Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirecting - possibly "System Check" bug, missing start menu shortcuts


  • This topic is locked This topic is locked
18 replies to this topic

#1 Patty O Furniture

Patty O Furniture

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 29 March 2012 - 11:50 PM

Hi all,

First off let me express my thanks for all of your hard work and generosity =) I know you must realize what a help you provide to the anti-malware community, but I wanted to let you know.

For the record:

32-bit, Vista, Firefox

My problem started with the System Check bug. Pop-ups for anti-virus software were taken care of by MalwareBytes, but the System Check icon, along with alerts of low disk space, "Infected Computer!", missing start menu shortcuts, and Google redirects, remained. RKill + MalwareBytes took care of the alerts (along with a few other bugs that had snuck on since the last time I cleaned the ol' 'puter out), but constant Google redirect problems, along with a System Check icon on my desktop, and missing shortcuts, remain. (For the record, after running RKill and MalwareBytes, the System Check icon on the desktop changed..)

TDSSKiller seemed to be of no help. A second, more comprehensive scan found a number of "suspicious" files, but I get the feeling none were actually malicious, and wasn't advised to remove any of them anyway.

Please find attached my DDS log along with TWO gmer logs. I had some trouble running gmer. Vista bluescreened me the first time, then rebooted; the second scan (ark.txt) seemed too quick, so I ran it again (ark02.txt) and got different results.

Once again, thank you for your help, if you are able to provide any. And if not, then for even reading this, and the good you do in general =)


Regards,
Patty O'Furniture


===============================DDS Log====================================

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_22
Run by renate at 20:47:03 on 2012-03-29
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1914.814 [GMT -4:00]
.
AV: Windows Live OneCare *Enabled/Outdated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Windows Live OneCare *Enabled/Outdated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Windows Live OneCare *Enabled* {87676AF9-B8BC-7418-1F63-59FBEF2E291D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Windows\system32\lxducoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Windows OneCare Live\WinSSNotifyE.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.sony.com/vaiopeople_f08
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople_f08
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\progra~1\iwinga~1\IWINGA~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [googletalk] c:\users\renate\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [MMAgent] c:\program files\mobile master\MMAgent.exe
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SmartWiHelper] "c:\program files\sony corporation\smartwi connection utility\SmartWiHelper.exe" /WindowsStartup
mRun: [VAIOMyMemCenter] "c:\program files\sony\vaio my memory center\VAIO MyMemCenter.exe" 1
mRun: [VAIORegistration] "c:\program files\sony\first experience\WelcomeLauncher.exe"
mRun: [VAIOSurvey] "c:\program files\sony\vaio survey\VAIO Sat Survey.exe"
mRun: [VWLASU] "c:\program files\sony\vaio wireless wizard\AutoLaunchWLASU.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
mRun: [lxduamon] "c:\program files\lexmark 5600-6600 series\lxduamon.exe"
mRun: [Lexmark 5600-6600 Series Fax Server] "c:\program files\lexmark 5600-6600 series\fm3032.exe" /s
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\aolddi.lnk - c:\ddi\AOLICON.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 167.206.245.130 167.206.245.129
TCP: Interfaces\{2BEEDDE3-9D19-4856-BC49-7AC5C8321FD5} : DhcpNameServer = 167.206.245.130 167.206.245.129
TCP: Interfaces\{6CB7D6CF-F024-47B7-ADCD-397DC7796FB5} : DhcpNameServer = 192.168.2.1 10.0.0.1 196.3.81.5 200.88.127.22
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\renate\appdata\roaming\mozilla\firefox\profiles\q7spa9b1.default\
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z125&form=ZGAADF&install_date=20110802&q=
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll
FF - plugin: c:\users\renate\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\renate\appdata\roaming\mozilla\plugins\npgoogletalk.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-2-20 78104]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2010-2-5 26120]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-8-1 104992]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects\uCamMonitor.exe [2008-8-22 104960]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-8-1 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-6-20 415744]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2008-8-22 17408]
R3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-8-5 53168]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-8-1 9344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2008-5-23 98984]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-8-22 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-8-22 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-8-22 62752]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-8-22 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-8-22 83232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
.
============= FINISH: 20:49:12.88 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:18 PM

Posted 29 March 2012 - 11:56 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Patty O Furniture

Patty O Furniture
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 30 March 2012 - 04:42 AM

Hi gringo_pr,

Good to meet you, and thank you for your timely response.

So the problems I was experiencing were:
- constant Google redirects
- Missing start menu shortcuts
- "System Check" icon on desktop

The System Check bug itself _seemed_ to have been taken care of by MalwareBytes right away (this was before I created this topic), but the icon remains.

After running ComboFix, nothing has changed, save for a few of the start menu shortcuts returning. None of the program shortcuts (which I assume are just hidden) have returned - just Computer, Control Panel, Documents, etc.


Thanks for your help!
Patty O'Furniture

============================COMBOFIX log======================================

ComboFix 12-03-30.01 - renate 03/30/2012 1:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1914.656 [GMT -4:00]
Running from: c:\users\renate\Desktop\ComboFix.exe
AV: Windows Live OneCare *Disabled/Outdated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
FW: Windows Live OneCare *Disabled* {87676AF9-B8BC-7418-1F63-59FBEF2E291D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Live OneCare *Disabled/Outdated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DFR13AF.tmp
c:\programdata\SPL34A7.tmp
c:\programdata\SPL721.tmp
c:\programdata\utNz04atq4WQ9q
c:\users\renate\AppData\Local\Microsoft\AddIns\MMOutlookAddIn.dll
c:\users\renate\AppData\Roaming\Microsoft\~DFK192588d2.tmp
c:\users\renate\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\renate\AppData\Roaming\Microsoft\bass.dll
c:\users\renate\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\renate\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\renate\AppData\Roaming\Microsoft\peaadje.dll
c:\users\renate\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\renate\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\renate\wevtapi.dll
.
c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-grpconv_31bf3856ad364e35_6.0.6000.16386_none_a05162e240c2c82b\grpconv.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-29 06:53 . 2011-10-09 04:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2008-06-14 00:07 303104 ------w- c:\ddi\OverIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"googletalk"="c:\users\renate\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"MMAgent"="c:\program files\Mobile Master\MMAgent.exe" [2010-08-05 1379776]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2010-07-27 67456]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-04 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2008-06-27 77824]
"VAIOMyMemCenter"="c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" [2008-02-29 679936]
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]
"VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-05-20 24576]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-09-10 676520]
"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2008-09-10 16040]
"Lexmark 5600-6600 Series Fax Server"="c:\program files\Lexmark 5600-6600 Series\fm3032.exe" [2008-09-10 311976]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2010-02-05 65256]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AOLDDI.LNK - c:\ddi\AOLICON.exe [N/A]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-13 972064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-16 01:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-30 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-08-26 15:11]
.
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{E525C0E4-9A8B-42B4-BAC6-3159FB5CAEE9}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 167.206.245.130 167.206.245.129
FF - ProfilePath - c:\users\renate\AppData\Roaming\Mozilla\Firefox\Profiles\q7spa9b1.default\
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z125&form=ZGAADF&install_date=20110802&q=
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-30 05:22
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1060)
c:\ddi\overicon.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
c:\windows\RtkAudioService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\iWin Games\iWinTrusted.exe
c:\windows\system32\lxducoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Sony\VAIO Power Management\SPMService.exe
c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\program files\Microsoft Windows OneCare Live\winss.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\VAIO Care\VCsystray.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-03-30 05:27:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-30 09:27
.
Pre-Run: 2,507,309,056 bytes free
Post-Run: 1,359,736,832 bytes free
.
- - End Of File - - F0F3D7A1669EFA1967ACE5DE0862C030

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:18 PM

Posted 30 March 2012 - 07:20 AM

Greetings

First run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps

then I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Patty O Furniture

Patty O Furniture
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 30 March 2012 - 08:52 AM

