
10:18:15.0665 2664 TBS - ok
10:18:15.0759 2664 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
10:18:15.0805 2664 Tcpip - ok
10:18:15.0915 2664 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
10:18:15.0946 2664 Tcpip6 - ok
10:18:16.0039 2664 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
10:18:16.0071 2664 tcpipreg - ok
10:18:16.0149 2664 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:18:16.0195 2664 TDPIPE - ok
10:18:16.0227 2664 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:18:16.0258 2664 TDTCP - ok
10:18:16.0320 2664 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:18:16.0351 2664 tdx - ok
10:18:16.0570 2664 TeamViewer7 (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
10:18:16.0710 2664 TeamViewer7 - ok
10:18:16.0835 2664 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
10:18:16.0851 2664 TermDD - ok
10:18:16.0975 2664 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
10:18:17.0131 2664 TermService - ok
10:18:17.0225 2664 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
10:18:17.0256 2664 Themes - ok
10:18:17.0319 2664 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:18:17.0350 2664 THREADORDER - ok
10:18:17.0381 2664 tm_cfw - ok
10:18:17.0428 2664 TomTomHOMEService (fbd16717fd68b206c4ce3bb3c9ee5cb3) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
10:18:17.0443 2664 TomTomHOMEService - ok
10:18:17.0537 2664 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
10:18:17.0584 2664 TrkWks - ok
10:18:17.0646 2664 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
10:18:17.0677 2664 TrustedInstaller - ok
10:18:17.0802 2664 TSHWMDTCP (a7d055f92c8ea06849cefc0e3aa78730) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
10:18:17.0802 2664 TSHWMDTCP ( UnsignedFile.Multi.Generic ) - warning
10:18:17.0802 2664 TSHWMDTCP - detected UnsignedFile.Multi.Generic (1)
10:18:17.0911 2664 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:18:17.0958 2664 tssecsrv - ok
10:18:18.0052 2664 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:18:18.0083 2664 tunmp - ok
10:18:18.0099 2664 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
10:18:18.0130 2664 tunnel - ok
10:18:18.0177 2664 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
10:18:18.0192 2664 uagp35 - ok
10:18:18.0255 2664 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:18:18.0301 2664 udfs - ok
10:18:18.0395 2664 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
10:18:18.0426 2664 UI0Detect - ok
10:18:18.0457 2664 UimBus (bec6b6158c180b974559294ee76b1290) C:\Windows\system32\DRIVERS\UimBus.sys
10:18:18.0473 2664 UimBus - ok
10:18:18.0567 2664 Uim_IM (6e50091b6a7c6d085d2b81c9068962bb) C:\Windows\system32\Drivers\Uim_IM.sys
10:18:18.0567 2664 Uim_IM - ok
10:18:18.0598 2664 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
10:18:18.0613 2664 uliagpkx - ok
10:18:18.0645 2664 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
10:18:18.0660 2664 uliahci - ok
10:18:18.0707 2664 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:18:18.0723 2664 UlSata - ok
10:18:18.0847 2664 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:18:18.0863 2664 ulsata2 - ok
10:18:18.0910 2664 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:18:18.0941 2664 umbus - ok
10:18:19.0019 2664 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
10:18:19.0097 2664 upnphost - ok
10:18:19.0175 2664 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:18:19.0206 2664 usbccgp - ok
10:18:19.0269 2664 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:18:19.0331 2664 usbcir - ok
10:18:19.0409 2664 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:18:19.0456 2664 usbehci - ok
10:18:19.0503 2664 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:18:19.0549 2664 usbhub - ok
10:18:19.0565 2664 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
10:18:19.0643 2664 usbohci - ok
10:18:19.0690 2664 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
10:18:19.0752 2664 usbprint - ok
10:18:19.0768 2664 usbsermptxp - ok
10:18:19.0783 2664 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:18:19.0830 2664 USBSTOR - ok
10:18:19.0955 2664 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:18:20.0002 2664 usbuhci - ok
10:18:20.0033 2664 USB_NDIS_51 - ok
10:18:20.0111 2664 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
10:18:20.0142 2664 UxSms - ok
10:18:20.0173 2664 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
10:18:20.0220 2664 vds - ok
10:18:20.0267 2664 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
10:18:20.0329 2664 vga - ok
10:18:20.0407 2664 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:18:20.0439 2664 VgaSave - ok
10:18:20.0454 2664 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
10:18:20.0470 2664 viaagp - ok
10:18:20.0517 2664 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
