Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Consrv.dll returns on computer restart


  • This topic is locked This topic is locked
22 replies to this topic

#1 tina6409

tina6409

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 05 April 2012 - 08:25 AM

My computer has been infected with consrv.dll and I cannot remove it. Noticed that McAfee had been constantly asking to be updated and I found the consrv.dll virus when I started looking for a problem. I have tried several things over the course of the last few days. I ended up removing McAfee. I have run MBAM, TDSSKiller, avast! antirootkit standalone killer (which always stops working), Dr Web (which claimed to remove consrv.dll) and Combofix (which fixed some other issues). After every scan, I try to run aswMBR and it always crashes. I have not re-installed McAfee yet and am unable to activate Windows firewall. Computer is running Windows 7 64. Any help would be greatly appreciated!

DDS log below and

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Owner at 8:01:58 on 2012-04-05
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.1938 [GMT -5:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\MRT.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\consent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
uInternet Settings,ProxyOverride = *.local
BHO: MRI_DISABLED - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /c
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{4D09A7B5-2CD4-4935-9EC2-055718A056CA} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{4D09A7B5-2CD4-4935-9EC2-055718A056CA}\16C646F6723702E6564777F627B6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4D09A7B5-2CD4-4935-9EC2-055718A056CA}\2456C6B696E6F5E4B2F5339364236334 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{4D09A7B5-2CD4-4935-9EC2-055718A056CA}\546696E6B62373 : DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: MRI_DISABLED - No File
BHO-X64: HP Print Enhancer - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: HelloWorldBHO - No File
BHO-X64: HP Smart BHO Class - No File
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 227896]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 136176]
S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 136176]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-05 12:48:07 -------- d-----w- C:\$RECYCLE.BIN
2012-04-05 03:28:23 -------- d-----w- C:\342db4e9e4c8132dda5a1a5c67
2012-04-05 03:09:32 98816 ----a-w- C:\Windows\sed.exe
2012-04-05 03:09:32 518144 ----a-w- C:\Windows\SWREG.exe
2012-04-05 03:09:32 256000 ----a-w- C:\Windows\PEV.exe
2012-04-05 03:09:32 208896 ----a-w- C:\Windows\MBR.exe
2012-04-04 04:10:57 -------- d-----w- C:\Users\Owner\DoctorWeb
2012-04-03 22:14:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 01:13:33 -------- d-----we C:\Windows\system64
2012-04-02 00:38:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-28 00:39:52 -------- d-----w- C:\Users\Owner\AppData\Roaming\Weab
2012-03-28 00:39:52 -------- d-----w- C:\Users\Owner\AppData\Roaming\Oqvue
2012-03-10 21:14:38 -------- d-----w- C:\Users\Owner\AppData\Local\{49601C75-F619-4CE1-9B61-6DBD48A97584}
2012-03-10 21:14:25 -------- d-----w- C:\Users\Owner\AppData\Local\{9CEA901E-8F52-48E8-845D-8B27CE8E7720}
.
==================== Find3M ====================
.
2012-02-08 00:24:52 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-14 04:02:25 3143168 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 8:02:21.86 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:34 AM

Posted 05 April 2012 - 11:56 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 tina6409

tina6409
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 06 April 2012 - 08:26 AM

Thank you so much for the response! It's my dad's computer that I've been trying to fix and he's making me CRAZY! Here is the requested log.


Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 06-04-2012 08:21:34
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM\...\Run: [MRT] "C:\Windows\system32\MRT.exe" /R [56297240 2012-04-03] (Microsoft Corporation)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-11-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
HKU\Owner\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1668664 2009-07-15] (Hewlett-Packard)
HKU\Owner\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /c [307768 2011-11-06] ()
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

==================== Services (Whitelisted) ======

2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-01-21] ()
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]