==================TDSSKiller log==========================

09:07:28.0219 5020 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
09:07:28.0453 5020 ============================================================
09:07:28.0454 5020 Current date / time: 2012/03/30 09:07:28.0453
09:07:28.0454 5020 SystemInfo:
09:07:28.0454 5020
09:07:28.0454 5020 OS Version: 6.0.6001 ServicePack: 1.0
09:07:28.0454 5020 Product type: Workstation
09:07:28.0454 5020 ComputerName: RENATE-PC
09:07:28.0454 5020 UserName: renate
09:07:28.0454 5020 Windows directory: C:\Windows
09:07:28.0454 5020 System windows directory: C:\Windows
09:07:28.0455 5020 Processor architecture: Intel x86
09:07:28.0455 5020 Number of processors: 2
09:07:28.0455 5020 Page size: 0x1000
09:07:28.0455 5020 Boot type: Normal boot
09:07:28.0455 5020 ============================================================
09:07:29.0152 5020 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:07:29.0158 5020 \Device\Harddisk0\DR0:
09:07:29.0158 5020 MBR used
09:07:29.0158 5020 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x11CA000, BlocksNum 0x1184F6B0
09:07:29.0205 5020 Initialize success
09:07:29.0205 5020 ============================================================
09:07:55.0496 2616 ============================================================
09:07:55.0496 2616 Scan started
09:07:55.0496 2616 Mode: Manual;
09:07:55.0496 2616 ============================================================
09:07:57.0118 2616 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
09:07:57.0123 2616 ACPI - ok
09:07:57.0194 2616 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
09:07:57.0196 2616 adfs - ok
09:07:57.0336 2616 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
09:07:57.0341 2616 adp94xx - ok
09:07:57.0419 2616 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
09:07:57.0423 2616 adpahci - ok
09:07:57.0491 2616 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
09:07:57.0493 2616 adpu160m - ok
09:07:57.0543 2616 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
09:07:57.0545 2616 adpu320 - ok
09:07:57.0605 2616 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
09:07:57.0607 2616 AeLookupSvc - ok
09:07:57.0711 2616 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
09:07:57.0714 2616 AFD - ok
09:07:57.0783 2616 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
09:07:57.0784 2616 agp440 - ok
09:07:57.0831 2616 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:07:57.0833 2616 aic78xx - ok
09:07:57.0913 2616 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
09:07:57.0919 2616 ALG - ok
09:07:57.0970 2616 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
09:07:57.0971 2616 aliide - ok
09:07:58.0049 2616 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
09:07:58.0050 2616 amdagp - ok
09:07:58.0125 2616 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
09:07:58.0126 2616 amdide - ok
09:07:58.0175 2616 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
09:07:58.0176 2616 AmdK7 - ok
09:07:58.0230 2616 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
09:07:58.0231 2616 AmdK8 - ok
09:07:58.0298 2616 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
09:07:58.0299 2616 Appinfo - ok
09:07:58.0418 2616 Apple Mobile Device (a8aa9d47f971570a5162b862b80f87e8) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
09:07:58.0420 2616 Apple Mobile Device - ok
09:07:58.0529 2616 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
09:07:58.0531 2616 arc - ok
09:07:58.0591 2616 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
09:07:58.0593 2616 arcsas - ok
09:07:58.0660 2616 ArcSoftKsUFilter (6b3ab8f67b37402a4174caa45002903e) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
09:07:58.0661 2616 ArcSoftKsUFilter - ok
09:07:58.0755 2616 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
09:07:58.0756 2616 AsyncMac - ok
09:07:58.0823 2616 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
09:07:58.0824 2616 atapi - ok
09:07:58.0913 2616 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
09:07:58.0925 2616 athr - ok
09:07:59.0017 2616 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
09:07:59.0029 2616 AudioEndpointBuilder - ok
09:07:59.0044 2616 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
09:07:59.0048 2616 Audiosrv - ok
09:07:59.0186 2616 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
09:07:59.0187 2616 BcmSqlStartupSvc - ok
09:07:59.0290 2616 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
09:07:59.0291 2616 Beep - ok
09:07:59.0385 2616 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
09:07:59.0393 2616 BFE - ok
09:07:59.0503 2616 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\system32\qmgr.dll
09:07:59.0570 2616 BITS - ok
09:07:59.0633 2616 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
09:07:59.0634 2616 blbdrive - ok
09:07:59.0707 2616 Bonjour Service (9efe4236f8670846b6e7c5b0eff6e715) C:\Program Files\Bonjour\mDNSResponder.exe
09:07:59.0710 2616 Bonjour Service - ok
09:07:59.0797 2616 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
09:07:59.0798 2616 bowser - ok
09:07:59.0852 2616 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:07:59.0853 2616 BrFiltLo - ok
09:07:59.0919 2616 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:07:59.0919 2616 BrFiltUp - ok
09:07:59.0976 2616 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
09:07:59.0979 2616 Browser - ok
09:08:00.0070 2616 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:08:00.0072 2616 Brserid - ok
09:08:00.0119 2616 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:08:00.0121 2616 BrSerWdm - ok
09:08:00.0197 2616 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:08:00.0198 2616 BrUsbMdm - ok
09:08:00.0246 2616 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
09:08:00.0246 2616 BrUsbSer - ok
09:08:00.0320 2616 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
09:08:00.0321 2616 BTHMODEM - ok
09:08:00.0360 2616 catchme - ok
09:08:00.0450 2616 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
09:08:00.0452 2616 cdfs - ok
09:08:00.0486 2616 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
09:08:00.0487 2616 cdrom - ok
09:08:00.0561 2616 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
09:08:00.0563 2616 CertPropSvc - ok
09:08:00.0612 2616 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
09:08:00.0613 2616 circlass - ok
09:08:00.0676 2616 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
09:08:00.0683 2616 CLFS - ok
09:08:00.0758 2616 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:08:00.0763 2616 clr_optimization_v2.0.50727_32 - ok
09:08:00.0877 2616 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:08:00.0881 2616 clr_optimization_v4.0.30319_32 - ok
09:08:00.0980 2616 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
09:08:00.0981 2616 CmBatt - ok
09:08:01.0030 2616 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
09:08:01.0031 2616 cmdide - ok
09:08:01.0084 2616 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
09:08:01.0085 2616 Compbatt - ok
09:08:01.0113 2616 COMSysApp - ok
09:08:01.0149 2616 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
09:08:01.0150 2616 crcdisk - ok
09:08:01.0195 2616 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
09:08:01.0196 2616 Crusoe - ok
09:08:01.0275 2616 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
09:08:01.0279 2616 CryptSvc - ok
09:08:01.0385 2616 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
09:08:01.0408 2616 DcomLaunch - ok
09:08:01.0474 2616 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
09:08:01.0476 2616 DfsC - ok
09:08:01.0596 2616 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
09:08:01.0663 2616 DFSR - ok
09:08:01.0715 2616 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
09:08:01.0721 2616 Dhcp - ok
09:08:01.0780 2616 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
09:08:01.0781 2616 disk - ok
09:08:01.0825 2616 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
09:08:01.0826 2616 DMICall - ok
09:08:01.0890 2616 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
09:08:01.0894 2616 Dnscache - ok
09:08:01.0946 2616 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
09:08:01.0951 2616 dot3svc - ok
09:08:02.0053 2616 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
09:08:02.0058 2616 DPS - ok
09:08:02.0137 2616 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
09:08:02.0138 2616 drmkaud - ok
09:08:02.0235 2616 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
09:08:02.0244 2616 DXGKrnl - ok
09:08:02.0312 2616 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:08:02.0314 2616 E1G60 - ok
09:08:02.0388 2616 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
09:08:02.0391 2616 EapHost - ok
09:08:02.0464 2616 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
09:08:02.0466 2616 Ecache - ok
09:08:02.0523 2616 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
09:08:02.0531 2616 ehRecvr - ok
09:08:02.0566 2616 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
09:08:02.0570 2616 ehSched - ok
09:08:02.0608 2616 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
09:08:02.0610 2616 ehstart - ok
09:08:02.0670 2616 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
09:08:02.0674 2616 elxstor - ok
09:08:02.0759 2616 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
09:08:02.0782 2616 EMDMgmt - ok
09:08:02.0849 2616 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
09:08:02.0850 2616 ErrDev - ok
09:08:02.0934 2616 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
09:08:02.0946 2616 EventSystem - ok
09:08:03.0045 2616 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
09:08:03.0047 2616 exfat - ok
09:08:03.0091 2616 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
09:08:03.0093 2616 fastfat - ok
09:08:03.0166 2616 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
09:08:03.0167 2616 fdc - ok
09:08:03.0220 2616 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
09:08:03.0222 2616 fdPHost - ok
09:08:03.0256 2616 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
09:08:03.0259 2616 FDResPub - ok
09:08:03.0305 2616 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
09:08:03.0307 2616 FileInfo - ok
09:08:03.0357 2616 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
09:08:03.0358 2616 Filetrace - ok
09:08:03.0447 2616 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:08:03.0470 2616 FLEXnet Licensing Service - ok
09:08:03.0527 2616 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
09:08:03.0528 2616 flpydisk - ok
09:08:03.0588 2616 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
09:08:03.0590 2616 FltMgr - ok
09:08:03.0678 2616 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:08:03.0679 2616 FontCache3.0.0.0 - ok
09:08:03.0716 2616 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
09:08:03.0717 2616 Fs_Rec - ok
09:08:03.0775 2616 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
09:08:03.0776 2616 gagp30kx - ok
09:08:03.0856 2616 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:08:03.0856 2616 GEARAspiWDM - ok
09:08:03.0915 2616 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
09:08:03.0937 2616 gpsvc - ok
09:08:04.0021 2616 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
09:08:04.0024 2616 HdAudAddService - ok
09:08:04.0084 2616 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:08:04.0086 2616 HDAudBus - ok
09:08:04.0135 2616 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:08:04.0136 2616 HidBth - ok
09:08:04.0180 2616 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:08:04.0182 2616 HidIr - ok
