Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect virus


  • This topic is locked This topic is locked
24 replies to this topic

#1 bobbyam

bobbyam

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 04 April 2012 - 07:41 PM

hello,
A few days ago my laptop went crazy and I kept getting loads of critical system/hard drive errors come up to the point that I couldn't click on anything else and everything in my start menu and desktop shortcuts had disappeared and my desktop was changed to a plain black background. Also, there was a popup called s.m.a.r.t on my desktop, supposedly doing a virus scan but I have never seen or downloaded this before so I guessed it to be apart of the problem/virus. I did a system restore in safe mode and that seemed to fix the problem but since then whenever I try and click a search result in Google and some other search engines too, it redirects me to some dodgy links which don't usually work or load. I can't remember all of the ones that I've been redirected to off the top of my head but I can remember it includes jiangnan-pm[dot]com and teenbabes[dot]com (neither of these loaded)

The browser I use is Opera but I'm also experiencing the same problems in Internet explorer

I am running windows 7

please help before it gets worse! :(

Also, I am not very good with computers/jargon, sorry

Thanks in advance!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:55 PM

Posted 05 April 2012 - 02:07 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 bobbyam

bobbyam
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 06 April 2012 - 06:43 AM

Hello Gringo, thanks for helping

I had trouble disabling my AVG, I looked all over it and cannot see any option to do so? I added DSS to the PUP exceptions... this is what the two logs look like with AVG running

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Bobby at 12:27:06 on 2012-04-06
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.1979.671 [GMT 1:00]
.
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Bobby\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Bobby\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {32B29DF0-2237-4370-9A29-37CEBB730E9B} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe -update activex
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
StartupFolder: C:\Users\Bobby\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Bobby\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.16.0.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{027450CF-1DA4-494A-A7CA-7D8227ECB53E} : DhcpNameServer = 10.11.150.1 10.30.251.1 10.11.150.2
TCP: Interfaces\{A8001E4C-3DB7-4F7D-95D9-E7B83FEAD680} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A8001E4C-3DB7-4F7D-95D9-E7B83FEAD680}\35B4954353736333 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A8001E4C-3DB7-4F7D-95D9-E7B83FEAD680}\35B4957334934443 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A8001E4C-3DB7-4F7D-95D9-E7B83FEAD680}\8445340205F627471626C6560284F6473707F647 : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
BHO-X64: SMTTB2009 - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
TB-X64: HyperCam Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {32B29DF0-2237-4370-9A29-37CEBB730E9B} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-10-23 89600]
R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-9-24 921952]
R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-9-24 308136]
R2 BecHelperService;BecHelperService;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2012-3-29 1740696]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2009-11-5 126392]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-7 227896]
S3 DCamUSBET;ET USB 2710 Camera;C:\Windows\system32\DRIVERS\etDevice64.sys --> C:\Windows\system32\DRIVERS\etDevice64.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys --> C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [?]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\system32\DRIVERS\ewusbwwan.sys --> C:\Windows\system32\DRIVERS\ewusbwwan.sys [?]
S3 FiltUSBET;ET USB Device Lower Filter;C:\Windows\system32\DRIVERS\etFilter64.sys --> C:\Windows\system32\DRIVERS\etFilter64.sys [?]
S3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw1v64.sys --> C:\Windows\system32\DRIVERS\NETw1v64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-5 225280]
S3 ScanUSBET;ET USB Still Image Capture Device;C:\Windows\system32\DRIVERS\etScan64.sys --> C:\Windows\system32\DRIVERS\etScan64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-04-02 12:28:30 -------- d-----w- C:\ProgramData\Driving Test Success
2012-04-02 11:40:59 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2012-04-02 11:40:59 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2012-04-02 11:40:59 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2012-04-02 11:40:59 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2012-04-02 11:40:57 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2012-04-02 11:40:57 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2012-04-02 10:46:45 -------- d-s---w- C:\ComboFix
2012-04-02 01:59:58 -------- d-----w- C:\Windows\Hewlett-Packard
2012-04-02 01:56:43 -------- d-----w- C:\Program Files (x86)\Driving Test Success - All Tests 2012 Edition2
2012-03-30 04:58:25 -------- d-----w- C:\Program Files (x86)\Driving Test Success - All Tests 2012 Edition
2012-03-29 10:34:09 -------- d--h--w- C:\Users\Bobby\AppData\Roaming\SPSSInc
2012-03-29 09:50:48 -------- d-----w- C:\Users\Bobby\AppData\Roaming\Birdstep Technology
2012-03-29 09:50:12 10240 ----a-w- C:\Windows\SysWow64\drivers\mdvrmng.sys
2012-03-29 09:50:09 -------- d-----w- C:\Program Files (x86)\3 Mobile Broadband
2012-03-28 14:19:25 -------- d--h--w- C:\Users\Bobby\.spss
2012-03-28 14:19:04 -------- d--h--w- C:\Users\Bobby\AppData\Local\IBM
2012-03-28 14:18:55 -------- d--h--w- C:\Users\Bobby\AppData\Local\javasharedresources
2012-03-28 06:11:12 -------- d-----w- C:\ProgramData\SafeNet Sentinel
2012-03-28 06:07:46 -------- d-----w- C:\Program Files\Common Files\IBM
2012-03-28 06:04:29 1025 ----a-w- C:\Windows\SysWow64\sysprs7.dll
2012-03-28 06:04:23 205 ----a-w- C:\Windows\SysWow64\lsprst7.dll
2012-03-28 05:25:19 -------- d-----w- C:\Users\Bobby\DownloadDirector
2012-03-15 09:31:59 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-15 09:31:58 3957616 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-15 09:31:57 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 14:14:20 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 14:14:19 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 14:14:18 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-14 14:14:18 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-14 14:14:18 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-14 14:14:18 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-14 14:14:18 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-14 14:14:18 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-14 14:14:18 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-03-14 14:14:18 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-14 14:14:18 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 14:13:50 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 14:13:50 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 14:13:50 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 14:13:38 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 14:13:38 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 14:13:38 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 14:13:38 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-09 09:12:28 -------- d--h--w- C:\Users\Bobby\AppData\Local\{B588CB68-D28A-4791-BA63-C33311E60985}
2012-03-09 09:12:17 -------- d--h--w- C:\Users\Bobby\AppData\Local\{E3846730-E415-4281-B669-25144CB3FE50}
.
==================== Find3M ====================
.
.
============= FINISH: 12:37:34.49 ===============