10:18:20.0579 2664 ViaC7 - ok
10:18:20.0595 2664 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
10:18:20.0610 2664 viaide - ok
10:18:20.0673 2664 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:18:20.0688 2664 volmgr - ok
10:18:20.0766 2664 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:18:20.0813 2664 volmgrx - ok
10:18:20.0875 2664 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:18:20.0922 2664 volsnap - ok
10:18:21.0031 2664 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
10:18:21.0047 2664 vsmraid - ok
10:18:21.0109 2664 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
10:18:21.0219 2664 VSS - ok
10:18:21.0453 2664 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
10:18:21.0515 2664 vToolbarUpdater10.2.0 - ok
10:18:21.0655 2664 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
10:18:21.0780 2664 W32Time - ok
10:18:21.0827 2664 W700mdm - ok
10:18:21.0858 2664 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:18:21.0921 2664 WacomPen - ok
10:18:22.0014 2664 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:18:22.0045 2664 Wanarp - ok
10:18:22.0061 2664 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:18:22.0092 2664 Wanarpv6 - ok
10:18:22.0139 2664 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
10:18:22.0170 2664 WcesComm - ok
10:18:22.0264 2664 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
10:18:22.0311 2664 wcncsvc - ok
10:18:22.0373 2664 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
10:18:22.0420 2664 WcsPlugInService - ok
10:18:22.0513 2664 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
10:18:22.0529 2664 Wd - ok
10:18:22.0654 2664 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
10:18:22.0701 2664 Wdf01000 - ok
10:18:22.0810 2664 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:18:22.0872 2664 WdiServiceHost - ok
10:18:22.0872 2664 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:18:22.0903 2664 WdiSystemHost - ok
10:18:22.0997 2664 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
10:18:23.0044 2664 WebClient - ok
10:18:23.0122 2664 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
10:18:23.0184 2664 Wecsvc - ok
10:18:23.0184 2664 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
10:18:23.0231 2664 wercplsupport - ok
10:18:23.0309 2664 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
10:18:23.0356 2664 WerSvc - ok
10:18:23.0403 2664 wfxsvc (be2157595c087207676ec716a6be4cce) C:\Windows\system32\WFXSVC.EXE
10:18:23.0418 2664 wfxsvc ( UnsignedFile.Multi.Generic ) - warning
10:18:23.0418 2664 wfxsvc - detected UnsignedFile.Multi.Generic (1)
10:18:23.0496 2664 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
10:18:23.0621 2664 winachsf - ok
10:18:23.0746 2664 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
10:18:23.0777 2664 WinDefend - ok
10:18:23.0777 2664 WinHttpAutoProxySvc - ok
10:18:23.0949 2664 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
10:18:23.0964 2664 Winmgmt - ok
10:18:24.0073 2664 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
10:18:24.0167 2664 WinRM - ok
10:18:24.0229 2664 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
10:18:24.0276 2664 winusb - ok
10:18:24.0370 2664 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
10:18:24.0432 2664 Wlansvc - ok
10:18:24.0479 2664 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
10:18:24.0541 2664 WmiAcpi - ok
10:18:24.0619 2664 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
10:18:24.0651 2664 wmiApSrv - ok
10:18:24.0775 2664 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:18:24.0853 2664 WMPNetworkSvc - ok
10:18:24.0978 2664 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
10:18:25.0072 2664 WPCSvc - ok
10:18:25.0134 2664 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
10:18:25.0181 2664 WPDBusEnum - ok
10:18:25.0399 2664 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:18:25.0431 2664 WPFFontCache_v0400 - ok
10:18:25.0571 2664 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:18:25.0602 2664 ws2ifsl - ok
10:18:25.0633 2664 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
10:18:25.0665 2664 wscsvc - ok
10:18:25.0696 2664 WSearch - ok
10:18:25.0805 2664 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
10:18:25.0930 2664 wuauserv - ok
10:18:26.0086 2664 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:18:26.0133 2664 WUDFRd - ok
10:18:26.0211 2664 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
10:18:26.0257 2664 wudfsvc - ok
10:18:26.0257 2664 X4HSX32 - ok
10:18:26.0320 2664 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
10:18:26.0351 2664 XAudio - ok
10:18:26.0382 2664 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
10:18:26.0429 2664 XAudioService - ok
10:18:26.0569 2664 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