09:08:04.0235 2616 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
09:08:04.0238 2616 hidserv - ok
09:08:04.0310 2616 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
09:08:04.0311 2616 HidUsb - ok
09:08:04.0367 2616 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
09:08:04.0371 2616 hkmsvc - ok
09:08:04.0438 2616 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
09:08:04.0439 2616 HpCISSs - ok
09:08:04.0519 2616 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
09:08:04.0522 2616 HSFHWAZL - ok
09:08:04.0617 2616 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
09:08:04.0630 2616 HSF_DPV - ok
09:08:04.0686 2616 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
09:08:04.0689 2616 HSXHWAZL - ok
09:08:04.0775 2616 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
09:08:04.0780 2616 HTTP - ok
09:08:04.0832 2616 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
09:08:04.0833 2616 i2omp - ok
09:08:04.0906 2616 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
09:08:04.0907 2616 i8042prt - ok
09:08:04.0982 2616 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
09:08:04.0986 2616 iaStor - ok
09:08:05.0047 2616 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
09:08:05.0051 2616 iaStorV - ok
09:08:05.0179 2616 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:08:05.0224 2616 idsvc - ok
09:08:05.0370 2616 igfx (ce5ff5d5e3f4ca974e36dc24c15474d0) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:08:05.0401 2616 igfx - ok
09:08:05.0449 2616 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:08:05.0451 2616 iirsp - ok
09:08:05.0509 2616 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
09:08:05.0532 2616 IKEEXT - ok
09:08:05.0677 2616 IntcAzAudAddService (4a0f260df9a5333c07f4ab40ca9d4f4b) C:\Windows\system32\drivers\RTKVHDA.sys
09:08:05.0705 2616 IntcAzAudAddService - ok
09:08:05.0779 2616 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
09:08:05.0780 2616 intelide - ok
09:08:05.0821 2616 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
09:08:05.0822 2616 intelppm - ok
09:08:05.0870 2616 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
09:08:05.0874 2616 IPBusEnum - ok
09:08:05.0927 2616 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:08:05.0928 2616 IpFilterDriver - ok
09:08:06.0001 2616 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
09:08:06.0007 2616 iphlpsvc - ok
09:08:06.0046 2616 IpInIp - ok
09:08:06.0103 2616 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
09:08:06.0105 2616 IPMIDRV - ok
09:08:06.0171 2616 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
09:08:06.0172 2616 IPNAT - ok
09:08:06.0257 2616 iPod Service (62937a89470af8ff172f0980ca8aefc9) C:\Program Files\iPod\bin\iPodService.exe
09:08:06.0264 2616 iPod Service - ok
09:08:06.0304 2616 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
09:08:06.0305 2616 IRENUM - ok
09:08:06.0382 2616 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
09:08:06.0383 2616 isapnp - ok
09:08:06.0468 2616 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
09:08:06.0471 2616 iScsiPrt - ok
09:08:06.0507 2616 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:08:06.0509 2616 iteatapi - ok
09:08:06.0553 2616 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:08:06.0555 2616 iteraid - ok
09:08:06.0620 2616 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
09:08:06.0622 2616 IviRegMgr - ok
09:08:06.0680 2616 iWinTrusted (dc2c60e7d42d67a560918f8e497a0980) C:\Program Files\iWin Games\iWinTrusted.exe
09:08:06.0682 2616 iWinTrusted - ok
09:08:06.0764 2616 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:08:06.0765 2616 kbdclass - ok
09:08:06.0814 2616 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
09:08:06.0815 2616 kbdhid - ok
09:08:06.0884 2616 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
09:08:06.0887 2616 KeyIso - ok
09:08:06.0942 2616 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
09:08:06.0948 2616 KSecDD - ok
09:08:07.0014 2616 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
09:08:07.0037 2616 KtmRm - ok
09:08:07.0132 2616 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\System32\srvsvc.dll
09:08:07.0138 2616 LanmanServer - ok
09:08:07.0214 2616 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
09:08:07.0222 2616 LanmanWorkstation - ok
09:08:07.0290 2616 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
09:08:07.0291 2616 lltdio - ok
09:08:07.0343 2616 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
09:08:07.0350 2616 lltdsvc - ok
09:08:07.0417 2616 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
09:08:07.0420 2616 lmhosts - ok
09:08:07.0483 2616 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
09:08:07.0484 2616 LSI_FC - ok
09:08:07.0526 2616 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
09:08:07.0528 2616 LSI_SAS - ok
09:08:07.0598 2616 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
09:08:07.0600 2616 LSI_SCSI - ok
09:08:07.0644 2616 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
09:08:07.0646 2616 luafv - ok
09:08:07.0763 2616 lxduCATSCustConnectService (8a74607cf62f4d098aacd87080e2b613) C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe
09:08:07.0769 2616 lxduCATSCustConnectService - ok
09:08:07.0814 2616 lxdu_device - ok
09:08:07.0910 2616 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
09:08:07.0916 2616 McComponentHostService - ok
09:08:07.0960 2616 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
09:08:07.0964 2616 Mcx2Svc - ok
09:08:08.0032 2616 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
09:08:08.0037 2616 MDM - ok
09:08:08.0125 2616 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:08:08.0126 2616 mdmxsdk - ok
09:08:08.0189 2616 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
09:08:08.0190 2616 megasas - ok
09:08:08.0256 2616 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
09:08:08.0261 2616 MegaSR - ok
09:08:08.0330 2616 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
09:08:08.0334 2616 MMCSS - ok
09:08:08.0399 2616 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
09:08:08.0400 2616 Modem - ok
09:08:08.0439 2616 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
09:08:08.0440 2616 monitor - ok
09:08:08.0500 2616 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
09:08:08.0501 2616 mouclass - ok
09:08:08.0542 2616 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
09:08:08.0543 2616 mouhid - ok
09:08:08.0578 2616 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
09:08:08.0580 2616 MountMgr - ok
09:08:08.0666 2616 MpFilter (8bf5b8c88b83afa326ef090d8b5a77c6) C:\Windows\system32\DRIVERS\MpFilter.sys
09:08:08.0667 2616 MpFilter - ok
09:08:08.0722 2616 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
09:08:08.0725 2616 mpio - ok
09:08:08.0788 2616 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
09:08:08.0790 2616 mpsdrv - ok
09:08:08.0839 2616 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
09:08:08.0862 2616 MpsSvc - ok
09:08:08.0956 2616 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:08:08.0958 2616 Mraid35x - ok
09:08:09.0006 2616 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
09:08:09.0008 2616 MRxDAV - ok
09:08:09.0076 2616 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:08:09.0078 2616 mrxsmb - ok
09:08:09.0146 2616 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:08:09.0149 2616 mrxsmb10 - ok
09:08:09.0177 2616 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:08:09.0179 2616 mrxsmb20 - ok
09:08:09.0268 2616 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
09:08:09.0269 2616 msahci - ok
09:08:09.0358 2616 MSCSPTISRV (a99d2c7e30ad63ef920a894131caf5f7) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
09:08:09.0361 2616 MSCSPTISRV - ok
09:08:09.0419 2616 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
09:08:09.0421 2616 msdsm - ok
09:08:09.0484 2616 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
09:08:09.0489 2616 MSDTC - ok
09:08:09.0577 2616 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
09:08:09.0578 2616 Msfs - ok
09:08:09.0668 2616 MSFWDrv (3a6b23341e250f9a9759e3e6b462a699) C:\Windows\system32\DRIVERS\msfwdrv.sys
09:08:09.0669 2616 MSFWDrv - ok
09:08:09.0701 2616 MSFWHLPR (357eba1d9693ac45887c534667a9fc58) C:\Windows\system32\DRIVERS\msfwhlpr.sys
09:08:09.0703 2616 MSFWHLPR - ok
09:08:09.0830 2616 msfwsvc (de4bfb491c0ad58ce1434bb8c31f0e3e) C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
09:08:09.0841 2616 msfwsvc - ok
09:08:09.0932 2616 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
09:08:09.0933 2616 msisadrv - ok
09:08:09.0990 2616 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
09:08:09.0995 2616 MSiSCSI - ok
09:08:10.0043 2616 msiserver - ok
09:08:10.0090 2616 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
09:08:10.0091 2616 MSKSSRV - ok
09:08:10.0120 2616 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
09:08:10.0121 2616 MSPCLOCK - ok
09:08:10.0155 2616 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
09:08:10.0157 2616 MSPQM - ok
09:08:10.0196 2616 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
09:08:10.0198 2616 MsRPC - ok
09:08:10.0287 2616 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
09:08:10.0289 2616 mssmbios - ok
09:08:10.0392 2616 MSSQL$MSSMLBIZ - ok
09:08:10.0433 2616 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
09:08:10.0435 2616 MSSQLServerADHelper - ok
09:08:10.0481 2616 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
09:08:10.0482 2616 MSTEE - ok
09:08:10.0568 2616 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
09:08:10.0569 2616 Mup - ok
09:08:10.0626 2616 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
09:08:10.0648 2616 napagent - ok
09:08:10.0708 2616 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
09:08:10.0711 2616 NativeWifiP - ok
09:08:10.0793 2616 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
09:08:10.0800 2616 NDIS - ok
09:08:10.0850 2616 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:08:10.0851 2616 NdisTapi - ok
09:08:10.0877 2616 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:08:10.0878 2616 Ndisuio - ok
09:08:10.0925 2616 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
09:08:10.0927 2616 NdisWan - ok
09:08:10.0952 2616 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:08:10.0953 2616 NDProxy - ok
09:08:11.0024 2616 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:08:11.0026 2616 NetBIOS - ok
09:08:11.0078 2616 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
09:08:11.0081 2616 netbt - ok
09:08:11.0140 2616 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
09:08:11.0143 2616 Netlogon - ok
09:08:11.0195 2616 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
09:08:11.0207 2616 Netman - ok
09:08:11.0276 2616 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
09:08:11.0285 2616 netprofm - ok
09:08:11.0375 2616 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:08:11.0380 2616 NetTcpPortSharing - ok
09:08:11.0452 2616 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:08:11.0453 2616 nfrd960 - ok
09:08:11.0519 2616 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
09:08:11.0526 2616 NlaSvc - ok
09:08:11.0585 2616 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
09:08:11.0586 2616 Npfs - ok
09:08:11.0634 2616 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
09:08:11.0638 2616 nsi - ok
09:08:11.0667 2616 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:08:11.0668 2616 nsiproxy - ok
09:08:11.0766 2616 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
09:08:11.0782 2616 Ntfs - ok