========================== Drivers (Whitelisted) =============

3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
4 eabfiltr; [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-06 05:13 - 2012-04-06 08:21 - 0000000 ____D C:\FRST
2012-04-05 05:04 - 2012-04-05 05:04 - 0019576 ____A C:\Users\Owner\Desktop\Attach.txt
2012-04-05 05:04 - 2012-04-05 05:04 - 0013063 ____A C:\Users\Owner\Desktop\DDS.txt
2012-04-05 05:01 - 2012-04-05 05:01 - 0000000 ____A C:\Users\Owner\defogger_reenable
2012-04-05 04:55 - 2012-04-05 04:55 - 0011908 ____A C:\ComboFix.txt
2012-04-05 04:48 - 2012-04-05 04:48 - 0000000 ____D C:\$RECYCLE.BIN
2012-04-04 20:32 - 2012-04-04 20:32 - 0050940 ____A C:\Users\Owner\Desktop\OTL.Txt
2012-04-04 20:32 - 2012-04-04 20:32 - 0045652 ____A C:\Users\Owner\Desktop\Extras.Txt
2012-04-04 20:26 - 2012-04-04 20:26 - 4731392 ____A (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2012-04-04 20:22 - 2012-04-04 20:23 - 4456875 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2012-04-04 20:22 - 2012-04-04 20:22 - 0593920 ____A (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2012-04-04 19:28 - 2012-04-04 19:28 - 0000000 ____D C:\342db4e9e4c8132dda5a1a5c67
2012-04-04 19:26 - 2012-04-04 19:26 - 0065536 __ASH C:\Windows\System32\config\components{d1fc5e73-51ea-11e1-9069-00262db2fd2e}.TxR.blf
2012-04-04 19:09 - 2012-04-04 19:25 - 0000000 ____D C:\Windows\ERDNT
2012-04-04 19:09 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-04-04 19:09 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-04-04 19:09 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-04 19:09 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-04 19:09 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-04 19:09 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-04-04 19:09 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-04-04 19:09 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-04-04 19:06 - 2012-04-05 04:55 - 0000000 ____D C:\Qoobox
2012-04-03 20:10 - 2012-04-03 20:12 - 0000000 ____D C:\Users\Owner\DoctorWeb
2012-04-03 17:44 - 2012-04-03 17:45 - 0122236 ____A C:\TDSSKiller.2.7.25.0_03.04.2012_20.44.35_log.txt
2012-04-03 15:52 - 2012-04-03 15:53 - 0122266 ____A C:\TDSSKiller.2.7.25.0_03.04.2012_18.52.25_log.txt
2012-04-03 15:48 - 2012-04-03 15:48 - 0003304 ____N C:\bootsqm.dat
2012-04-03 14:28 - 2012-04-03 14:29 - 0122266 ____A C:\TDSSKiller.2.7.25.0_03.04.2012_17.28.26_log.txt
2012-04-03 14:26 - 2012-04-03 14:26 - 0277408 ____A C:\Windows\Minidump\040312-20124-01.dmp
2012-04-03 14:20 - 2012-04-03 14:22 - 0124618 ____A C:\TDSSKiller.2.7.25.0_03.04.2012_17.20.35_log.txt
2012-04-03 14:16 - 2012-04-03 14:18 - 0123588 ____A C:\TDSSKiller.2.7.25.0_03.04.2012_17.16.36_log.txt
2012-04-03 14:14 - 2012-04-03 14:21 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-03 14:13 - 2012-04-03 14:14 - 0125034 ____A C:\TDSSKiller.2.7.25.0_03.04.2012_17.13.25_log.txt
2012-04-03 00:03 - 2012-04-03 00:03 - 0000129 ____A C:\Windows\System32\MRT.INI
2012-04-02 18:47 - 2012-04-02 18:47 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-02 18:11 - 2012-04-04 20:09 - 0002488 ____A C:\Users\Owner\Desktop\unhide.txt
2012-04-02 17:53 - 2012-04-04 19:08 - 0000365 ____A C:\rkill.log
2012-04-02 17:13 - 2012-04-02 17:13 - 0000000 ____D C:\Windows\system64
2012-04-02 17:03 - 2012-04-06 05:03 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cd11358cf2b8f4.job
2012-04-02 17:03 - 2012-04-06 05:03 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd11358b0d203c.job
2012-04-02 15:42 - 2012-04-06 05:13 - 3435968 ____A C:\Windows\ntbtlog.txt
2012-04-02 15:42 - 2012-04-03 14:26 - 419056383 ____A C:\Windows\MEMORY.DMP
2012-04-02 15:42 - 2012-04-02 15:42 - 0277408 ____A C:\Windows\Minidump\040212-27549-01.dmp
2012-04-01 16:38 - 2012-04-02 18:47 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-01 02:41 - 2012-04-01 02:41 - 0000000 ____N C:\Users\All Users\-2lp5GImfM01hCK
2012-04-01 02:41 - 2012-04-01 02:41 - 0000000 ____N C:\ProgramData\-2lp5GImfM01hCK
2012-03-31 04:34 - 2012-04-03 14:26 - 0000000 ____D C:\Windows\Minidump
2012-03-27 16:39 - 2012-04-01 05:19 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Oqvue
2012-03-27 16:39 - 2012-03-30 17:03 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Weab
2012-03-27 16:36 - 2012-03-27 16:36 - 0000000 ____D C:\Windows\Sun
2012-03-10 13:14 - 2012-03-10 13:14 - 0000000 ____D C:\Users\Owner\AppData\Local\{9CEA901E-8F52-48E8-845D-8B27CE8E7720}
2012-03-10 13:14 - 2012-03-10 13:14 - 0000000 ____D C:\Users\Owner\AppData\Local\{49601C75-F619-4CE1-9B61-6DBD48A97584}