10:18:26.0616 2664 YahooAUService - ok
10:18:26.0694 2664 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
10:18:26.0835 2664 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:18:26.0835 2664 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:18:26.0866 2664 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
10:18:26.0913 2664 \Device\Harddisk1\DR1 - ok
10:18:26.0928 2664 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR2
10:18:27.0427 2664 \Device\Harddisk2\DR2 - ok
10:18:27.0427 2664 Boot (0x1200) (a20c96e7ec85181d056d4791dbedd408) \Device\Harddisk0\DR0\Partition0
10:18:27.0443 2664 \Device\Harddisk0\DR0\Partition0 - ok
10:18:27.0443 2664 Boot (0x1200) (07e70eef87666262024aa001514004d5) \Device\Harddisk0\DR0\Partition1
10:18:27.0443 2664 \Device\Harddisk0\DR0\Partition1 - ok
10:18:27.0474 2664 Boot (0x1200) (f13e2bc702b7e907cee9916c87ad86b8) \Device\Harddisk1\DR1\Partition0
10:18:27.0474 2664 \Device\Harddisk1\DR1\Partition0 - ok
10:18:27.0505 2664 Boot (0x1200) (c6306ed7bb5361ec7b3e74e980d5b733) \Device\Harddisk2\DR2\Partition0
10:18:27.0505 2664 \Device\Harddisk2\DR2\Partition0 - ok
10:18:27.0505 2664 ============================================================
10:18:27.0505 2664 Scan finished
10:18:27.0505 2664 ============================================================
10:18:27.0537 4788 Detected object count: 23
10:18:27.0537 4788 Actual detected object count: 23
10:19:23.0260 4788 AdfuUd ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:23.0260 4788 AdfuUd ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:23.0260 4788 AlertService ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:23.0260 4788 AlertService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:23.0260 4788 DQLWinService ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:23.0260 4788 DQLWinService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:23.0275 4788 FaxTalk FaxCenter Pro 7.5 ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:23.0275 4788 FaxTalk FaxCenter Pro 7.5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:23.0275 4788 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:23.0275 4788 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:23.0275 4788 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:23.0275 4788 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:23.0275 4788 IAANTMON ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:23.0275 4788 IAANTMON ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:23.0291 4788 IntelDHSvcConf ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:23.0291 4788 IntelDHSvcConf ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:23.0291 4788 ISSM ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:23.0291 4788 ISSM ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:23.0291 4788 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:23.0291 4788 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:23.0291 4788 M1 Server ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:23.0291 4788 M1 Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:23.0291 4788 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:23.0291 4788 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:23.0307 4788 MCLServiceATL ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:23.0307 4788 MCLServiceATL ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:23.0307 4788 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:23.0307 4788 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:23.0307 4788 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:23.0307 4788 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:23.0307 4788 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:23.0307 4788 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:23.0322 4788 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:23.0322 4788 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:23.0322 4788 Remote UI Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:23.0322 4788 Remote UI Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:23.0322 4788 sptd ( LockedFile.Multi.Generic ) - skipped by user
10:19:23.0322 4788 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
10:19:23.0338 4788 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:23.0338 4788 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:23.0338 4788 TSHWMDTCP ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:23.0338 4788 TSHWMDTCP ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:23.0338 4788 wfxsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:23.0338 4788 wfxsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:23.0338 4788 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:19:23.0338 4788 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:22 PM