.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 23/09/2010 19:17:03
System Uptime: 06/04/2012 12:05:29 (0 hours ago)
.
Motherboard: Hewlett-Packard | | 3069
Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 136 GiB total, 70.238 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.077 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: TCP/IP Protocol Driver
Device ID: ROOT\LEGACY_TCPIP\0000
Manufacturer:
Name: TCP/IP Protocol Driver
PNP Device ID: ROOT\LEGACY_TCPIP\0000
Service: Tcpip
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: NAVEX15
Device ID: ROOT\LEGACY_NAVEX15\0000
Manufacturer:
Name: NAVEX15
PNP Device ID: ROOT\LEGACY_NAVEX15\0000
Service: NAVEX15
.
==== System Restore Points ===================
.
RP203: 02/04/2012 13:47:04 - Installed DirectX
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
3Connect
4Media iPod to PC Transfer
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.0.1)
Adobe Shockwave Player
Apple Application Support
Apple Software Update
Audacity 1.2.6
AVG Free 9.0
BufferChm
C4600
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 8
CyberLink YouCam
D3DX10
Destinations
DeviceDiscovery
DivX Setup
Driving Test Success - All Tests 2012 Edition
Dropbox
Free Audio CD Burner version 1.4
GPBaseService2
HP Advisor
HP Customer Experience Enhancements
HP Games
HP Photo Creations
HP Quick Launch Buttons
HP Setup
HP Support Assistant
HP Update
HP User Guides 0148
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPProductAssistant
HPSSupply
Huawei modem
HyperCam 2
HyperCam Toolbar
IDT Audio
inflightTM référencer TE
Java Auto Updater
Java™ 6 Update 20
Java™ 6 Update 22
Java™ 6 Update 29
Junk Mail filter update
LabelPrint
LightScribe System Software
Magic Desktop
MarketResearch
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MP3 Rocket
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
Norton Online Backup
OpenOffice.org 3.3
Opera 11.62
Power2Go
PowerDirector
PS_AIO_05_C4600_Software_Min
QLBCASL
QuickTime
QuickTransfer
RealPlayer
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.0
Recovery Manager
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Skype Click to Call
Skype™ 5.5
SmartWebPrinting
SMRecorder 1.2.0
SolutionCenter
Status
System Requirements Lab CYRI
The Sims Deluxe Edition
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
Veoh Giraffic Video Accelerator
Veoh Web Player
Visual C++ 8.0 Runtime Setup Package (x64)
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
YouTube Downloader 2.7.1
.
==== Event Viewer Messages From Past Week ========
.
31/03/2012 22:57:06, Error: bowser [8003] - The master browser has received a server announcement from the computer EUGENE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A8001E4C-3DB7-4F7D-95D9-E7B83FEAD680}. The master browser is stopping or an election is being forced.
31/03/2012 02:20:49, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
30/03/2012 18:46:55, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SessionEnv service.
30/03/2012 04:00:27, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WwanSvc service.
06/04/2012 12:06:13, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP
06/04/2012 12:06:09, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
06/04/2012 12:05:50, Error: Service Control Manager [7000] - The Mobile IP Route Manager service failed to start due to the following error: This driver has been blocked from loading
06/04/2012 12:05:50, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\mdvrmng.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
06/04/2012 12:05:34, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
06/04/2012 12:05:34, Error: SRTSP [4] - Error loading virus definitions.
03/04/2012 19:39:45, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
03/04/2012 11:25:30, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
03/04/2012 11:19:43, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
03/04/2012 11:19:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
03/04/2012 11:18:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
03/04/2012 11:18:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
03/04/2012 11:18:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
03/04/2012 11:18:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
03/04/2012 11:18:05, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
03/04/2012 11:17:57, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
03/04/2012 11:17:44, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
03/04/2012 11:17:43, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx64 AvgMfx64 AvgTdiA DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
03/04/2012 11:17:42, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
03/04/2012 11:17:42, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
03/04/2012 11:17:42, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
03/04/2012 11:17:42, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
03/04/2012 11:17:42, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
03/04/2012 11:17:42, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
03/04/2012 11:17:42, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
03/04/2012 11:17:42, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
03/04/2012 11:17:42, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
03/04/2012 11:17:42, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
03/04/2012 11:17:42, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
02/04/2012 12:35:12, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
02/04/2012 11:40:08, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
02/04/2012 11:40:08, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
02/04/2012 11:40:08, Error: Service Control Manager [7034] - The Easybits Shared Services for Windows service terminated unexpectedly. It has done this 1 time(s).
02/04/2012 02:16:57, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx64 AvgMfx64 AvgTdiA DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX tdx vwififlt Wanarpv6 WfpLwf
02/04/2012 01:05:16, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
02/04/2012 01:05:08, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
02/04/2012 01:01:35, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
01/04/2012 23:18:03, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:55 PM

Posted 06 April 2012 - 01:18 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 bobbyam

bobbyam
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 08 April 2012 - 01:04 PM

hello,
I disabled avg and ran combofix but it did not produce any logs. the bar that shows combofix got almost to the end and then the whole program closed, I tried running it again after restarting but the same thing happened

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:55 PM

Posted 08 April 2012 - 02:34 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 bobbyam

bobbyam
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 08 April 2012 - 03:26 PM

Hello, I attempted running combofix a few more time before seeing your post and it worked

this is the log:


ComboFix 12-04-07.04 - Bobby 08/04/2012 19:39:31.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.1979.989 [GMT 1:00]
Running from: c:\users\Bobby\Desktop\ComboFix2.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\HyperCam Toolbar\tbHElper.dll
c:\programdata\yek0g8IohycC96
c:\users\Bobby\IGMPro11ENSetup.exe
c:\windows\SysWow64\lsprst7.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 19:18 . 2012-04-08 19:18 -------- d-----w- c:\users\Mcx1-BOBBY-PC\AppData\Local\temp
2012-04-08 19:18 . 2012-04-08 19:18 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-08 19:18 . 2012-04-08 19:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-08 17:51 . 2012-04-08 18:28 -------- d-----w- C:\ComboFix
2012-04-08 17:35 . 2012-04-08 17:35 -------- d-----w- c:\users\Bobby\AppData\Roaming\AVG2012
2012-04-08 17:32 . 2012-04-08 17:55 -------- d-----w- c:\programdata\AVG2012
2012-04-08 17:32 . 2012-04-08 17:46 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-08 17:17 . 2012-04-08 17:46 -------- d-----w- c:\programdata\MFAData
2012-04-06 11:29 . 2012-04-06 11:29 -------- d-----w- c:\users\Bobby\AppData\Roaming\AVG9
2012-04-02 11:40 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2012-04-02 11:40 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2012-04-02 11:40 . 2008-10-15 05:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2012-04-02 11:40 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2012-04-02 11:40 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-04-02 11:40 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-04-02 01:59 . 2012-04-02 01:59 -------- d-----w- c:\windows\Hewlett-Packard
2012-03-30 04:58 . 2012-04-06 11:51 -------- d-----w- c:\program files (x86)\Driving Test Success - All Tests 2012 Edition
2012-03-29 10:34 . 2012-03-29 10:34 -------- d--h--w- c:\users\Bobby\AppData\Roaming\SPSSInc
2012-03-29 09:50 . 2012-04-02 01:28 -------- d-----w- c:\users\Bobby\AppData\Roaming\Birdstep Technology
2012-03-29 09:50 . 2011-03-23 15:17 10240 ----a-w- c:\windows\SysWow64\drivers\mdvrmng.sys
2012-03-29 09:50 . 2012-04-02 01:23 -------- d-----w- c:\program files (x86)\3 Mobile Broadband
2012-03-28 14:19 . 2012-03-28 14:19 -------- d--h--w- c:\users\Bobby\.spss
2012-03-28 14:19 . 2012-03-28 14:19 -------- d--h--w- c:\users\Bobby\AppData\Local\IBM
2012-03-28 14:18 . 2012-03-28 14:18 -------- d--h--w- c:\users\Bobby\AppData\Local\javasharedresources
2012-03-28 06:11 . 2012-04-02 01:24 -------- d-----w- c:\programdata\SafeNet Sentinel
2012-03-28 06:07 . 2012-04-02 01:23 -------- d-----w- c:\program files\Common Files\IBM
2012-03-28 06:04 . 2012-03-28 06:04 1025 ----a-w- c:\windows\SysWow64\sysprs7.dll
2012-03-28 05:25 . 2012-04-02 01:30 -------- d-----w- c:\users\Bobby\DownloadDirector
2012-03-15 09:31 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 09:31 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 09:31 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 14:14 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 14:14 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 14:14 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 14:14 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 14:14 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 14:14 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 14:14 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 14:14 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-14 14:14 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-14 14:14 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-14 14:14 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-14 14:13 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 14:13 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 14:13 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 14:13 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 14:13 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 14:13 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 14:13 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 04:25 . 2012-02-22 04:25 382032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-02-22 04:25 . 2012-02-22 04:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-01-31 03:46 . 2012-01-31 03:46 36944 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Bobby\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Bobby\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Bobby\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA&inst=NwA3AC0ANAA1ADYANQA2ADkAMwA2ADEALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQAxADAAQQArADIALQBYAE8AOQArADEALQBGADkATQAyACsAMQAtAEQARABUACsAMQAyADcAOQA5AC0ARABEADkAMABGACsAMQAtAFMAVAA5ADAARgBBAFAAUAArADEALQBGADkAMABNADEAMgBEAE4AKwAxAC0AVABCAE4AKwAxAC0AVQA5ADUAKwAxAC0ATAA5ADAATQBJACsAMQAtAEYAOQAwAE0AMQAyAEkAVAArADEA&prod=90&ver=9.0.894" [?]
.
c:\users\Bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bobby\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-02-14 2316624]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 DCamUSBET;ET USB 2710 Camera;c:\windows\system32\DRIVERS\etDevice64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\DRIVERS\etFilter64.sys [x]
R3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\DRIVERS\etScan64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidseha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-10-23 89600]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2011-03-23 1740696]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-01-22 2230416]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2009-08-24 126392]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 11:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Bobby\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Bobby\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Bobby\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Bobby\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-07 171520]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-10-23 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-10 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-10 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-10 365592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{32b29df0-2237-4370-9a29-37cebb730e9b} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{32B29DF0-2237-4370-9A29-37CEBB730E9B} - (no file)
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Giraffic\Veoh_Giraffic.exe
c:\program files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
c:\program files (x86)\AVG\AVG2012\avgcfgex.exe
.
**************************************************************************
.
Completion time: 2012-04-08 20:46:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-08 19:46
.
Pre-Run: 82,243,055,616 bytes free
Post-Run: 84,098,961,408 bytes free
.
- - End Of File - - 05B700C3376A6695CD1AA1DC2B710438


Also, don't seem to be experiencing problems with Google anymore whilst using Opera, but I tried to check internet explorer and the moment I clicked on a link, through Bing, AVG detected a threat and restarted my computer

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:55 PM

Posted 08 April 2012 - 09:37 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 bobbyam

bobbyam
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 09 April 2012 - 01:02 PM

Hello again,

TDSS log:


18:50:01.0936 3012 TDSS rootkit removing tool 2.7.27.0 Apr 9 2012 09:53:37
18:50:03.0820 3012 ============================================================
18:50:03.0821 3012 Current date / time: 2012/04/09 18:50:03.0820
18:50:03.0821 3012 SystemInfo:
18:50:03.0821 3012
18:50:03.0821 3012 OS Version: 6.1.7600 ServicePack: 0.0
18:50:03.0821 3012 Product type: Workstation
18:50:03.0821 3012 ComputerName: BOBBY-PC
18:50:03.0821 3012 UserName: Bobby
18:50:03.0821 3012 Windows directory: C:\Windows
18:50:03.0821 3012 System windows directory: C:\Windows
18:50:03.0821 3012 Running under WOW64
18:50:03.0821 3012 Processor architecture: Intel x64
18:50:03.0821 3012 Number of processors: 1
18:50:03.0821 3012 Page size: 0x1000
18:50:03.0821 3012 Boot type: Normal boot
18:50:03.0821 3012 ============================================================
18:50:05.0345 3012 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:50:05.0350 3012 \Device\Harddisk0\DR0:
18:50:05.0350 3012 MBR used
18:50:05.0350 3012 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:50:05.0350 3012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x110C3800
18:50:05.0350 3012 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11127800, BlocksNum 0x18F1800
18:50:05.0426 3012 Initialize success
18:50:05.0427 3012 ============================================================
18:50:25.0399 5048 ============================================================
18:50:25.0400 5048 Scan started
18:50:25.0400 5048 Mode: Manual;
18:50:25.0400 5048 ============================================================
18:50:29.0045 5048 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:50:29.0077 5048 1394ohci - ok
18:50:29.0143 5048 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:50:29.0149 5048 ACPI - ok
18:50:29.0191 5048 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:50:29.0204 5048 AcpiPmi - ok
18:50:29.0261 5048 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:50:29.0275 5048 adp94xx - ok
18:50:29.0313 5048 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:50:29.0319 5048 adpahci - ok
18:50:29.0348 5048 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:50:29.0356 5048 adpu320 - ok
18:50:29.0405 5048 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:50:29.0407 5048 AeLookupSvc - ok
18:50:29.0518 5048 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
18:50:29.0526 5048 AESTFilters - ok
18:50:29.0600 5048 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
18:50:29.0613 5048 AFD - ok
18:50:29.0694 5048 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
18:50:29.0760 5048 AgereSoftModem - ok
18:50:29.0798 5048 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:50:29.0814 5048 agp440 - ok
18:50:29.0850 5048 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:50:29.0866 5048 ALG - ok
18:50:29.0913 5048 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:50:29.0915 5048 aliide - ok
18:50:29.0952 5048 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:50:29.0954 5048 amdide - ok
18:50:30.0039 5048 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:50:30.0056 5048 AmdK8 - ok
18:50:30.0085 5048 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:50:30.0102 5048 AmdPPM - ok
18:50:30.0161 5048 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
18:50:30.0165 5048 amdsata - ok
18:50:30.0224 5048 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:50:30.0228 5048 amdsbs - ok
18:50:30.0260 5048 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
18:50:30.0263 5048 amdxata - ok
18:50:30.0322 5048 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:50:30.0336 5048 AppID - ok
18:50:30.0368 5048 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:50:30.0376 5048 AppIDSvc - ok
18:50:30.0499 5048 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
18:50:30.0502 5048 Appinfo - ok
18:50:30.0623 5048 Apple Mobile Device (70d7be78061126dd0c3accdb7e129017) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:50:30.0634 5048 Apple Mobile Device - ok
18:50:30.0695 5048 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:50:30.0698 5048 arc - ok
18:50:30.0739 5048 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:50:30.0746 5048 arcsas - ok
18:50:30.0796 5048 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:50:30.0809 5048 AsyncMac - ok
18:50:30.0842 5048 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:50:30.0842 5048 atapi - ok
18:50:30.0920 5048 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
18:50:30.0977 5048 athr - ok
18:50:31.0043 5048 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:50:31.0056 5048 AudioEndpointBuilder - ok
18:50:31.0073 5048 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:50:31.0078 5048 AudioSrv - ok
18:50:31.0154 5048 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
18:50:31.0173 5048 Avgfwfd - ok
18:50:31.0369 5048 avgfws (c0b5a964c1c329ed19e5a4b6e49ea1fe) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
18:50:31.0430 5048 avgfws - ok
18:50:31.0575 5048 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
18:50:31.0609 5048 AVGIDSAgent - ok
18:50:31.0688 5048 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
18:50:31.0691 5048 AVGIDSDriver - ok
18:50:31.0773 5048 AVGIDSEH (9650578c511527e218328df6d311b4fa) C:\Windows\system32\DRIVERS\avgidseha.sys
18:50:31.0775 5048 AVGIDSEH - ok
18:50:31.0814 5048 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
18:50:31.0816 5048 AVGIDSFilter - ok
18:50:31.0886 5048 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
18:50:31.0891 5048 Avgldx64 - ok
18:50:31.0930 5048 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
18:50:31.0933 5048 Avgmfx64 - ok
18:50:31.0987 5048 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
18:50:31.0995 5048 Avgrkx64 - ok
18:50:32.0037 5048 Avgtdia (e601444168adfb78afa22a1e270d9253) C:\Windows\system32\DRIVERS\avgtdia.sys
18:50:32.0066 5048 Avgtdia - ok
18:50:32.0214 5048 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
18:50:32.0215 5048 avgwd - ok
18:50:32.0268 5048 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
18:50:32.0292 5048 AxInstSV - ok
18:50:32.0410 5048 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:50:32.0438 5048 b06bdrv - ok
18:50:32.0544 5048 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:50:32.0569 5048 b57nd60a - ok
18:50:32.0614 5048 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:50:32.0627 5048 BDESVC - ok
18:50:32.0790 5048 BecHelperService (68bf3520fe759c91fd9182f36e585374) C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
18:50:32.0807 5048 BecHelperService - ok
18:50:32.0836 5048 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:50:32.0856 5048 Beep - ok
18:50:32.0910 5048 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
18:50:32.0923 5048 BFE - ok
18:50:33.0004 5048 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
18:50:33.0051 5048 BITS - ok
18:50:33.0107 5048 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:50:33.0119 5048 blbdrive - ok
18:50:33.0170 5048 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
18:50:33.0172 5048 Bonjour Service - ok
18:50:33.0215 5048 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
18:50:33.0218 5048 bowser - ok
18:50:33.0272 5048 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:50:33.0283 5048 BrFiltLo - ok
18:50:33.0305 5048 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:50:33.0316 5048 BrFiltUp - ok
18:50:33.0380 5048 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:50:33.0400 5048 BridgeMP - ok
18:50:33.0435 5048 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
18:50:33.0439 5048 Browser - ok
18:50:33.0468 5048 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:50:33.0512 5048 Brserid - ok
18:50:33.0537 5048 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:50:33.0549 5048 BrSerWdm - ok
18:50:33.0571 5048 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:50:33.0584 5048 BrUsbMdm - ok
18:50:33.0605 5048 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:50:33.0617 5048 BrUsbSer - ok
18:50:33.0673 5048 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:50:33.0694 5048 BTHMODEM - ok
18:50:33.0755 5048 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:50:33.0777 5048 bthserv - ok
18:50:33.0954 5048 catchme - ok
18:50:34.0008 5048 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:50:34.0025 5048 cdfs - ok
18:50:34.0072 5048 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:50:34.0091 5048 cdrom - ok
18:50:34.0145 5048 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:50:34.0147 5048 CertPropSvc - ok
18:50:34.0197 5048 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:50:34.0210 5048 circlass - ok
18:50:34.0242 5048 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:50:34.0262 5048 CLFS - ok
18:50:34.0329 5048 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:50:34.0349 5048 clr_optimization_v2.0.50727_32 - ok
18:50:34.0425 5048 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:50:34.0435 5048 clr_optimization_v2.0.50727_64 - ok
18:50:34.0585 5048 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:50:34.0614 5048 clr_optimization_v4.0.30319_32 - ok
18:50:34.0678 5048 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:50:34.0679 5048 clr_optimization_v4.0.30319_64 - ok
18:50:34.0767 5048 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:50:34.0785 5048 CmBatt - ok
18:50:34.0834 5048 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:50:34.0837 5048 cmdide - ok
18:50:34.0888 5048 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
18:50:34.0896 5048 CNG - ok
18:50:35.0016 5048 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
18:50:35.0032 5048 Com4QLBEx - ok
18:50:35.0076 5048 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:50:35.0079 5048 Compbatt - ok
18:50:35.0131 5048 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:50:35.0144 5048 CompositeBus - ok
18:50:35.0179 5048 COMSysApp - ok
18:50:35.0209 5048 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:50:35.0222 5048 crcdisk - ok
18:50:35.0286 5048 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
18:50:35.0295 5048 CryptSvc - ok
18:50:35.0373 5048 DCamUSBET (04f1dc6d20e145fb29c9536a5e4fda90) C:\Windows\system32\DRIVERS\etDevice64.sys
18:50:35.0409 5048 DCamUSBET - ok
18:50:35.0455 5048 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:50:35.0474 5048 DcomLaunch - ok
18:50:35.0514 5048 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:50:35.0519 5048 defragsvc - ok
18:50:35.0567 5048 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
18:50:35.0571 5048 DfsC - ok
18:50:35.0621 5048 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
18:50:35.0632 5048 Dhcp - ok
18:50:35.0661 5048 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:50:35.0668 5048 discache - ok
18:50:35.0732 5048 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:50:35.0735 5048 Disk - ok
18:50:35.0785 5048 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
18:50:35.0789 5048 Dnscache - ok
18:50:35.0822 5048 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
18:50:35.0830 5048 dot3svc - ok
18:50:35.0896 5048 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
18:50:35.0919 5048 Dot4 - ok
18:50:35.0972 5048 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:50:35.0983 5048 Dot4Print - ok
18:50:36.0016 5048 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
18:50:36.0033 5048 dot4usb - ok
18:50:36.0065 5048 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
18:50:36.0071 5048 DPS - ok
18:50:36.0104 5048 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:50:36.0115 5048 drmkaud - ok
18:50:36.0180 5048 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
18:50:36.0239 5048 DXGKrnl - ok
18:50:36.0294 5048 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:50:36.0299 5048 EapHost - ok
18:50:36.0541 5048 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:50:36.0673 5048 ebdrv - ok
18:50:36.0720 5048 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
18:50:36.0721 5048 EFS - ok
18:50:36.0805 5048 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
18:50:36.0857 5048 ehRecvr - ok
18:50:36.0887 5048 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:50:36.0905 5048 ehSched - ok
18:50:36.0972 5048 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:50:36.0987 5048 elxstor - ok
18:50:37.0022 5048 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:50:37.0047 5048 ErrDev - ok
18:50:37.0119 5048 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:50:37.0134 5048 EventSystem - ok
18:50:37.0202 5048 ewusbmbb (334c907536e815e56cd13108a6d5fb9d) C:\Windows\system32\DRIVERS\ewusbwwan.sys
18:50:37.0223 5048 ewusbmbb - ok
18:50:37.0277 5048 ew_hwusbdev (86f7951bbcee4a86e79a97306bd14318) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