============ 3 Months Modified Files and Folders =============

2012-04-06 08:21 - 2012-04-06 05:13 - 0000000 ____D C:\FRST
2012-04-06 05:13 - 2012-04-02 15:42 - 3435968 ____A C:\Windows\ntbtlog.txt
2012-04-06 05:03 - 2012-04-02 17:03 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cd11358cf2b8f4.job
2012-04-06 05:03 - 2012-04-02 17:03 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd11358b0d203c.job
2012-04-06 05:03 - 2009-12-11 17:38 - 1679532 ____A C:\Windows\WindowsUpdate.log
2012-04-05 05:31 - 2009-07-13 20:45 - 0023248 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-05 05:31 - 2009-07-13 20:45 - 0023248 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-05 05:04 - 2012-04-05 05:04 - 0019576 ____A C:\Users\Owner\Desktop\Attach.txt
2012-04-05 05:04 - 2012-04-05 05:04 - 0013063 ____A C:\Users\Owner\Desktop\DDS.txt
2012-04-05 05:01 - 2012-04-05 05:01 - 0000000 ____A C:\Users\Owner\defogger_reenable
2012-04-05 05:01 - 2010-01-13 16:56 - 0000000 ____D C:\users\Owner
2012-04-05 04:55 - 2012-04-05 04:55 - 0011908 ____A C:\ComboFix.txt
2012-04-05 04:55 - 2012-04-04 19:06 - 0000000 ____D C:\Qoobox
2012-04-05 04:48 - 2012-04-05 04:48 - 0000000 ____D C:\$RECYCLE.BIN
2012-04-05 04:48 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-04-05 04:48 - 2009-07-13 18:34 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-04-05 04:47 - 2010-01-14 13:01 - 0232732 ____A C:\Windows\PFRO.log
2012-04-05 04:47 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-05 04:47 - 2009-07-13 20:51 - 0168936 ____A C:\Windows\setupact.log
2012-04-04 20:32 - 2012-04-04 20:32 - 0050940 ____A C:\Users\Owner\Desktop\OTL.Txt
2012-04-04 20:32 - 2012-04-04 20:32 - 0045652 ____A C:\Users\Owner\Desktop\Extras.Txt
2012-04-04 20:26 - 2012-04-04 20:26 - 4731392 ____A (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2012-04-04 20:23 - 2012-04-04 20:22 - 4456875 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2012-04-04 20:22 - 2012-04-04 20:22 - 0593920 ____A (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2012-04-04 20:09 - 2012-04-02 18:11 - 0002488 ____A C:\Users\Owner\Desktop\unhide.txt
2012-04-04 19:30 - 2009-07-13 21:13 - 0757718 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-04 19:28 - 2012-04-04 19:28 - 0000000 ____D C:\342db4e9e4c8132dda5a1a5c67
2012-04-04 19:28 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-04 19:28 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Default
2012-04-04 19:26 - 2012-04-04 19:26 - 0065536 __ASH C:\Windows\System32\config\components{d1fc5e73-51ea-11e1-9069-00262db2fd2e}.TxR.blf
2012-04-04 19:25 - 2012-04-04 19:09 - 0000000 ____D C:\Windows\ERDNT
2012-04-04 19:08 - 2012-04-02 17:53 - 0000365 ____A C:\rkill.log
2012-04-03 20:12 - 2012-04-03 20:10 - 0000000 ____D C:\Users\Owner\DoctorWeb
2012-04-03 17:45 - 2012-04-03 17:44 - 0122236 ____A C:\TDSSKiller.2.7.25.0_03.04.2012_20.44.35_log.txt
2012-04-03 17:41 - 2010-01-13 17:02 - 0000188 ____A C:\Users\All Users\HPWALog.txt
2012-04-03 17:41 - 2010-01-13 17:02 - 0000188 ____A C:\ProgramData\HPWALog.txt
2012-04-03 15:53 - 2012-04-03 15:52 - 0122266 ____A C:\TDSSKiller.2.7.25.0_03.04.2012_18.52.25_log.txt
2012-04-03 15:48 - 2012-04-03 15:48 - 0003304 ____N C:\bootsqm.dat
2012-04-03 14:29 - 2012-04-03 14:28 - 0122266 ____A C:\TDSSKiller.2.7.25.0_03.04.2012_17.28.26_log.txt
2012-04-03 14:26 - 2012-04-03 14:26 - 0277408 ____A C:\Windows\Minidump\040312-20124-01.dmp
2012-04-03 14:26 - 2012-04-02 15:42 - 419056383 ____A C:\Windows\MEMORY.DMP
2012-04-03 14:26 - 2012-03-31 04:34 - 0000000 ____D C:\Windows\Minidump
2012-04-03 14:22 - 2012-04-03 14:20 - 0124618 ____A C:\TDSSKiller.2.7.25.0_03.04.2012_17.20.35_log.txt