09:08:11.0832 2616 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:08:11.0833 2616 ntrigdigi - ok
09:08:11.0922 2616 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:08:11.0923 2616 Null - ok
09:08:11.0971 2616 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
09:08:11.0973 2616 nvraid - ok
09:08:12.0038 2616 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
09:08:12.0039 2616 nvstor - ok
09:08:12.0109 2616 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
09:08:12.0111 2616 nv_agp - ok
09:08:12.0149 2616 NwlnkFlt - ok
09:08:12.0182 2616 NwlnkFwd - ok
09:08:12.0241 2616 OcHealthMon (982fe7e9e7dc9ca6e34f22bd8ff530d4) C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
09:08:12.0242 2616 OcHealthMon - ok
09:08:12.0314 2616 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:08:12.0337 2616 odserv - ok
09:08:12.0432 2616 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
09:08:12.0433 2616 ohci1394 - ok
09:08:12.0517 2616 OneCareMP (7ffaa1d7fd1c3dbfa6f9faad986d5907) C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
09:08:12.0518 2616 OneCareMP - ok
09:08:12.0610 2616 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:08:12.0615 2616 ose - ok
09:08:12.0726 2616 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
09:08:12.0749 2616 p2pimsvc - ok
09:08:12.0783 2616 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
09:08:12.0794 2616 p2psvc - ok
09:08:12.0870 2616 PACSPTISVR (41c33fb4fd929fed732a00d2daef5be0) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
09:08:12.0873 2616 PACSPTISVR - ok
09:08:12.0959 2616 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
09:08:12.0961 2616 Parport - ok
09:08:12.0990 2616 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
09:08:12.0992 2616 partmgr - ok
09:08:13.0033 2616 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
09:08:13.0034 2616 Parvdm - ok
09:08:13.0099 2616 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
09:08:13.0104 2616 PcaSvc - ok
09:08:13.0194 2616 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
09:08:13.0196 2616 pci - ok
09:08:13.0231 2616 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
09:08:13.0232 2616 pciide - ok
09:08:13.0285 2616 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
09:08:13.0288 2616 pcmcia - ok
09:08:13.0396 2616 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:08:13.0407 2616 PEAUTH - ok
09:08:13.0514 2616 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
09:08:13.0559 2616 pla - ok
09:08:13.0613 2616 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
09:08:13.0623 2616 PlugPlay - ok
09:08:13.0726 2616 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
09:08:13.0760 2616 PNRPAutoReg - ok
09:08:13.0804 2616 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
09:08:13.0815 2616 PNRPsvc - ok
09:08:13.0887 2616 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
09:08:13.0910 2616 PolicyAgent - ok
09:08:14.0004 2616 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:08:14.0006 2616 PptpMiniport - ok
09:08:14.0042 2616 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
09:08:14.0043 2616 Processor - ok
09:08:14.0093 2616 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
09:08:14.0100 2616 ProfSvc - ok
09:08:14.0196 2616 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
09:08:14.0199 2616 ProtectedStorage - ok
09:08:14.0291 2616 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
09:08:14.0293 2616 PSched - ok
09:08:14.0337 2616 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
09:08:14.0338 2616 PxHelp20 - ok
09:08:14.0418 2616 QBCFMonitorService (0a2c21b3168f2efc3468b35ff5508cea) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
09:08:14.0419 2616 QBCFMonitorService - ok
09:08:14.0472 2616 QBFCService (bab30d2799754f6ea22f0b9076311793) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
09:08:14.0475 2616 QBFCService - ok
09:08:14.0590 2616 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
09:08:14.0605 2616 ql2300 - ok
09:08:14.0658 2616 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:08:14.0660 2616 ql40xx - ok
09:08:14.0719 2616 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
09:08:14.0729 2616 QWAVE - ok
09:08:14.0771 2616 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:08:14.0773 2616 QWAVEdrv - ok
09:08:14.0852 2616 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
09:08:14.0853 2616 RasAcd - ok
09:08:14.0898 2616 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
09:08:14.0904 2616 RasAuto - ok
09:08:14.0945 2616 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:08:14.0947 2616 Rasl2tp - ok
09:08:15.0000 2616 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
09:08:15.0009 2616 RasMan - ok
09:08:15.0085 2616 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
09:08:15.0086 2616 RasPppoe - ok
09:08:15.0126 2616 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
09:08:15.0128 2616 RasSstp - ok
09:08:15.0169 2616 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
09:08:15.0172 2616 rdbss - ok
09:08:15.0195 2616 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:08:15.0196 2616 RDPCDD - ok
09:08:15.0313 2616 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
09:08:15.0316 2616 rdpdr - ok
09:08:15.0372 2616 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:08:15.0373 2616 RDPENCDD - ok
09:08:15.0426 2616 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
09:08:15.0429 2616 RDPWD - ok
09:08:15.0485 2616 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
09:08:15.0486 2616 regi - ok
09:08:15.0555 2616 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
09:08:15.0559 2616 RemoteAccess - ok
09:08:15.0604 2616 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
09:08:15.0610 2616 RemoteRegistry - ok
09:08:15.0715 2616 rimsptsk (d0c2a0ce1091e08efb7ccba6cea4c3f9) C:\Windows\system32\DRIVERS\rimsptsk.sys
09:08:15.0717 2616 rimsptsk - ok
09:08:15.0791 2616 risdptsk (c22e4e27ccdf9aa5fe8143104f28cde3) C:\Windows\system32\DRIVERS\risdptsk.sys
09:08:15.0793 2616 risdptsk - ok
09:08:15.0831 2616 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
09:08:15.0834 2616 RpcLocator - ok
09:08:15.0910 2616 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
09:08:15.0920 2616 RpcSs - ok
09:08:16.0020 2616 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:08:16.0021 2616 rspndr - ok
09:08:16.0068 2616 RtkAudioService (65330e78c17db8a99a7ff1ba3c8824b6) C:\Windows\RtkAudioService.exe
09:08:16.0069 2616 RtkAudioService - ok
09:08:16.0141 2616 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
09:08:16.0143 2616 SamSs - ok
09:08:16.0192 2616 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:08:16.0194 2616 sbp2port - ok
09:08:16.0252 2616 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
09:08:16.0258 2616 SCardSvr - ok
09:08:16.0347 2616 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
09:08:16.0369 2616 Schedule - ok
09:08:16.0430 2616 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
09:08:16.0432 2616 SCPolicySvc - ok
09:08:16.0508 2616 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
09:08:16.0509 2616 sdbus - ok
09:08:16.0586 2616 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
09:08:16.0592 2616 SDRSVC - ok
09:08:16.0638 2616 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:08:16.0639 2616 secdrv - ok
09:08:16.0693 2616 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
09:08:16.0698 2616 seclogon - ok
09:08:16.0735 2616 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
09:08:16.0739 2616 SENS - ok
09:08:16.0807 2616 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
09:08:16.0808 2616 Serenum - ok
09:08:16.0870 2616 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
09:08:16.0871 2616 Serial - ok
09:08:16.0926 2616 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
09:08:16.0927 2616 sermouse - ok
09:08:17.0005 2616 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
09:08:17.0011 2616 SessionEnv - ok
09:08:17.0107 2616 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
09:08:17.0108 2616 SFEP - ok
09:08:17.0159 2616 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
09:08:17.0160 2616 sffdisk - ok
09:08:17.0214 2616 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
09:08:17.0215 2616 sffp_mmc - ok
09:08:17.0289 2616 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
09:08:17.0290 2616 sffp_sd - ok
09:08:17.0355 2616 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
09:08:17.0356 2616 sfloppy - ok
09:08:17.0411 2616 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
09:08:17.0420 2616 SharedAccess - ok
09:08:17.0532 2616 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
09:08:17.0541 2616 ShellHWDetection - ok
09:08:17.0626 2616 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
09:08:17.0628 2616 sisagp - ok
09:08:17.0677 2616 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
09:08:17.0678 2616 SiSRaid2 - ok
09:08:17.0753 2616 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
09:08:17.0756 2616 SiSRaid4 - ok
09:08:17.0926 2616 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
09:08:17.0965 2616 slsvc - ok
09:08:18.0025 2616 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
09:08:18.0030 2616 SLUINotify - ok
09:08:18.0165 2616 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
09:08:18.0167 2616 Smb - ok
09:08:18.0245 2616 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
09:08:18.0250 2616 SNMPTRAP - ok
09:08:18.0346 2616 SOHCImp (dc826affa608f50c385bca4c71ef1bdd) C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
09:08:18.0352 2616 SOHCImp - ok
09:08:18.0408 2616 SOHDms (1ec739f65c51fa1c7ac4502464a3c3a8) C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
09:08:18.0418 2616 SOHDms - ok
09:08:18.0471 2616 SOHDs (ec8fab4ac684445d6032aa5c6e77ca2e) C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
09:08:18.0496 2616 SOHDs - ok
09:08:18.0579 2616 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:08:18.0580 2616 spldr - ok
09:08:18.0644 2616 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
09:08:18.0649 2616 Spooler - ok
09:08:18.0738 2616 SPTISRV (f63102f289ae2039940b22e9b2a8e0bd) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
09:08:18.0741 2616 SPTISRV - ok
09:08:18.0795 2616 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
09:08:18.0798 2616 SQLBrowser - ok
09:08:18.0850 2616 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:08:18.0851 2616 SQLWriter - ok
09:08:18.0952 2616 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
09:08:18.0956 2616 srv - ok
09:08:19.0034 2616 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
09:08:19.0037 2616 srv2 - ok
09:08:19.0081 2616 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
09:08:19.0083 2616 srvnet - ok
09:08:19.0131 2616 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
09:08:19.0139 2616 SSDPSRV - ok
09:08:19.0205 2616 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
09:08:19.0211 2616 SstpSvc - ok
09:08:19.0313 2616 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
09:08:19.0336 2616 stisvc - ok
09:08:19.0385 2616 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:08:19.0386 2616 swenum - ok
09:08:19.0467 2616 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
09:08:19.0490 2616 swprv - ok
09:08:19.0540 2616 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:08:19.0541 2616 Symc8xx - ok
09:08:19.0599 2616 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:08:19.0600 2616 Sym_hi - ok
09:08:19.0673 2616 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:08:19.0675 2616 Sym_u3 - ok