Posted 31 March 2012 - 03:36 PM

TDSSKiller detected the presence of a TDLFS file system.

10:19:23.0338 4788 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:19:23.0338 4788 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

This means there was either a TDL4 rootkit or TDL4/Max++ Rootkit present on the system at some point and the hidden partition that the infection used was detected as a harmless remnant. The infection has been neutralized and no longer a threat since there no longer is a loading point.

If you are are using a CD Emulator (Daemon Tools, Alchohol, Astroburn, AnyDVD) be aware that they use hidden drivers with rootkit-like techniques and can interfere with investigative tools producing misleading or inaccurate scan results. Since this is the case, please follow these instructions to disable CD Emulators. To completely uninstall (which I recommend) the SPTD driver these emulators use so our tools may run unhindered, follow the steps here. They can be re-installed after your computer has been cleaned.


Please print out and follow these instructions for downloading and performing a scan with ComboFix Posted Image .
--Be sure to save ComboFix to your Desktop. <-Important!!!

Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. XP users need to install the Recovery Console first.
  • Temporarily disable your anti-virus, and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
  • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
  • Be sure to re-enable your anti-virus and other security programs.
-- Do not touch your mouse/keyboard until ComboFix has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.

Do NOT use ComboFix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read ComboFix's Disclaimer.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 JReich

JReich
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 01 April 2012 - 04:54 PM