18:50:37.0311 5048 ew_hwusbdev - ok
18:50:37.0369 5048 ew_usbenumfilter (55e0eda185869f7ea67ea97fd0655b39) C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
18:50:37.0387 5048 ew_usbenumfilter - ok
18:50:37.0426 5048 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:50:37.0476 5048 exfat - ok
18:50:37.0511 5048 ezSharedSvc - ok
18:50:37.0538 5048 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:50:37.0582 5048 fastfat - ok
18:50:37.0643 5048 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
18:50:37.0656 5048 Fax - ok
18:50:37.0696 5048 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:50:37.0712 5048 fdc - ok
18:50:37.0765 5048 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:50:37.0767 5048 fdPHost - ok
18:50:37.0782 5048 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:50:37.0785 5048 FDResPub - ok
18:50:37.0809 5048 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:50:37.0813 5048 FileInfo - ok
18:50:37.0835 5048 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:50:37.0888 5048 Filetrace - ok
18:50:37.0964 5048 FiltUSBET (059b282b748d5e027b60e276cf424bad) C:\Windows\system32\DRIVERS\etFilter64.sys
18:50:38.0032 5048 FiltUSBET - ok
18:50:38.0065 5048 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:50:38.0088 5048 flpydisk - ok
18:50:38.0135 5048 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:50:38.0140 5048 FltMgr - ok
18:50:38.0224 5048 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
18:50:38.0252 5048 FontCache - ok
18:50:38.0310 5048 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:50:38.0317 5048 FontCache3.0.0.0 - ok
18:50:38.0348 5048 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:50:38.0412 5048 FsDepends - ok
18:50:38.0469 5048 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:50:38.0474 5048 Fs_Rec - ok
18:50:38.0589 5048 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:50:38.0600 5048 fvevol - ok
18:50:38.0650 5048 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:50:38.0679 5048 gagp30kx - ok
18:50:38.0783 5048 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
18:50:38.0791 5048 GameConsoleService - ok
18:50:38.0850 5048 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:50:38.0887 5048 GEARAspiWDM - ok
18:50:38.0984 5048 Giraffic - ok
18:50:39.0144 5048 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
18:50:39.0171 5048 gpsvc - ok
18:50:39.0190 5048 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:50:39.0209 5048 hcw85cir - ok
18:50:39.0271 5048 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
18:50:39.0320 5048 HdAudAddService - ok
18:50:39.0365 5048 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:50:39.0368 5048 HDAudBus - ok
18:50:39.0397 5048 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:50:39.0442 5048 HidBatt - ok
18:50:39.0480 5048 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:50:39.0518 5048 HidBth - ok
18:50:39.0567 5048 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:50:39.0597 5048 HidIr - ok
18:50:39.0636 5048 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:50:39.0638 5048 hidserv - ok
18:50:39.0687 5048 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:50:39.0708 5048 HidUsb - ok
18:50:39.0744 5048 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
18:50:39.0786 5048 hkmsvc - ok
18:50:39.0821 5048 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
18:50:39.0825 5048 HomeGroupListener - ok
18:50:39.0856 5048 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
18:50:39.0859 5048 HomeGroupProvider - ok
18:50:39.0988 5048 HP Health Check Service (be78357fb49759b79ccc01894bcfdddb) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
18:50:39.0989 5048 HP Health Check Service - ok
18:50:40.0038 5048 HPDrvMntSvc.exe (2dfb151fd34df104dac0adf070eda83c) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
18:50:40.0040 5048 HPDrvMntSvc.exe - ok
18:50:40.0144 5048 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:50:40.0148 5048 hpqcxs08 - ok
18:50:40.0186 5048 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
18:50:40.0188 5048 hpqddsvc - ok
18:50:40.0263 5048 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:50:40.0291 5048 HpqKbFiltr - ok
18:50:40.0417 5048 hpqwmiex (184c500cb9f69585f3fe85e1d2667cd8) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
18:50:40.0422 5048 hpqwmiex - ok
18:50:40.0484 5048 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:50:40.0486 5048 HpSAMD - ok
18:50:40.0539 5048 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:50:40.0552 5048 HTTP - ok
18:50:40.0611 5048 huawei_enumerator (1642c62f1fd5e1ff44608283994a7bb8) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
18:50:40.0622 5048 huawei_enumerator - ok
18:50:40.0692 5048 hwdatacard (04d1de1e8ace40ca396502c90524e945) C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:50:40.0718 5048 hwdatacard - ok
18:50:40.0747 5048 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:50:40.0748 5048 hwpolicy - ok
18:50:40.0828 5048 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:50:40.0856 5048 i8042prt - ok
18:50:40.0946 5048 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
18:50:40.0951 5048 iaStorV - ok
18:50:41.0074 5048 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:50:41.0101 5048 idsvc - ok
18:50:41.0314 5048 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:50:41.0551 5048 igfx - ok
18:50:41.0632 5048 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:50:41.0634 5048 iirsp - ok
18:50:41.0684 5048 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
18:50:41.0701 5048 IKEEXT - ok
18:50:41.0769 5048 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
18:50:41.0817 5048 IntcHdmiAddService - ok
18:50:41.0847 5048 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:50:41.0848 5048 intelide - ok
18:50:41.0886 5048 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:50:41.0887 5048 intelppm - ok
18:50:41.0937 5048 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:50:41.0939 5048 IPBusEnum - ok
18:50:41.0967 5048 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:50:42.0026 5048 IpFilterDriver - ok
18:50:42.0058 5048 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
18:50:42.0071 5048 iphlpsvc - ok
18:50:42.0101 5048 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:50:42.0149 5048 IPMIDRV - ok
18:50:42.0175 5048 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:50:42.0253 5048 IPNAT - ok
18:50:42.0340 5048 iPod Service (f0eac938ecc1b2764d04ce16f8627e56) C:\Program Files\iPod\bin\iPodService.exe
18:50:42.0346 5048 iPod Service - ok
18:50:42.0426 5048 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:50:42.0456 5048 IRENUM - ok
18:50:42.0548 5048 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:50:42.0549 5048 isapnp - ok
18:50:42.0577 5048 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:50:42.0623 5048 iScsiPrt - ok
18:50:42.0697 5048 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:50:42.0756 5048 kbdclass - ok
18:50:42.0840 5048 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:50:42.0870 5048 kbdhid - ok
18:50:42.0926 5048 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:50:42.0928 5048 KeyIso - ok
18:50:42.0948 5048 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
18:50:42.0955 5048 KSecDD - ok
18:50:42.0979 5048 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
18:50:42.0983 5048 KSecPkg - ok
18:50:43.0020 5048 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:50:43.0076 5048 ksthunk - ok
18:50:43.0120 5048 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:50:43.0161 5048 KtmRm - ok
18:50:43.0211 5048 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
18:50:43.0223 5048 LanmanServer - ok
18:50:43.0263 5048 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
18:50:43.0268 5048 LanmanWorkstation - ok
18:50:43.0476 5048 LightScribeService (47269f0de1e5089c6f23bc1ec48cfc31) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:50:43.0477 5048 LightScribeService - ok
18:50:43.0540 5048 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:50:43.0547 5048 lltdio - ok
18:50:43.0588 5048 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:50:43.0682 5048 lltdsvc - ok
18:50:43.0706 5048 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:50:43.0708 5048 lmhosts - ok
18:50:43.0778 5048 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:50:43.0802 5048 LSI_FC - ok
18:50:43.0849 5048 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:50:43.0862 5048 LSI_SAS - ok
18:50:43.0891 5048 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:50:43.0897 5048 LSI_SAS2 - ok
18:50:43.0943 5048 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:50:43.0945 5048 LSI_SCSI - ok
18:50:43.0982 5048 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:50:43.0990 5048 luafv - ok
18:50:44.0061 5048 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
18:50:44.0063 5048 Mcx2Svc - ok
18:50:44.0164 5048 mdvrmng - ok
18:50:44.0222 5048 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:50:44.0224 5048 megasas - ok
18:50:44.0256 5048 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:50:44.0267 5048 MegaSR - ok
18:50:44.0329 5048 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:50:44.0332 5048 MMCSS - ok
18:50:44.0367 5048 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:50:44.0453 5048 Modem - ok
18:50:44.0539 5048 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:50:44.0541 5048 monitor - ok
18:50:44.0616 5048 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:50:44.0728 5048 mouclass - ok
18:50:44.0777 5048 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:50:44.0833 5048 mouhid - ok
18:50:44.0864 5048 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:50:44.0866 5048 mountmgr - ok
18:50:44.0903 5048 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:50:44.0907 5048 mpio - ok
18:50:44.0927 5048 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:50:44.0940 5048 mpsdrv - ok
18:50:44.0984 5048 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
18:50:45.0008 5048 MpsSvc - ok
18:50:45.0040 5048 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:50:45.0076 5048 MRxDAV - ok
18:50:45.0116 5048 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:50:45.0123 5048 mrxsmb - ok
18:50:45.0171 5048 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:50:45.0178 5048 mrxsmb10 - ok
18:50:45.0201 5048 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:50:45.0212 5048 mrxsmb20 - ok
18:50:45.0254 5048 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
18:50:45.0260 5048 msahci - ok
18:50:45.0299 5048 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:50:45.0324 5048 msdsm - ok
18:50:45.0351 5048 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:50:45.0469 5048 MSDTC - ok
18:50:45.0512 5048 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:50:45.0515 5048 Msfs - ok
18:50:45.0567 5048 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:50:45.0634 5048 mshidkmdf - ok
18:50:45.0648 5048 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:50:45.0650 5048 msisadrv - ok
18:50:45.0703 5048 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:50:45.0741 5048 MSiSCSI - ok
18:50:45.0758 5048 msiserver - ok
18:50:45.0799 5048 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:50:45.0857 5048 MSKSSRV - ok
18:50:45.0902 5048 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:50:45.0936 5048 MSPCLOCK - ok
18:50:45.0961 5048 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:50:46.0000 5048 MSPQM - ok
18:50:46.0030 5048 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:50:46.0045 5048 MsRPC - ok
18:50:46.0086 5048 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:50:46.0086 5048 mssmbios - ok
18:50:46.0113 5048 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:50:46.0134 5048 MSTEE - ok
18:50:46.0165 5048 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:50:46.0208 5048 MTConfig - ok
18:50:46.0237 5048 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:50:46.0241 5048 Mup - ok
18:50:46.0282 5048 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
18:50:46.0295 5048 napagent - ok
18:50:46.0341 5048 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:50:46.0347 5048 NativeWifiP - ok
18:50:46.0466 5048 NAVENG - ok
18:50:46.0476 5048 NAVEX15 - ok
18:50:46.0577 5048 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:50:46.0603 5048 NDIS - ok
18:50:46.0645 5048 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:50:46.0679 5048 NdisCap - ok
18:50:46.0723 5048 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:50:46.0763 5048 NdisTapi - ok
18:50:46.0801 5048 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:50:46.0808 5048 Ndisuio - ok
18:50:46.0829 5048 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:50:46.0857 5048 NdisWan - ok