2012-04-03 14:21 - 2012-04-03 14:14 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-03 14:18 - 2012-04-03 14:16 - 0123588 ____A C:\TDSSKiller.2.7.25.0_03.04.2012_17.16.36_log.txt
2012-04-03 14:14 - 2012-04-03 14:13 - 0125034 ____A C:\TDSSKiller.2.7.25.0_03.04.2012_17.13.25_log.txt
2012-04-03 02:02 - 2011-12-29 17:09 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2012-04-03 00:03 - 2012-04-03 00:03 - 0000129 ____A C:\Windows\System32\MRT.INI
2012-04-03 00:01 - 2010-01-14 00:17 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-02 20:48 - 2011-12-30 15:46 - 0000000 ____D C:\Users\All Users\McAfee
2012-04-02 20:48 - 2011-12-30 15:46 - 0000000 ____D C:\ProgramData\McAfee
2012-04-02 20:29 - 2009-07-13 20:54 - 0000174 __ASH C:\Users\All Users\Start Menu\Programs\Startup\desktop.ini
2012-04-02 20:22 - 2009-12-11 17:53 - 0000000 ____D C:\Users\All Users\Recovery
2012-04-02 20:22 - 2009-12-11 17:53 - 0000000 ____D C:\ProgramData\Recovery
2012-04-02 20:10 - 2011-04-16 16:57 - 0000332 ____A C:\Windows\Tasks\HPCeeScheduleForOwner.job
2012-04-02 18:47 - 2012-04-02 18:47 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-02 18:47 - 2012-04-01 16:38 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-02 17:24 - 2009-12-11 17:37 - 0000000 ____D C:\Windows\SysWOW64\x64
2012-04-02 17:24 - 2009-12-11 17:37 - 0000000 ____D C:\Windows\SysWOW64\Lang
2012-04-02 17:24 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-04-02 17:24 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-04-02 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\TAPI
2012-04-02 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2012-04-02 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-04-02 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ias
2012-04-02 17:23 - 2011-05-15 18:29 - 0000000 ____D C:\Windows\en
2012-04-02 17:23 - 2010-02-06 13:00 - 0000000 ____D C:\Users\Owner\AppData\Local\QuickPlay
2012-04-02 17:23 - 2010-02-06 11:17 - 0000000 ____D C:\Users\Public\CyberLink
2012-04-02 17:23 - 2010-02-06 11:17 - 0000000 ____D C:\Users\Owner\AppData\Roaming\CyberLink
2012-04-02 17:23 - 2010-01-13 19:25 - 0000000 ____D C:\Windows\LMI5996.tmp
2012-04-02 17:23 - 2009-08-17 12:33 - 0000000 ____D C:\Windows\Downloaded Installations
2012-04-02 17:23 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\Setup
2012-04-02 17:23 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2012-04-02 17:23 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-04-02 17:23 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-04-02 17:22 - 2012-02-06 05:25 - 0000000 ____D C:\Users\All Users\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-04-02 17:22 - 2012-02-06 05:25 - 0000000 ____D C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-04-02 17:22 - 2011-12-29 17:09 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-04-02 17:22 - 2011-12-29 17:09 - 0000000 ____D C:\Users\All Users\Skype
2012-04-02 17:22 - 2011-12-29 17:09 - 0000000 ____D C:\ProgramData\Skype
2012-04-02 17:22 - 2011-12-11 12:27 - 0000000 ____D C:\Program Files (x86)\Safari
2012-04-02 17:22 - 2011-12-11 12:27 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-04-02 17:22 - 2011-12-11 12:25 - 0000000 ____D C:\Program Files\iTunes
2012-04-02 17:22 - 2011-12-11 12:25 - 0000000 ____D C:\Program Files\iPod
2012-04-02 17:22 - 2011-12-11 12:25 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-02 17:22 - 2011-11-05 09:34 - 0000000 ____D C:\Program Files\Bonjour
2012-04-02 17:22 - 2011-10-23 03:54 - 0000000 ____D C:\Users\All Users\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2012-04-02 17:22 - 2011-10-23 03:54 - 0000000 ____D C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2012-04-02 17:22 - 2011-06-26 04:32 - 0000000 ____D C:\Users\All Users\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