09:08:19.0774 2616 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
09:08:19.0777 2616 SynTP - ok
09:08:19.0843 2616 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
09:08:19.0864 2616 SysMain - ok
09:08:19.0897 2616 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
09:08:19.0903 2616 TabletInputService - ok
09:08:20.0014 2616 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
09:08:20.0024 2616 TapiSrv - ok
09:08:20.0111 2616 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
09:08:20.0115 2616 TBS - ok
09:08:20.0227 2616 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
09:08:20.0239 2616 Tcpip - ok
09:08:20.0316 2616 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
09:08:20.0328 2616 Tcpip6 - ok
09:08:20.0403 2616 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
09:08:20.0404 2616 tcpipreg - ok
09:08:20.0485 2616 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:08:20.0486 2616 TDPIPE - ok
09:08:20.0559 2616 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:08:20.0561 2616 TDTCP - ok
09:08:20.0618 2616 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
09:08:20.0620 2616 tdx - ok
09:08:20.0656 2616 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
09:08:20.0657 2616 TermDD - ok
09:08:20.0719 2616 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
09:08:20.0741 2616 TermService - ok
09:08:20.0832 2616 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
09:08:20.0838 2616 Themes - ok
09:08:20.0899 2616 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
09:08:20.0902 2616 THREADORDER - ok
09:08:20.0937 2616 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
09:08:20.0944 2616 TrkWks - ok
09:08:21.0009 2616 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
09:08:21.0010 2616 TrustedInstaller - ok
09:08:21.0083 2616 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:08:21.0084 2616 tssecsrv - ok
09:08:21.0125 2616 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:08:21.0141 2616 tunmp - ok
09:08:21.0218 2616 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
09:08:21.0220 2616 tunnel - ok
09:08:21.0263 2616 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
09:08:21.0265 2616 uagp35 - ok
09:08:21.0345 2616 uCamMonitor (a1cdf0e7cb409b05ee22f9035cb33c8b) C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
09:08:21.0346 2616 uCamMonitor - ok
09:08:21.0420 2616 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
09:08:21.0424 2616 udfs - ok
09:08:21.0522 2616 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
09:08:21.0528 2616 UI0Detect - ok
09:08:21.0611 2616 UIUSys - ok
09:08:21.0688 2616 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
09:08:21.0690 2616 uliagpkx - ok
09:08:21.0759 2616 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
09:08:21.0763 2616 uliahci - ok
09:08:21.0861 2616 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:08:21.0863 2616 UlSata - ok
09:08:21.0929 2616 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:08:21.0931 2616 ulsata2 - ok
09:08:21.0994 2616 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:08:21.0995 2616 umbus - ok
09:08:22.0051 2616 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
09:08:22.0062 2616 upnphost - ok
09:08:22.0161 2616 usbbus (0678c457f49f20666ab16edda4d1391d) C:\Windows\system32\DRIVERS\lgusbbus.sys
09:08:22.0162 2616 usbbus - ok
09:08:22.0230 2616 usbccgp (a7cd5b4adea26765cab06bdab7b07b13) C:\Windows\system32\DRIVERS\usbccgp.sys
09:08:22.0232 2616 usbccgp - ok
09:08:22.0297 2616 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:08:22.0299 2616 usbcir - ok
09:08:22.0375 2616 UsbDiag - ok
09:08:22.0450 2616 usbehci (686d4188ae36254c3008b71fedacadf3) C:\Windows\system32\DRIVERS\usbehci.sys
09:08:22.0451 2616 usbehci - ok
09:08:22.0511 2616 usbhub (4e42f665a658f08d153f7fffe7c83806) C:\Windows\system32\DRIVERS\usbhub.sys
09:08:22.0514 2616 usbhub - ok
09:08:22.0551 2616 USBModem - ok
09:08:22.0612 2616 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
09:08:22.0613 2616 usbohci - ok
09:08:22.0693 2616 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
09:08:22.0694 2616 usbprint - ok
09:08:22.0787 2616 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
09:08:22.0788 2616 usbscan - ok
09:08:22.0860 2616 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:08:22.0862 2616 USBSTOR - ok
09:08:22.0918 2616 usbuhci (40f95a3d6d50d82f947f1d167c2ec39d) C:\Windows\system32\DRIVERS\usbuhci.sys
09:08:22.0919 2616 usbuhci - ok
09:08:22.0957 2616 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
09:08:22.0959 2616 usbvideo - ok
09:08:23.0021 2616 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
09:08:23.0026 2616 UxSms - ok
09:08:23.0096 2616 VAIO Entertainment TV Device Arbitration Service (2a640dc735cb0112ac1dcd1e1549b27e) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
09:08:23.0100 2616 VAIO Entertainment TV Device Arbitration Service - ok
09:08:23.0183 2616 VAIO Event Service (693a3fdd279c345105fff9dde277849b) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
09:08:23.0186 2616 VAIO Event Service - ok
09:08:23.0244 2616 VAIO Power Management (43cec9bf5a4f2917982ad01d92e0f44d) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
09:08:23.0249 2616 VAIO Power Management - ok
09:08:23.0280 2616 VCFw (cbcbe2233d21e9b278f95f5cb28bc8ae) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
09:08:23.0285 2616 VCFw - ok
09:08:23.0400 2616 VcmIAlzMgr (27888f132d2ee0b72b28093a5f5f20eb) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
09:08:23.0411 2616 VcmIAlzMgr - ok
09:08:23.0482 2616 VcmXmlIfHelper (ee9abfc2f8f2dcdc624b6a9d5cf3b19d) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
09:08:23.0485 2616 VcmXmlIfHelper - ok
09:08:23.0512 2616 Vcsw - ok
09:08:23.0602 2616 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
09:08:23.0625 2616 vds - ok
09:08:23.0690 2616 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
09:08:23.0691 2616 vga - ok
09:08:23.0732 2616 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:08:23.0734 2616 VgaSave - ok
09:08:23.0783 2616 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
09:08:23.0784 2616 viaagp - ok
09:08:23.0891 2616 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
09:08:23.0892 2616 ViaC7 - ok
09:08:23.0966 2616 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
09:08:23.0967 2616 viaide - ok
09:08:24.0007 2616 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:08:24.0008 2616 volmgr - ok
09:08:24.0059 2616 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
09:08:24.0065 2616 volmgrx - ok
09:08:24.0132 2616 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
09:08:24.0136 2616 volsnap - ok
09:08:24.0203 2616 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
09:08:24.0205 2616 vsmraid - ok
09:08:24.0295 2616 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
09:08:24.0331 2616 VSS - ok
09:08:24.0390 2616 VzCdbSvc (071634532066c2e29350d450c3412837) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
09:08:24.0393 2616 VzCdbSvc - ok
09:08:24.0472 2616 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
09:08:24.0495 2616 W32Time - ok
09:08:24.0562 2616 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:08:24.0563 2616 WacomPen - ok
09:08:24.0616 2616 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:08:24.0618 2616 Wanarp - ok
09:08:24.0625 2616 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:08:24.0627 2616 Wanarpv6 - ok
09:08:24.0732 2616 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
09:08:24.0754 2616 wcncsvc - ok
09:08:24.0779 2616 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
09:08:24.0784 2616 WcsPlugInService - ok
09:08:24.0851 2616 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
09:08:24.0852 2616 Wd - ok
09:08:24.0910 2616 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
09:08:24.0917 2616 Wdf01000 - ok
09:08:25.0036 2616 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
09:08:25.0043 2616 WdiServiceHost - ok
09:08:25.0050 2616 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
09:08:25.0059 2616 WdiSystemHost - ok
09:08:25.0116 2616 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
09:08:25.0125 2616 WebClient - ok
09:08:25.0245 2616 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
09:08:25.0253 2616 Wecsvc - ok
09:08:25.0293 2616 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
09:08:25.0299 2616 wercplsupport - ok
09:08:25.0391 2616 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
09:08:25.0399 2616 WerSvc - ok
09:08:25.0493 2616 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
09:08:25.0495 2616 WimFltr - ok
09:08:25.0564 2616 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:08:25.0573 2616 winachsf - ok
09:08:25.0649 2616 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
09:08:25.0656 2616 WinDefend - ok
09:08:25.0668 2616 WinHttpAutoProxySvc - ok
09:08:25.0756 2616 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
09:08:25.0761 2616 Winmgmt - ok
09:08:25.0883 2616 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
09:08:25.0928 2616 WinRM - ok
09:08:26.0036 2616 winss (028747e4dbfc1fa3c6e1c43733fd8fbb) C:\Program Files\Microsoft Windows OneCare Live\winss.exe
09:08:26.0051 2616 winss - ok
09:08:26.0128 2616 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
09:08:26.0150 2616 Wlansvc - ok
09:08:26.0240 2616 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
09:08:26.0241 2616 WmiAcpi - ok
09:08:26.0348 2616 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
09:08:26.0353 2616 wmiApSrv - ok
09:08:26.0443 2616 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
09:08:26.0455 2616 WMPNetworkSvc - ok
09:08:26.0514 2616 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
09:08:26.0522 2616 WPCSvc - ok
09:08:26.0598 2616 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
09:08:26.0604 2616 WPDBusEnum - ok
09:08:26.0684 2616 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
09:08:26.0686 2616 WpdUsb - ok
09:08:26.0837 2616 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:08:26.0870 2616 WPFFontCache_v0400 - ok
09:08:26.0928 2616 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:08:26.0929 2616 ws2ifsl - ok
09:08:27.0000 2616 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\system32\wscsvc.dll
09:08:27.0006 2616 wscsvc - ok
09:08:27.0028 2616 WSearch - ok
09:08:27.0157 2616 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
09:08:27.0213 2616 wuauserv - ok
09:08:27.0295 2616 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:08:27.0297 2616 WUDFRd - ok
09:08:27.0351 2616 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
09:08:27.0357 2616 wudfsvc - ok
09:08:27.0455 2616 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
09:08:27.0456 2616 XAudio - ok
09:08:27.0504 2616 XAudioService (15a317674a08df26be65164d959e9203) C:\Windows\system32\DRIVERS\xaudio.exe
09:08:27.0510 2616 XAudioService - ok
09:08:27.0580 2616 yukonwlh (7d4cca3659fa0780603206e3d12a993f) C:\Windows\system32\DRIVERS\yk60x86.sys
09:08:27.0584 2616 yukonwlh - ok
09:08:27.0618 2616 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:08:27.0686 2616 \Device\Harddisk0\DR0 - ok
09:08:27.0692 2616 Boot (0x1200) (1e1680d6df7e87b3580de824682c66e6) \Device\Harddisk0\DR0\Partition0
09:08:27.0694 2616 \Device\Harddisk0\DR0\Partition0 - ok
09:08:27.0698 2616 ============================================================
09:08:27.0698 2616 Scan finished
09:08:27.0699 2616 ============================================================
09:08:27.0720 1440 Detected object count: 0
09:08:27.0720 1440 Actual detected object count: 0