18:50:46.0881 5048 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:50:46.0918 5048 NDProxy - ok
18:50:46.0978 5048 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
18:50:46.0980 5048 Net Driver HPZ12 - ok
18:50:47.0020 5048 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:50:47.0022 5048 NetBIOS - ok
18:50:47.0043 5048 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:50:47.0048 5048 NetBT - ok
18:50:47.0095 5048 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:50:47.0096 5048 Netlogon - ok
18:50:47.0151 5048 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:50:47.0157 5048 Netman - ok
18:50:47.0182 5048 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:50:47.0191 5048 netprofm - ok
18:50:47.0257 5048 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:50:47.0263 5048 NetTcpPortSharing - ok
18:50:47.0491 5048 NETw1v64 (e72f4522801ffb8f0456924fb0017bff) C:\Windows\system32\DRIVERS\NETw1v64.sys
18:50:47.0793 5048 NETw1v64 - ok
18:50:48.0007 5048 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
18:50:48.0314 5048 NETw5s64 - ok
18:50:48.0476 5048 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
18:50:48.0804 5048 netw5v64 - ok
18:50:48.0883 5048 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:50:48.0884 5048 nfrd960 - ok
18:50:48.0962 5048 NIS (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
18:50:48.0966 5048 NIS - ok
18:50:49.0069 5048 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
18:50:49.0094 5048 NlaSvc - ok
18:50:49.0159 5048 nmwcdnsux64 (9573223e205907247ae6d948e3453770) C:\Windows\system32\drivers\nmwcdnsux64.sys
18:50:49.0341 5048 nmwcdnsux64 - ok
18:50:49.0509 5048 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:50:49.0543 5048 Npfs - ok
18:50:49.0563 5048 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:50:49.0592 5048 nsi - ok
18:50:49.0609 5048 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:50:49.0648 5048 nsiproxy - ok
18:50:49.0726 5048 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
18:50:49.0778 5048 Ntfs - ok
18:50:49.0806 5048 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:50:49.0839 5048 Null - ok
18:50:49.0894 5048 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
18:50:49.0911 5048 nvraid - ok
18:50:49.0966 5048 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
18:50:50.0000 5048 nvstor - ok
18:50:50.0033 5048 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:50:50.0139 5048 nv_agp - ok
18:50:50.0257 5048 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:50:50.0274 5048 odserv - ok
18:50:50.0309 5048 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:50:50.0349 5048 ohci1394 - ok
18:50:50.0442 5048 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:50:50.0446 5048 ose - ok
18:50:50.0487 5048 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:50:50.0492 5048 p2pimsvc - ok
18:50:50.0537 5048 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:50:50.0543 5048 p2psvc - ok
18:50:50.0582 5048 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:50:50.0613 5048 Parport - ok
18:50:50.0655 5048 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
18:50:50.0657 5048 partmgr - ok
18:50:50.0685 5048 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:50:50.0690 5048 PcaSvc - ok
18:50:50.0728 5048 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:50:50.0733 5048 pci - ok
18:50:50.0765 5048 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
18:50:50.0778 5048 pciide - ok
18:50:50.0816 5048 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:50:50.0912 5048 pcmcia - ok
18:50:50.0956 5048 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:50:50.0963 5048 pcw - ok
18:50:50.0997 5048 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:50:51.0010 5048 PEAUTH - ok
18:50:51.0080 5048 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:50:51.0116 5048 PerfHost - ok
18:50:51.0188 5048 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
18:50:51.0295 5048 pla - ok
18:50:51.0361 5048 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
18:50:51.0368 5048 PlugPlay - ok
18:50:51.0436 5048 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
18:50:51.0438 5048 Pml Driver HPZ12 - ok
18:50:51.0490 5048 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:50:51.0518 5048 PNRPAutoReg - ok
18:50:51.0552 5048 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:50:51.0555 5048 PNRPsvc - ok
18:50:51.0599 5048 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
18:50:51.0611 5048 PolicyAgent - ok
18:50:51.0648 5048 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:50:51.0652 5048 Power - ok
18:50:51.0715 5048 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:50:51.0750 5048 PptpMiniport - ok
18:50:51.0786 5048 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:50:51.0866 5048 Processor - ok
18:50:51.0909 5048 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
18:50:51.0924 5048 ProfSvc - ok
18:50:51.0970 5048 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:50:51.0972 5048 ProtectedStorage - ok
18:50:52.0018 5048 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:50:52.0021 5048 Psched - ok
18:50:52.0086 5048 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:50:52.0119 5048 ql2300 - ok
18:50:52.0149 5048 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:50:52.0154 5048 ql40xx - ok
18:50:52.0181 5048 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:50:52.0254 5048 QWAVE - ok
18:50:52.0274 5048 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:50:52.0279 5048 QWAVEdrv - ok
18:50:52.0302 5048 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:50:52.0333 5048 RasAcd - ok
18:50:52.0426 5048 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:50:52.0462 5048 RasAgileVpn - ok
18:50:52.0518 5048 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:50:52.0559 5048 RasAuto - ok
18:50:52.0610 5048 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:50:52.0660 5048 Rasl2tp - ok
18:50:52.0701 5048 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
18:50:52.0706 5048 RasMan - ok
18:50:52.0727 5048 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:50:52.0854 5048 RasPppoe - ok
18:50:52.0898 5048 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:50:52.0957 5048 RasSstp - ok
18:50:52.0990 5048 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:50:52.0995 5048 rdbss - ok
18:50:53.0025 5048 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:50:53.0079 5048 rdpbus - ok
18:50:53.0111 5048 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:50:53.0134 5048 RDPCDD - ok
18:50:53.0192 5048 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:50:53.0247 5048 RDPENCDD - ok
18:50:53.0272 5048 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:50:53.0281 5048 RDPREFMP - ok
18:50:53.0373 5048 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
18:50:53.0388 5048 RDPWD - ok
18:50:53.0421 5048 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
18:50:53.0432 5048 rdyboost - ok
18:50:53.0472 5048 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:50:53.0528 5048 RemoteAccess - ok
18:50:53.0564 5048 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:50:53.0604 5048 RemoteRegistry - ok
18:50:53.0699 5048 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:50:53.0703 5048 RichVideo - ok
18:50:53.0749 5048 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:50:53.0759 5048 RpcEptMapper - ok
18:50:53.0787 5048 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:50:53.0820 5048 RpcLocator - ok
18:50:53.0857 5048 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:50:53.0863 5048 RpcSs - ok
18:50:53.0918 5048 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:50:53.0954 5048 rspndr - ok
18:50:54.0019 5048 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\system32\Drivers\RtsUStor.sys
18:50:54.0073 5048 RSUSBSTOR - ok
18:50:54.0143 5048 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:50:54.0212 5048 RTL8167 - ok
18:50:54.0259 5048 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:50:54.0261 5048 SamSs - ok
18:50:54.0323 5048 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:50:54.0331 5048 sbp2port - ok
18:50:54.0428 5048 ScanUSBET (7ad81db1549878deeaaeced63981c8fc) C:\Windows\system32\DRIVERS\etScan64.sys
18:50:54.0572 5048 ScanUSBET - ok
18:50:54.0637 5048 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:50:54.0679 5048 SCardSvr - ok
18:50:54.0708 5048 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:50:54.0814 5048 scfilter - ok
18:50:54.0880 5048 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
18:50:54.0906 5048 Schedule - ok
18:50:54.0939 5048 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:50:54.0940 5048 SCPolicySvc - ok
18:50:55.0000 5048 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\drivers\sdbus.sys
18:50:55.0038 5048 sdbus - ok
18:50:55.0074 5048 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
18:50:55.0140 5048 SDRSVC - ok
18:50:55.0281 5048 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
18:50:55.0283 5048 SeaPort - ok
18:50:55.0368 5048 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:50:55.0370 5048 secdrv - ok
18:50:55.0418 5048 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
18:50:55.0450 5048 seclogon - ok
18:50:55.0511 5048 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:50:55.0513 5048 SENS - ok
18:50:55.0557 5048 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:50:55.0580 5048 SensrSvc - ok
18:50:55.0605 5048 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:50:55.0640 5048 Serenum - ok
18:50:55.0665 5048 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:50:55.0693 5048 Serial - ok
18:50:55.0731 5048 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:50:56.0321 5048 sermouse - ok
18:50:56.0406 5048 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
18:50:56.0410 5048 SessionEnv - ok
18:50:56.0473 5048 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:50:56.0511 5048 sffdisk - ok
18:50:56.0587 5048 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:50:56.0686 5048 sffp_mmc - ok
18:50:56.0733 5048 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
18:50:56.0763 5048 sffp_sd - ok
18:50:56.0812 5048 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:50:56.0877 5048 sfloppy - ok
18:50:56.0939 5048 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:50:56.0982 5048 SharedAccess - ok
18:50:57.0031 5048 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
18:50:57.0052 5048 ShellHWDetection - ok
18:50:57.0103 5048 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:50:57.0106 5048 SiSRaid2 - ok
18:50:57.0132 5048 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:50:57.0135 5048 SiSRaid4 - ok
18:50:57.0193 5048 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:50:57.0295 5048 Smb - ok
18:50:57.0507 5048 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:50:57.0628 5048 SNMPTRAP - ok
18:50:57.0664 5048 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:50:57.0685 5048 spldr - ok
18:50:57.0776 5048 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
18:50:57.0819 5048 Spooler - ok
18:50:57.0951 5048 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
18:50:57.0976 5048 sppsvc - ok
18:50:58.0034 5048 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:50:58.0120 5048 sppuinotify - ok
18:50:58.0230 5048 SRTSP (56979a80f6f9df788a8bfcc1603da40d) C:\Windows\system32\drivers\NISx64\1100000.088\SRTSP64.SYS
18:50:58.0358 5048 SRTSP - ok
18:50:58.0496 5048 SRTSPX (3c3d82bb245ad1cb00ed48cb2f4ab385) C:\Windows\system32\drivers\NISx64\1100000.088\SRTSPX64.SYS
18:50:58.0613 5048 SRTSPX - ok
18:50:58.0752 5048 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
18:50:58.0827 5048 srv - ok
18:50:58.0859 5048 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
18:50:58.0909 5048 srv2 - ok
18:50:58.0967 5048 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:50:59.0043 5048 SrvHsfHDA - ok
18:50:59.0102 5048 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:50:59.0304 5048 SrvHsfV92 - ok
18:50:59.0395 5048 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:50:59.0537 5048 SrvHsfWinac - ok
18:50:59.0901 5048 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
18:50:59.0975 5048 srvnet - ok
18:51:00.0084 5048 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:51:00.0088 5048 SSDPSRV - ok
18:51:00.0111 5048 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:51:00.0116 5048 SstpSvc - ok
18:51:00.0203 5048 STacSV (3bd758c56a55930cd6db89e3dedcf322) C:\Program Files\IDT\WDM\STacSV64.exe
18:51:00.0217 5048 STacSV - ok
18:51:00.0288 5048 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:51:00.0292 5048 stexstor - ok
18:51:00.0367 5048 STHDA (a3fb7ad8720d7e02aa0111a6b51c2744) C:\Windows\system32\DRIVERS\stwrt64.sys
18:51:00.0456 5048 STHDA - ok