ComboFix Log

ComboFix 12-04-01.01 - Kerry 04/01/2012 13:58:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2550.1820 [GMT -7:00]
Running from: c:\users\Kerry\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\hb_1649.tmp
C:\hb_6EF2.tmp
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico
c:\users\Kerry\AppData\Roaming\chrtmp
c:\users\Kerry\AppData\Roaming\MicroST
c:\users\Kerry\AppData\Roaming\MicroST\Dat100F.tmp.xsi
c:\users\Kerry\AppData\Roaming\MicroST\Dat25A1.tmp.xsi
c:\users\Kerry\AppData\Roaming\MicroST\Dat2AFF.tmp.xsi
c:\users\Kerry\AppData\Roaming\MicroST\Dat4E49.tmp.xsi
c:\users\Kerry\AppData\Roaming\MicroST\Dat5360.tmp.xsi
c:\users\Kerry\AppData\Roaming\MicroST\Dat56A6.tmp.xsi
c:\users\Kerry\AppData\Roaming\MicroST\Dat6C83.tmp.xsi
c:\users\Kerry\AppData\Roaming\MicroST\Dat72A7.tmp.xsi
c:\users\Kerry\AppData\Roaming\MicroST\Dat7B99.tmp.xsi
c:\users\Kerry\AppData\Roaming\MicroST\Dat9CF1.tmp.xsi
c:\users\Kerry\AppData\Roaming\MicroST\DatB73E.tmp.xsi
c:\users\Kerry\AppData\Roaming\MicroST\DatC719.tmp.xsi
c:\users\Kerry\AppData\Roaming\MicroST\DatD0B7.tmp.xsi
c:\users\Kerry\AppData\Roaming\MicroST\DatD537.tmp.xsi
c:\users\Kerry\AppData\Roaming\MicroST\DatE282.tmp.xsi
c:\users\Kerry\AppData\Roaming\MicroST\DatF16F.tmp.xsi
c:\users\Kerry\AppData\Roaming\MicroST\DatF5FE.tmp.xsi
c:\users\Kerry\AppData\Roaming\MicroST\DatFDF1.tmp.xsi
c:\users\Kerry\AppData\Roaming\Mozilla\Firefox\Profiles\hhnocywm.default\searchplugins\bing-zugo.xml
c:\users\Kerry\g2mdlhlpx.exe
c:\windows\$NtUninstallKB56145$
c:\windows\HPCPCUninstaller-6.3.2.139-3572475.exe
c:\windows\system32\aaksrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\egathdrv.dll
c:\windows\system32\entech.dll
c:\windows\system32\mssql$pinnaclesys.dll
c:\windows\system32\npptnt2.dll
c:\windows\system32\racsvc.dll
c:\windows\system32\roboot.exe
c:\windows\system32\TPPWRIF.dll
c:\windows\system32\tvtpktfilter.dll
c:\windows\system32\W700mgmt.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-01 to 2012-04-01 )))))))))))))))))))))))))))))))
.
.
2012-04-01 21:38 . 2012-04-01 21:38 -------- d-----w- c:\users\Kerry\AppData\Roaming\MicroST
2012-04-01 21:30 . 2012-04-01 21:38 -------- d-----w- c:\users\Kerry\AppData\Local\temp
2012-04-01 21:30 . 2012-04-01 21:30 -------- d-----w- c:\users\Jordan\AppData\Local\temp
2012-04-01 21:30 . 2012-04-01 21:30 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2012-04-01 21:30 . 2012-04-01 21:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-01 21:30 . 2012-04-01 21:30 -------- d-----w- c:\users\Tyler\AppData\Local\temp
2012-04-01 21:30 . 2012-04-01 21:30 -------- d-----w- c:\users\Teri\AppData\Local\temp
2012-03-30 00:56 . 2012-03-30 00:56 -------- d-----w- c:\program files\trend micro
2012-03-30 00:56 . 2012-03-30 00:56 -------- d-----w- C:\rsit
2012-03-29 21:08 . 2012-03-29 21:08 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-29 00:44 . 2012-02-17 22:08 149456 ----a-w- c:\windows\SGDetectionTool.dll0300.old
2012-03-29 00:44 . 2012-02-17 22:08 767952 ----a-w- c:\windows\BDTSupport.dll0300.old
2012-03-29 00:44 . 2012-02-17 22:08 2250704 ----a-w- c:\windows\PCTBDCore.dll0300.old
2012-03-29 00:36 . 2012-03-30 00:45 -------- d-----w- c:\program files\PC Tools
2012-03-29 00:11 . 2012-03-30 00:45 -------- d-----w- c:\program files\Common Files\PC Tools
2012-03-29 00:11 . 2012-02-24 17:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-03-29 00:06 . 2012-03-30 00:42 -------- d-----w- c:\programdata\PC Tools
2012-03-29 00:06 . 2012-03-29 00:06 -------- d-----w- c:\users\Kerry\AppData\Roaming\TestApp
2012-03-28 23:33 . 2012-03-28 23:33 -------- d-----w- C:\3WccSULkcIEnLwo
2012-03-23 16:07 . 2012-03-23 16:07 -------- d--h--w- c:\windows\msdownld.tmp
2012-03-23 15:32 . 2012-03-24 04:32 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2012-03-23 15:32 . 2012-03-24 04:32 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2012-03-23 15:15 . 2012-03-24 04:32 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2012-03-23 15:15 . 2012-03-24 04:32 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2012-03-22 17:10 . 2012-03-22 17:10 -------- d-----w- c:\users\Kerry\AppData\Local\Ilivid Player
2012-03-22 17:09 . 2012-03-22 19:49 -------- d-----w- c:\programdata\boost_interprocess
2012-03-14 06:24 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 06:24 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 06:24 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 06:24 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 06:24 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 06:24 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-14 06:20 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-29 21:10 . 2011-06-26 02:14 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-03-29 19:06 . 2011-06-26 02:54 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-02-28 14:51 . 2011-06-16 13:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-02 15:16 . 2012-03-14 06:24 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-01 18:57 . 2012-02-01 18:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-09 15:54 . 2012-03-14 06:20 613376 ----a-w- c:\windows\system32\rdpencom.dll