2012-04-02 17:22 - 2011-06-26 04:32 - 0000000 ____D C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
2012-04-02 17:22 - 2011-05-15 18:27 - 0000000 ____D C:\Program Files\Windows Live
2012-04-02 17:22 - 2010-12-18 04:28 - 0000000 ____D C:\Users\All Users\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2012-04-02 17:22 - 2010-12-18 04:28 - 0000000 ____D C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2012-04-02 17:22 - 2010-06-26 15:12 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-04-02 17:22 - 2010-06-26 15:12 - 0000000 ____D C:\ProgramData\Apple Computer
2012-04-02 17:22 - 2010-06-26 15:11 - 0000000 ____D C:\Users\All Users\Apple
2012-04-02 17:22 - 2010-06-26 15:11 - 0000000 ____D C:\ProgramData\Apple
2012-04-02 17:22 - 2010-06-26 15:11 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-04-02 17:22 - 2010-04-21 16:29 - 0000000 ____D C:\Users\All Users\{DA06AA03-DF24-4ECE-939E-1B0939235C66}
2012-04-02 17:22 - 2010-04-21 16:29 - 0000000 ____D C:\ProgramData\{DA06AA03-DF24-4ECE-939E-1B0939235C66}
2012-04-02 17:22 - 2010-04-13 14:44 - 0000000 ____D C:\Program Files (x86)\Rhapsody
2012-04-02 17:22 - 2010-03-21 16:38 - 0000000 ____D C:\Users\All Users\{657095DF-DBDB-4B17-8245-B38845C97069}
2012-04-02 17:22 - 2010-03-21 16:38 - 0000000 ____D C:\ProgramData\{657095DF-DBDB-4B17-8245-B38845C97069}
2012-04-02 17:22 - 2010-02-12 17:21 - 0000000 ____D C:\Users\All Users\{B0689242-B0A0-4F2C-83E0-F3E560357B90}
2012-04-02 17:22 - 2010-02-12 17:21 - 0000000 ____D C:\ProgramData\{B0689242-B0A0-4F2C-83E0-F3E560357B90}
2012-04-02 17:22 - 2010-01-18 16:18 - 0000000 ____D C:\Users\Owner\AppData\Local\Downloaded Installations
2012-04-02 17:22 - 2010-01-13 17:01 - 0000000 ____D C:\Users\Owner\AppData\Local\Hewlett-Packard_Company
2012-04-02 17:22 - 2010-01-13 17:01 - 0000000 ____D C:\Users\Owner\AppData\Local\Hewlett-Packard
2012-04-02 17:22 - 2009-12-11 17:37 - 0000000 ____D C:\Program Files\CONEXANT
2012-04-02 17:22 - 2009-12-11 17:36 - 0000000 ____D C:\Program Files\Synaptics
2012-04-02 17:22 - 2009-08-17 12:55 - 0000000 ____D C:\Program Files (x86)\NetZeroPreloader
2012-04-02 17:22 - 2009-08-17 12:55 - 0000000 ____D C:\Program Files (x86)\JunoPreloader
2012-04-02 17:22 - 2009-08-17 12:33 - 0000000 ____D C:\Program Files (x86)\HP
2012-04-02 17:22 - 2009-08-17 12:15 - 0000000 ____D C:\Users\All Users\CyberLink
2012-04-02 17:22 - 2009-08-17 12:15 - 0000000 ____D C:\ProgramData\CyberLink
2012-04-02 17:22 - 2009-08-17 11:30 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-04-02 17:22 - 2009-08-17 11:10 - 0000000 ___RD C:\Program Files (x86)\Online Services
2012-04-02 17:22 - 2009-08-17 11:10 - 0000000 ____D C:\Users\All Users\WildTangent
2012-04-02 17:22 - 2009-08-17 11:10 - 0000000 ____D C:\ProgramData\WildTangent
2012-04-02 17:22 - 2009-08-17 11:10 - 0000000 ____D C:\Program Files (x86)\HP Games
2012-04-02 17:22 - 2009-08-17 10:34 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-04-02 17:22 - 2009-08-17 10:33 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-04-02 17:22 - 2009-08-17 10:30 - 0000000 ____D C:\Users\All Users\Hewlett-Packard
2012-04-02 17:22 - 2009-08-17 10:30 - 0000000 ____D C:\ProgramData\Hewlett-Packard
2012-04-02 17:22 - 2009-08-17 10:29 - 0000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2012-04-02 17:22 - 2009-08-17 10:27 - 0000000 ____D C:\Program Files\Hewlett-Packard
2012-04-02 17:22 - 2009-07-16 15:15 - 0000000 ____D C:\SYSTEM.SAV
2012-04-02 17:22 - 2009-07-16 15:15 - 0000000 ____D C:\SwSetup
2012-04-02 17:22 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Microsoft Games