(((((((((((((((((((((((((((((((((aswMBR log))))))))))))))))))))))))))))))))))))))))))))))))))

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-30 09:08:39
-----------------------------
09:08:39.601 OS Version: Windows 6.0.6001 Service Pack 1
09:08:39.601 Number of processors: 2 586 0xF0D
09:08:39.603 ComputerName: RENATE-PC UserName: renate
09:08:40.751 Initialize success
09:08:56.962 AVAST engine defs: 12033000
09:09:13.663 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:09:13.689 Disk 0 Vendor: FUJITSU_ 0041 Size: 152627MB BusType: 3
09:09:13.694 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000061
09:09:13.700 Disk 1 Vendor: RICOH 01 Size: 152627MB BusType: 0
09:09:13.707 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000062
09:09:13.714 Disk 2 Vendor: RICOH 02 Size: 152627MB BusType: 0
09:09:13.737 Disk 0 MBR read successfully
09:09:13.744 Disk 0 MBR scan
09:09:13.754 Disk 0 Windows VISTA default MBR code
09:09:13.763 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9107 MB offset 2048
09:09:13.782 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 143518 MB offset 18653184
09:09:13.796 Disk 0 scanning sectors +312579760
09:09:13.868 Disk 0 scanning C:\Windows\system32\drivers
09:09:27.585 Service scanning
09:10:09.004 Modules scanning
09:10:14.908 Disk 0 trace - called modules:
09:10:14.947 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
09:10:14.957 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d89238]
09:10:14.968 3 CLASSPNP.SYS[87da9745] -> nt!IofCallDriver -> [0x84d7ec50]
09:10:14.978 5 acpi.sys[806936a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84d80028]
09:10:16.047 AVAST engine scan C:\Windows
09:10:20.523 AVAST engine scan C:\Windows\system32
09:15:00.208 AVAST engine scan C:\Windows\system32\drivers
09:15:16.874 AVAST engine scan C:\Users\renate
09:16:19.440 File: C:\Users\renate\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\43916111-7bc5d99d **INFECTED** Win32:Malware-gen
09:16:30.759 File: C:\Users\renate\AppData\Roaming\BigFishv1002\BigFishv1002\ruamntmv.dll **INFECTED** Win32:Dropper-KLA [Trj]
09:25:31.833 AVAST engine scan C:\ProgramData
09:29:33.106 Scan finished successfully
09:48:42.393 Disk 0 MBR has been saved successfully to "C:\Users\renate\Desktop\MBR.dat"
09:48:42.405 The log file has been saved successfully to "C:\Users\renate\Desktop\aswMBR.txt"