18:51:00.0535 5048 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
18:51:00.0555 5048 stisvc - ok
18:51:00.0592 5048 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:51:00.0670 5048 swenum - ok
18:51:00.0708 5048 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:51:00.0799 5048 swprv - ok
18:51:00.0890 5048 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
18:51:00.0940 5048 SysMain - ok
18:51:00.0983 5048 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
18:51:01.0012 5048 TabletInputService - ok
18:51:01.0040 5048 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
18:51:01.0048 5048 TapiSrv - ok
18:51:01.0083 5048 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:51:01.0145 5048 TBS - ok
18:51:01.0286 5048 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
18:51:01.0346 5048 Tcpip - ok
18:51:01.0447 5048 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
18:51:01.0469 5048 TCPIP6 - ok
18:51:01.0511 5048 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:51:01.0512 5048 tcpipreg - ok
18:51:01.0559 5048 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:51:01.0603 5048 TDPIPE - ok
18:51:01.0641 5048 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
18:51:01.0644 5048 TDTCP - ok
18:51:01.0690 5048 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:51:01.0738 5048 tdx - ok
18:51:01.0781 5048 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:51:01.0827 5048 TermDD - ok
18:51:01.0880 5048 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
18:51:01.0897 5048 TermService - ok
18:51:01.0918 5048 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:51:01.0925 5048 Themes - ok
18:51:01.0951 5048 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:51:01.0953 5048 THREADORDER - ok
18:51:02.0036 5048 TomTomHOMEService (efef22b9577e5051057fde1ae381b50c) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
18:51:02.0038 5048 TomTomHOMEService - ok
18:51:02.0058 5048 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:51:02.0061 5048 TrkWks - ok
18:51:02.0095 5048 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
18:51:02.0111 5048 TrustedInstaller - ok
18:51:02.0149 5048 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:51:02.0155 5048 tssecsrv - ok
18:51:02.0202 5048 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:51:02.0223 5048 tunnel - ok
18:51:02.0251 5048 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:51:02.0287 5048 uagp35 - ok
18:51:02.0321 5048 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
18:51:02.0360 5048 udfs - ok
18:51:02.0399 5048 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:51:02.0482 5048 UI0Detect - ok
18:51:02.0532 5048 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:51:02.0560 5048 uliagpkx - ok
18:51:02.0613 5048 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:51:02.0631 5048 umbus - ok
18:51:02.0685 5048 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:51:02.0716 5048 UmPass - ok
18:51:02.0764 5048 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:51:02.0769 5048 upnphost - ok
18:51:02.0829 5048 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
18:51:02.0890 5048 USBAAPL64 - ok
18:51:02.0953 5048 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
18:51:03.0019 5048 usbccgp - ok
18:51:03.0055 5048 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:51:03.0110 5048 usbcir - ok
18:51:03.0146 5048 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
18:51:03.0203 5048 usbehci - ok
18:51:03.0271 5048 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
18:51:03.0331 5048 usbhub - ok
18:51:03.0360 5048 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
18:51:03.0386 5048 usbohci - ok
18:51:03.0432 5048 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:51:03.0457 5048 usbprint - ok
18:51:03.0517 5048 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:51:03.0555 5048 usbscan - ok
18:51:03.0606 5048 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:51:03.0646 5048 USBSTOR - ok
18:51:03.0674 5048 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:51:03.0720 5048 usbuhci - ok
18:51:03.0784 5048 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
18:51:03.0824 5048 usbvideo - ok
18:51:03.0864 5048 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:51:03.0866 5048 UxSms - ok
18:51:03.0911 5048 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:51:03.0913 5048 VaultSvc - ok
18:51:03.0975 5048 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:51:03.0982 5048 vdrvroot - ok
18:51:04.0023 5048 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
18:51:04.0098 5048 vds - ok
18:51:04.0134 5048 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:51:04.0168 5048 vga - ok
18:51:04.0195 5048 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:51:04.0232 5048 VgaSave - ok
18:51:04.0271 5048 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:51:04.0305 5048 vhdmp - ok
18:51:04.0335 5048 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:51:04.0337 5048 viaide - ok
18:51:04.0375 5048 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:51:04.0378 5048 volmgr - ok
18:51:04.0416 5048 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:51:04.0421 5048 volmgrx - ok
18:51:04.0476 5048 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:51:04.0482 5048 volsnap - ok
18:51:04.0558 5048 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:51:04.0562 5048 vsmraid - ok
18:51:04.0629 5048 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
18:51:04.0737 5048 VSS - ok
18:51:04.0768 5048 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:51:04.0820 5048 vwifibus - ok
18:51:04.0866 5048 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:51:04.0889 5048 vwififlt - ok
18:51:04.0929 5048 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:51:04.0945 5048 W32Time - ok
18:51:04.0987 5048 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:51:05.0131 5048 WacomPen - ok
18:51:05.0181 5048 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:51:05.0205 5048 WANARP - ok
18:51:05.0224 5048 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:51:05.0225 5048 Wanarpv6 - ok
18:51:05.0298 5048 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:51:05.0525 5048 WatAdminSvc - ok
18:51:05.0586 5048 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
18:51:05.0749 5048 wbengine - ok
18:51:05.0774 5048 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:51:05.0814 5048 WbioSrvc - ok
18:51:05.0866 5048 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
18:51:05.0909 5048 wcncsvc - ok
18:51:05.0934 5048 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:51:06.0009 5048 WcsPlugInService - ok
18:51:06.0057 5048 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:51:06.0059 5048 Wd - ok
18:51:06.0102 5048 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:51:06.0117 5048 Wdf01000 - ok
18:51:06.0138 5048 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:51:06.0142 5048 WdiServiceHost - ok
18:51:06.0153 5048 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:51:06.0155 5048 WdiSystemHost - ok
18:51:06.0220 5048 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
18:51:06.0256 5048 WebClient - ok
18:51:06.0286 5048 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:51:06.0339 5048 Wecsvc - ok
18:51:06.0369 5048 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:51:06.0372 5048 wercplsupport - ok
18:51:06.0417 5048 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:51:06.0476 5048 WerSvc - ok
18:51:06.0531 5048 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:51:06.0601 5048 WfpLwf - ok
18:51:06.0627 5048 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:51:06.0655 5048 WIMMount - ok
18:51:06.0721 5048 WinDefend - ok
18:51:06.0735 5048 WinHttpAutoProxySvc - ok
18:51:06.0798 5048 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:51:06.0802 5048 Winmgmt - ok
18:51:06.0870 5048 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
18:51:07.0012 5048 WinRM - ok
18:51:07.0114 5048 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
18:51:07.0147 5048 WinUsb - ok
18:51:07.0193 5048 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:51:07.0219 5048 Wlansvc - ok
18:51:07.0314 5048 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:51:07.0366 5048 wlidsvc - ok
18:51:07.0404 5048 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:51:07.0405 5048 WmiAcpi - ok
18:51:07.0470 5048 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:51:07.0505 5048 wmiApSrv - ok
18:51:07.0561 5048 WMPNetworkSvc - ok
18:51:07.0585 5048 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:51:07.0616 5048 WPCSvc - ok
18:51:07.0647 5048 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
18:51:07.0650 5048 WPDBusEnum - ok
18:51:07.0681 5048 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:51:07.0683 5048 ws2ifsl - ok
18:51:07.0727 5048 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
18:51:07.0730 5048 wscsvc - ok
18:51:07.0783 5048 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
18:51:07.0823 5048 WSDPrintDevice - ok
18:51:07.0837 5048 WSearch - ok
18:51:07.0916 5048 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
18:51:07.0967 5048 wuauserv - ok
18:51:07.0985 5048 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:51:07.0993 5048 WudfPf - ok
18:51:08.0044 5048 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:51:08.0069 5048 WUDFRd - ok
18:51:08.0098 5048 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
18:51:08.0101 5048 wudfsvc - ok
18:51:08.0129 5048 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:51:08.0135 5048 WwanSvc - ok
18:51:08.0185 5048 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
18:51:08.0235 5048 yukonw7 - ok
18:51:08.0299 5048 MBR (0x1B8) (5558862e67e04cc1be5f08c52e227ce6) \Device\Harddisk0\DR0
18:51:08.0328 5048 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
18:51:08.0328 5048 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
18:51:08.0361 5048 Boot (0x1200) (1c7edd4b575298d1239cbdd90ee8e94b) \Device\Harddisk0\DR0\Partition0
18:51:08.0362 5048 \Device\Harddisk0\DR0\Partition0 - ok
18:51:08.0378 5048 Boot (0x1200) (8c7d3705fae9cdf7a71a24d035f3b00b) \Device\Harddisk0\DR0\Partition1
18:51:08.0379 5048 \Device\Harddisk0\DR0\Partition1 - ok
18:51:08.0410 5048 Boot (0x1200) (93d5dc7a5bb56966710a011c822436ac) \Device\Harddisk0\DR0\Partition2
18:51:08.0411 5048 \Device\Harddisk0\DR0\Partition2 - ok
18:51:08.0415 5048 ============================================================
18:51:08.0415 5048 Scan finished
18:51:08.0415 5048 ============================================================
18:51:08.0430 1916 Detected object count: 1
18:51:08.0430 1916 Actual detected object count: 1
18:51:16.0593 1916 \Device\Harddisk0\DR0\# - copied to quarantine
18:51:16.0593 1916 \Device\Harddisk0\DR0 - copied to quarantine
18:51:16.0653 1916 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
18:51:16.0655 1916 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
18:51:16.0655 1916 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
18:51:16.0658 1916 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
18:51:16.0658 1916 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
18:51:16.0660 1916 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
18:51:16.0663 1916 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
18:51:16.0665 1916 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
18:51:16.0665 1916 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
18:51:16.0675 1916 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
18:51:16.0868 1916 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
18:51:16.0893 1916 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
18:51:16.0910 1916 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
18:51:16.0940 1916 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
18:51:16.0975 1916 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
18:51:17.0005 1916 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
18:51:17.0008 1916 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
18:51:17.0043 1916 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
18:51:17.0050 1916 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
18:51:17.0063 1916 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
18:51:17.0070 1916 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
18:51:17.0125 1916 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
18:51:17.0128 1916 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
18:51:17.0160 1916 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
18:51:17.0168 1916 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
18:51:17.0168 1916 \Device\Harddisk0\DR0 - ok
18:51:18.0887 1916 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
18:51:38.0613 4988 Deinitialize success