2012-04-02 17:22 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-04-02 17:21 - 2011-11-05 09:34 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-04-02 17:21 - 2011-06-12 15:58 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-04-02 17:21 - 2009-12-11 17:35 - 0000000 ____D C:\Program Files (x86)\Atheros
2012-04-02 17:21 - 2009-08-17 12:15 - 0000000 ____D C:\Program Files (x86)\CyberLink
2012-04-02 17:21 - 2009-08-17 10:27 - 0000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-04-02 17:17 - 2009-08-17 11:08 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-04-02 17:17 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\winrm
2012-04-02 17:17 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-04-02 17:17 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-04-02 17:17 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-04-02 17:17 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-04-02 17:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Web
2012-04-02 17:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Vss
2012-04-02 17:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2012-04-02 17:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-04-02 17:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\NetworkList
2012-04-02 17:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-04-02 17:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2012-04-02 17:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-04-02 17:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-04-02 17:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-04-02 17:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-04-02 17:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-04-02 17:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-02 17:13 - 2012-04-02 17:13 - 0000000 ____D C:\Windows\system64
2012-04-02 17:13 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Performance
2012-04-02 17:13 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\ServiceProfiles
2012-04-02 17:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Speech
2012-04-02 17:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\schemas
2012-04-02 17:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Resources
2012-04-02 17:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-04-02 17:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PLA
2012-04-02 17:09 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-04-02 17:09 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Globalization
2012-04-02 17:09 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Branding
2012-04-02 17:05 - 2010-01-13 17:07 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2012-04-02 17:05 - 2010-01-13 17:01 - 0000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
2012-04-02 17:05 - 2010-01-13 16:56 - 0000000 ____D C:\Users\Owner\AppData\LocalLow
2012-04-02 16:59 - 2010-06-26 15:12 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-02 16:59 - 2010-06-26 15:12 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-02 16:57 - 2011-08-14 12:39 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-02 16:57 - 2011-08-14 12:39 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-02 16:57 - 2010-01-18 16:19 - 0000000 ____D C:\Users\All Users\Rosetta Stone
2012-04-02 16:57 - 2010-01-18 16:19 - 0000000 ____D C:\ProgramData\Rosetta Stone
2012-04-02 16:57 - 2009-08-17 12:04 - 0000000 ____D C:\Users\All Users\Adobe
2012-04-02 16:57 - 2009-08-17 12:04 - 0000000 ____D C:\ProgramData\Adobe
2012-04-02 16:56 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-04-02 16:56 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-04-02 16:56 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Reference Assemblies