#6 Patty O Furniture

Patty O Furniture
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 30 March 2012 - 08:54 AM

Good morning,

Please find the two requested logs above.

Just wanted to add that the start menu items are unhidden now - thanks for that.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:18 PM

Posted 30 March 2012 - 01:10 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
C:\Users\renate\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17

File::
C:\Users\renate\AppData\Roaming\BigFishv1002\BigFishv1002\ruamntmv.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Patty O Furniture

Patty O Furniture
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 30 March 2012 - 02:14 PM

Hello again,

Original problems: Hidden start menu items, browser (google) redirects.

Currently: Everything seems to be running fine!

Thanks so much! There's still a "System Check" icon on my desktop, which I assume is now rather inert. Safe to delete?


=========================================ComboFix log=========================================================

ComboFix 12-03-30.01 - renate 03/30/2012 14:31:52.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1914.920 [GMT -4:00]
Running from: c:\users\renate\Desktop\ComboFix.exe
Command switches used :: c:\users\renate\Desktop\CFScript.txt
AV: Windows Live OneCare *Disabled/Outdated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
FW: Windows Live OneCare *Enabled* {87676AF9-B8BC-7418-1F63-59FBEF2E291D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Live OneCare *Disabled/Outdated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
.
FILE ::
"c:\users\renate\AppData\Roaming\BigFishv1002\BigFishv1002\ruamntmv.dll"
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2012-03-30 18:42 . 2012-03-30 18:47 -------- d-----w- c:\users\renate\AppData\Local\temp
2012-03-30 18:42 . 2012-03-30 18:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-30 05:43 . 2006-11-02 09:45 16896 ----a-w- c:\windows\system32\grpconv.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-29 06:53 . 2011-10-09 04:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2008-06-14 00:07 303104 ------w- c:\ddi\OverIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"googletalk"="c:\users\renate\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"MMAgent"="c:\program files\Mobile Master\MMAgent.exe" [2010-08-05 1379776]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2010-07-27 67456]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-04 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2008-06-27 77824]
"VAIOMyMemCenter"="c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" [2008-02-29 679936]
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]
"VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-05-20 24576]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-09-10 676520]
"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2008-09-10 16040]
"Lexmark 5600-6600 Series Fax Server"="c:\program files\Lexmark 5600-6600 Series\fm3032.exe" [2008-09-10 311976]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2010-02-05 65256]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AOLDDI.LNK - c:\ddi\AOLICON.exe [N/A]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-13 972064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-16 01:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-30 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-08-26 15:11]
.
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{E525C0E4-9A8B-42B4-BAC6-3159FB5CAEE9}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
FF - ProfilePath - c:\users\renate\AppData\Roaming\Mozilla\Firefox\Profiles\q7spa9b1.default\
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z125&form=ZGAADF&install_date=20110802&q=
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-30 14:47
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1144)
c:\ddi\overicon.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
c:\windows\RtkAudioService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\iWin Games\iWinTrusted.exe
c:\windows\system32\lxducoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Sony\VAIO Power Management\SPMService.exe
c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\program files\Microsoft Windows OneCare Live\winss.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\VAIO Care\VCsystray.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-03-30 14:53:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-30 18:52
ComboFix2.txt 2012-03-30 09:27
.
Pre-Run: 467,304,448 bytes free
Post-Run: 2,204,098,560 bytes free
.
- - End Of File - - CC23A2EA91389D766A12C9B40E4685C1

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:18 PM

Posted 30 March 2012 - 08:06 PM

Hello


I want you to uninstall firefox and when asked about user data I want that removed also


when that is complete I want you to reinstall it andf let me know if the problem comtinues


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Patty O Furniture

Patty O Furniture
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 30 March 2012 - 11:56 PM

Hi Gringo,

Hope you're having a lovely evening.

Uninstall seems to have worked - no redirects in roughly 30 Google search click-thrus. However, that's exactly what happened after running the ComboFix script last night, and the redirects started again the next morning. But hopefully this one will stick =) Anything else I should do?