2010-09-26 18:04 . 2010-09-26 18:04 94208 ----a-w- c:\program files\Common Files\regdll.dll
2010-09-26 18:04 . 2010-09-26 18:04 69632 ----a-w- c:\program files\Common Files\ClacAdv.dll
2010-09-26 18:04 . 2010-09-26 18:04 28672 ----a-w- c:\program files\Common Files\MYSWHelpComp.dll
2010-09-26 18:04 . 2010-09-26 18:04 126976 ----a-w- c:\program files\Common Files\ClacStmp.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 21:36 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PxDotNetLoader"="c:\program files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [2011-04-25 42392]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"FaxTalk FaxCenter Pro 7.5"="c:\program files\FaxTalk Trial\FTClCtrl.exe" [2009-08-11 114688]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2000-09-29 43008]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-11-26 1087752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-01 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-01 133656]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-12 982880]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\users\Teri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\users\Kerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
5m2NzxGRQco.exe [2009-4-10 152064]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe [2011-10-5 34520]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-12-16 1153824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-21315032-3565146322-856730439-1001]
"EnableNotificationsRef"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-21315032-3565146322-856730439-1002]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-21315032-3565146322-856730439-1003]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-21315032-3565146322-856730439-1004]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
tm_cfw
pelusblf
earthlinksafeconnectagent
nhcDriverDevice
qcmerced
W700mdm
kavsvc
usbsermptxp
tappsrv
cicsclient
NWHOST
admjoy
nmsaccess
es1371
acedrv05
catchme
AMDPCI
X4HSX32
cicssfs.scmmc223
epson_pm_rpcv4_01
NVXBAR
ghaio
RTLE8023xp
tosrfhid
prodrv06
lvusbsta
se59unic
Afc
purendis
SunkFilt39
buslogic
pmj151la
servicemgr
ftdisk
botcbs
oraclewebassistant
DevUpper
StkScan
fasttrackinstallerservice
pageserver
igateway
NPPTNT
s616unic
rt73
MaxtorFrontPanel1
USB_NDIS_51
parallel
mwstick
Sk99202k
klif
roxupnpserver
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 03:10]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 03:10]
.
2012-04-01 c:\windows\Tasks\Paragon Archive name arc_140811210754983.job
- c:\program files\Paragon Software\Drive Backup 9 Professional\program\scripts.exe [2008-06-07 21:53]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/webhp?sourceid=navclient&ie=UTF-8
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Presario&pf=desktop
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Kerry\AppData\Roaming\Mozilla\Firefox\Profiles\hhnocywm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1700389&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search Defender
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=139&systemid=406&sr=0&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Security Toolbar: avg@toolbar - c:\programdata\AVG Secure Search\10.2.0.3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)
SafeBoot-77872688.sys
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-01 14:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Kerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5m2NzxGRQco.exe 152064 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Paragon Software\Drive Backup 9 Professional\Net Burner Service\NetBurnerService.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\FaxTalk Trial\FTmsgsvc.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\system32\WUDFHost.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\WFXSNT40.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Microsoft Office\Office12\OUTLOOK.EXE
.
**************************************************************************
.
Completion time: 2012-04-01 14:47:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-01 21:47
.
Pre-Run: 142,475,636,736 bytes free
Post-Run: 143,846,146,048 bytes free
.
- - End Of File - - 151283006D9B0F87E70065E5EDD18134


Thanks,
Jordan

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:22 PM

Posted 01 April 2012 - 07:35 PM

How is your computer running now?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:22 PM

Posted 09 April 2012 - 06:53 AM

Due to a lack of response... this topic is now closed. Should you need it reopened, please contact a Forum Moderator or member of the Malware Removal Team. Include the address of this thread in your request. If you have a new issue, please start a New Topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users