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-09 18:57:33
-----------------------------
18:57:33.336 OS Version: Windows x64 6.1.7600
18:57:33.336 Number of processors: 1 586 0x170A
18:57:33.336 ComputerName: BOBBY-PC UserName: Bobby
18:57:34.896 Initialize success
18:57:48.937 AVAST engine download error: 0
18:58:06.010 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:58:06.013 Disk 0 Vendor: WDC_WD1600BEKT-60V5T1 12.01A12 Size: 152627MB BusType: 11
18:58:06.020 Disk 0 MBR read successfully
18:58:06.023 Disk 0 MBR scan
18:58:06.023 Disk 0 unknown MBR code
18:58:06.030 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
18:58:06.040 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 139655 MB offset 409600
18:58:06.063 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12771 MB offset 286423040
18:58:06.108 Disk 0 scanning C:\Windows\system32\drivers
18:58:14.143 Service scanning
18:58:33.141 Modules scanning
18:58:33.141 Disk 0 trace - called modules:
18:58:33.153 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:58:33.153 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002725790]
18:58:33.153 3 CLASSPNP.SYS[fffff8800108a43f] -> nt!IofCallDriver -> [0xfffffa80022b73f0]
18:58:33.153 5 ACPI.sys[fffff88000f2d781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80022d1060]
18:58:33.153 Scan finished successfully
19:01:35.073 Disk 0 MBR has been saved successfully to "C:\Users\Bobby\Desktop\MBR.dat"
19:01:35.078 The log file has been saved successfully to "C:\Users\Bobby\Desktop\aswMBR.tx