And two questions:

- Can I delete the System Check icon from the desktop, or should I wait till we're sure everything is clean?
- Though I deleted all personal user data like you asked, I did save one backup file of my firefox bookmarks elsewhere before uninstalling? Was that a bad idea? Can I import those back in?

(Ok, 3 questions. Sue me.)

Thanks again for all your help,
Patty

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:18 PM

Posted 31 March 2012 - 12:57 AM

Hello Patty

Can I delete the System Check icon from the desktop, or should I wait till we're sure everything is clean? go ahead and delete it - let me know if you had any problems doing this

- Though I deleted all personal user data like you asked, I did save one backup file of my firefox bookmarks elsewhere before uninstalling? Was that a bad idea? Can I import those back in? lets wait 24 hours and see if the redirects come back and when we are sure they do not then import them back in - if the redirects come back after that you know what you have to do


I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Patty O Furniture

Patty O Furniture
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 31 March 2012 - 06:13 AM

Update for Microsoft Office 2007 (KB2508958)
3Planesoft Screensaver Manager 1.2
7 Wonders
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop Lightroom 2
Adobe Reader 9
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Adventures of Robinson Crusoe
Agatha Christie - Death on the Nile
Alabama Smith: Escape from Pompeii
Amazing Adventures: Around the World
Amazing Adventures: The Lost Tomb
Amazing Finds
Anki
AOL Toolbar 5.0
Apple Mobile Device Support
Apple Software Update
ArcSoft Magic-i Visual Effects
ArcSoft WebCam Companion 2
Around the World in 80 Days
Atlantis (remove only)
Axle-B
Bible Word Scramble
Bible Word Search
Big Fish Games Client
BitPim 1.0.7
BitTorrent
Bonjour
Bubble Town
Business Contact Manager for Outlook 2007 SP2
Call of Atlantis
Can You See What I See?
Can You See What I See? Dream Machine
Canon MG8100 series MP Drivers
Caribbean Hideaway
Click to Call with Skype
Click to Disc
Click to Disc Editor
Compatibility Pack for the 2007 Office system
Connect
Cooking Quest
Cradle of Persia
Dream Day First Home
Dream Day Honeymoon
Dream Day Wedding
Dream Day Wedding: Married in Manhattan
Enchanted Cavern
ffdshow (remove only)
Finders Keepers
Fishdom
G2 - Geeks Unleashed
Gemsweeper
Glyph 2
Google Gmail Notifier
Google Talk (remove only)
Gourmania
GTOneCare
Hawaiian Explorer 2: Lost Island
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Hidden Expedition: Titanic™
Hidden Relics
Hidden World of Art
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hoyle Enchanted Puzzles
Intel® Graphics Media Accelerator Driver
Interpol: The Trail of Dr. Chaos
iTunes
iWin Games (remove only)
Java Auto Updater
Java™ 6 Update 22
Java™ SE Runtime Environment 6
Jewel Quest Solitaire (remove only)
Jewel Quest Solitaire II (remove only)
Koi Pond 3D Screensaver (CD Version) 1.0
kuler
Lexmark 5600-6600 Series
Lexmark Printable Web
Lexmark Toolbar
Lexmark Tools for Office
LG USB Modem driver
Luxor 3
Luxor: Quest for the Afterlife
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Security Scan Plus
MegaBounce 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Protection Service
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows Live OneCare Resources v2.5.2900.30
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v2.5.2900.30
Microsoft Windows OneCare Live v2.5.2900.30 Idcrl Install
Microsoft Works
Mobile Master
Mobile Master 7.7.2
Monarch - The Butterfly King
Mosaic Tomb of Mystery
Mozilla Firefox 7.0.1 (x86 en-US)
MP3MyMP3 3.1
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Music Transfer
Mystery Case Files: Huntsville ™
Mystery Case Files: Prime Suspects ™
Mystery P.I. - The Lottery Ticket
Mystery P.I.: The New York Fortune
Mystery Stories: Berlin Nights
Napster
Napster Burn Engine
Neptune's Secret
Neverland
Nick Chase: A Detective Story ™
OpenMG Secure Module 5.1.00
Ouba - The Great Journey
PDF Settings CS4
Peggle Deluxe 1.0
Photoshop Camera Raw
Pictureka! - Museum Mayhem
Practice Questions for NCLEX-RN
Primo
PX Engine
QuickBooks Simple Start 2008
QuickTime
Realtek High Definition Audio Driver
Reiner Knizia's Ingenious
Ricochet Recharged (remove only)
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Samorost 2
SayPad
Season Match
Season Match 2
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Setting Utility Series
Skype™ 5.5
SmartWi Connection Utility
Sony Picture Utility
Sony Video Shared Library
Sprill
Sprill: The Mystery of the Bermuda Triangle
StuffIt Expander 2009
Suite Shared Configuration CS4
SupportSoft Assisted Service
Synaptics Pointing Device Driver
The Mysterious City: Golden Prague
The Nightshift Code
The Race
Time Quest
Treasures of the Ancient Cavern
Uniblue RegistryBooster
Unity Web Player
Unwell Mel ™
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO Care
VAIO Content Folder Setting
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Event Service
VAIO Help and Support
VAIO Launcher
VAIO Media plus
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO My Memory Center
VAIO OOBE and Welcome Center
VAIO Original Function Setting
VAIO Power Management
VAIO Presentation Support
VAIO Startup Assistant
VAIO Survey
VAIO Update 4
VAIO Wallpaper Contents
VAIO Wireless Wizard
Watchtower Library 2008 - English
Watchtower Library 2008 - Español
Watchtower Library 2010 - ???
Watchtower Library 2010 - English
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinDVD for VAIO
WinRAR archiver
World Mosaics
World Voyage
Xvid 1.2.2 final uninstall

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:18 PM

Posted 31 March 2012 - 10:21 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9
BitTorrent
Java™ 6 Update 22
Java™ SE Runtime Environment 6
McAfee Security Scan Plus
Uniblue RegistryBooster
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Patty O Furniture

Patty O Furniture
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 31 March 2012 - 06:20 PM

Hi Gringo,

Hope all is well. Thanks again for the continued help.

Two questions:

1) Thanks for the P2P info. I'm revealing my ignorance here - based on the program list in my last post, would you please be so kind as to tell me what P2P programs I have installed? I'm aware of some of them, but it sounds like there are more. I'm the owner/admin of this machine, but other people in my family have installed a lot of programs and garbage (as evidenced by all those games you see), and I'd like to make sure I'm aware of ANY and all P2P programs so that I can make an informed decision. I just have no idea what some of them are called. Thank you!

2) CCleaner looks nice, but the free version is not available from the link you provided. Were you recommending I use the paid version, or just that I click through to one of the listed sites to DL the free version?


The redirects, missing programs, and everything else seem to be resolved. However, as mentioned earlier, I still haven't restored my old bookmarks from file. I'll do that later this evening, and see if any problems return.

Thanks again, Gringo =)

==================================================HijackThis log================================================================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:57:29 PM, on 3/31/2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SmartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
O4 - HKLM\..\Run: [VAIOMyMemCenter] "C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" 1
O4 - HKLM\..\Run: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
O4 - HKLM\..\Run: [VAIOSurvey] "C:\Program Files\Sony\VAIO Survey\VAIO Sat Survey.exe"
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [Lexmark 5600-6600 Series Fax Server] "C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [googletalk] C:\Users\renate\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [MMAgent] C:\Program Files\Mobile Master\MMAgent.exe
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: AOLDDI.LNK = C:\DDI\AOLICON.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9773 bytes


=======================================================MBAM log==================================================================

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.27.03

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
renate :: RENATE-PC [administrator]

3/31/2012 6:38:51 PM
mbam-log-2012-03-31 (18-38-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192971
Time elapsed: 6 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#15 Patty O Furniture

Patty O Furniture
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 31 March 2012 - 06:28 PM

Sorry for double post - didn't realize MBAM was slightly out-of-date. Updated, ran again, results and log were exactly the same.

Take care!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users