Also, I have started having trouble with Google redirecting me again

Thanks, Bobby

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:55 PM

Posted 09 April 2012 - 04:25 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:55 PM

Posted 11 April 2012 - 11:21 PM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 bobbyam

bobbyam
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 13 April 2012 - 06:33 PM

hello, sorry just not had a chance to get online since doing it,
this is the log

ComboFix 12-04-07.04 - Bobby 10/04/2012 3:03.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.1979.857 [GMT 1:00]
Running from: c:\users\Bobby\Desktop\ComboFix2.exe
Command switches used :: c:\users\Bobby\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))
.
.
2012-04-10 02:14 . 2012-04-10 02:14 -------- d-----w- c:\users\Mcx1-BOBBY-PC\AppData\Local\temp
2012-04-10 02:14 . 2012-04-10 02:14 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-10 02:14 . 2012-04-10 02:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-09 17:51 . 2012-04-09 17:51 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-08 17:51 . 2012-04-08 18:28 -------- d-----w- C:\ComboFix
2012-04-08 17:35 . 2012-04-08 17:35 -------- d-----w- c:\users\Bobby\AppData\Roaming\AVG2012
2012-04-08 17:32 . 2012-04-10 01:04 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-08 17:32 . 2012-04-08 17:55 -------- d-----w- c:\programdata\AVG2012
2012-04-08 17:17 . 2012-04-10 01:04 -------- d-----w- c:\programdata\MFAData
2012-04-06 11:29 . 2012-04-06 11:29 -------- d-----w- c:\users\Bobby\AppData\Roaming\AVG9
2012-04-02 11:40 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2012-04-02 11:40 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2012-04-02 11:40 . 2008-10-15 05:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2012-04-02 11:40 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2012-04-02 11:40 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-04-02 11:40 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-04-02 01:59 . 2012-04-02 01:59 -------- d-----w- c:\windows\Hewlett-Packard
2012-03-30 04:58 . 2012-04-06 11:51 -------- d-----w- c:\program files (x86)\Driving Test Success - All Tests 2012 Edition
2012-03-29 10:34 . 2012-03-29 10:34 -------- d--h--w- c:\users\Bobby\AppData\Roaming\SPSSInc
2012-03-29 09:50 . 2012-04-02 01:28 -------- d-----w- c:\users\Bobby\AppData\Roaming\Birdstep Technology
2012-03-29 09:50 . 2011-03-23 15:17 10240 ----a-w- c:\windows\SysWow64\drivers\mdvrmng.sys
2012-03-29 09:50 . 2012-04-02 01:23 -------- d-----w- c:\program files (x86)\3 Mobile Broadband
2012-03-28 14:19 . 2012-03-28 14:19 -------- d--h--w- c:\users\Bobby\.spss
2012-03-28 14:19 . 2012-03-28 14:19 -------- d--h--w- c:\users\Bobby\AppData\Local\IBM
2012-03-28 14:18 . 2012-03-28 14:18 -------- d--h--w- c:\users\Bobby\AppData\Local\javasharedresources
2012-03-28 06:11 . 2012-04-02 01:24 -------- d-----w- c:\programdata\SafeNet Sentinel
2012-03-28 06:07 . 2012-04-02 01:23 -------- d-----w- c:\program files\Common Files\IBM
2012-03-28 06:04 . 2012-03-28 06:04 1025 ----a-w- c:\windows\SysWow64\sysprs7.dll
2012-03-28 05:25 . 2012-04-02 01:30 -------- d-----w- c:\users\Bobby\DownloadDirector
2012-03-15 09:31 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 09:31 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 09:31 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 14:14 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 14:14 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 14:14 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 14:14 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 14:14 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 14:14 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 14:14 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 14:14 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-14 14:14 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-14 14:14 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-14 14:14 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-14 14:13 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 14:13 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 14:13 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 14:13 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 14:13 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 14:13 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 14:13 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 04:25 . 2012-02-22 04:25 382032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-02-22 04:25 . 2012-02-22 04:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-01-31 03:46 . 2012-01-31 03:46 36944 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-08_19.24.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-07 02:31 . 2012-04-10 01:02 67704 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-10 01:02 64186 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-23 18:19 . 2012-04-10 01:02 23124 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-244227514-4094281926-1675698660-1001_UserData.bin
- 2012-04-08 19:21 . 2012-04-08 19:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-10 02:15 . 2012-04-10 02:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-08 19:21 . 2012-04-08 19:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-10 02:15 . 2012-04-10 02:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-08 18:47 628874 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-10 01:05 628874 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-10 01:05 119386 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-08 18:47 119386 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-08 19:20 355180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-10 02:15 355180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-01-01 15:50 . 2012-04-09 19:39 4708184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-244227514-4094281926-1675698660-1001-8192.dat
- 2009-07-14 02:34 . 2012-04-08 16:32 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-04-09 11:55 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Bobby\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Bobby\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Bobby\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA&inst=NwA3AC0ANAA1ADYANQA2ADkAMwA2ADEALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQAxADAAQQArADIALQBYAE8AOQArADEALQBGADkATQAyACsAMQAtAEQARABUACsAMQAyADcAOQA5AC0ARABEADkAMABGACsAMQAtAFMAVAA5ADAARgBBAFAAUAArADEALQBGADkAMABNADEAMgBEAE4AKwAxAC0AVABCAE4AKwAxAC0AVQA5ADUAKwAxAC0ATAA5ADAATQBJACsAMQAtAEYAOQAwAE0AMQAyAEkAVAArADEA&prod=90&ver=9.0.894" [?]
.
c:\users\Bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bobby\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 DCamUSBET;ET USB 2710 Camera;c:\windows\system32\DRIVERS\etDevice64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\DRIVERS\etFilter64.sys [x]
R3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\DRIVERS\etScan64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidseha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-10-23 89600]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-02-14 2316624]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2011-03-23 1740696]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-01-22 2230416]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2009-08-24 126392]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 11:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Bobby\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Bobby\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Bobby\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Bobby\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-07 171520]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-10-23 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-10 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-10 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-10 365592]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Giraffic\Veoh_Giraffic.exe
c:\program files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
c:\program files (x86)\AVG\AVG2012\avgcfgex.exe
.
**************************************************************************
.
Completion time: 2012-04-10 03:24:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-10 02:24
ComboFix2.txt 2012-04-08 19:46
.
Pre-Run: 83,294,511,104 bytes free
Post-Run: 82,882,547,712 bytes free
.
- - End Of File - - 3CEFAE445E139463377B720A1A5CAB54


I didn't have any problems running it and I don't seem to be getting redirected at the moment either

thanks, bobby

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:55 PM

Posted 13 April 2012 - 08:16 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 20
Java™ 6 Update 22
Java™ 6 Update 29
MP3 Rocket
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:55 PM

Posted 16 April 2012 - 12:33 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:55 PM

Posted 18 April 2012 - 11:27 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users