2012-04-02 16:56 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\MSBuild
2012-04-02 16:56 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Windows NT
2012-04-02 16:55 - 2009-08-17 12:57 - 0000000 ____D C:\Program Files\Java
2012-04-02 16:55 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-04-02 16:55 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-04-02 16:55 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-04-02 16:55 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-04-02 16:55 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-04-02 16:54 - 2010-02-06 12:01 - 0000000 ____D C:\Program Files (x86)\Sony
2012-04-02 16:54 - 2009-12-11 18:07 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-04-02 16:54 - 2009-08-17 11:09 - 0000000 ____D C:\Program Files (x86)\Realtek
2012-04-02 16:54 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-04-02 16:54 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-04-02 16:54 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-04-02 16:53 - 2009-08-17 12:56 - 0000000 ____D C:\Program Files (x86)\Java
2012-04-02 16:53 - 2009-08-17 11:31 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-04-02 16:51 - 2010-12-12 15:40 - 0000000 ____D C:\Program Files (x86)\Google
2012-04-02 16:48 - 2009-08-17 12:03 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-02 16:48 - 2009-08-17 11:12 - 0000000 ____D C:\HP
2012-04-02 15:42 - 2012-04-02 15:42 - 0277408 ____A C:\Windows\Minidump\040212-27549-01.dmp
2012-04-02 15:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-01 17:08 - 2009-12-11 17:36 - 0000000 ____D C:\Program Files (x86)\Intel
2012-04-01 05:19 - 2012-03-27 16:39 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Oqvue
2012-04-01 02:41 - 2012-04-01 02:41 - 0000000 ____N C:\Users\All Users\-2lp5GImfM01hCK
2012-04-01 02:41 - 2012-04-01 02:41 - 0000000 ____N C:\ProgramData\-2lp5GImfM01hCK
2012-03-30 17:03 - 2012-03-27 16:39 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Weab
2012-03-27 16:36 - 2012-03-27 16:36 - 0000000 ____D C:\Windows\Sun
2012-03-23 01:37 - 2010-01-30 04:57 - 0013174 ____N C:\Users\Owner\AppData\Roaming\wklnhst.dat
2012-03-10 13:14 - 2012-03-10 13:14 - 0000000 ____D C:\Users\Owner\AppData\Local\{9CEA901E-8F52-48E8-845D-8B27CE8E7720}
2012-03-10 13:14 - 2012-03-10 13:14 - 0000000 ____D C:\Users\Owner\AppData\Local\{49601C75-F619-4CE1-9B61-6DBD48A97584}
2012-03-07 02:23 - 2011-05-15 18:15 - 0000000 ____D C:\Users\Owner\AppData\Local\Windows Live
2012-03-04 05:39 - 2012-03-04 05:39 - 0015279 ____N C:\Users\Owner\Desktop\Cliff resume A.docx
2012-03-02 17:14 - 2012-03-02 17:14 - 0020480 ____N C:\Users\Owner\Desktop\Cliff resume A.wps
2012-03-01 17:20 - 2012-03-01 17:20 - 0015113 ____N C:\Users\Owner\Desktop\Copy_of_Cliff's_resue.docx
2012-02-17 03:59 - 2010-01-13 17:01 - 0000174 ___SH C:\Users\Owner\Start Menu\Programs\Startup\desktop.ini
2012-02-17 03:59 - 2010-01-13 17:01 - 0000174 ___SH C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-17 03:58 - 2009-07-13 20:45 - 0331472 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-15 15:51 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-02-15 05:31 - 2010-02-06 13:00 - 0000021 ____N C:\Users\All Users\hpqp.txt
2012-02-15 05:31 - 2010-02-06 13:00 - 0000021 ____N C:\ProgramData\hpqp.txt
2012-02-14 13:32 - 2012-02-14 13:32 - 0001632 ____A C:\Users\Owner\Downloads\current_email_in_html.html
2012-02-11 07:17 - 2010-02-06 05:49 - 0000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-02-11 07:16 - 2011-11-05 09:49 - 0000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-02-10 13:33 - 2012-02-10 13:33 - 0017270 ____A C:\Users\Owner\Documents\Resume_EF_2012.docx
2012-02-08 14:06 - 2012-02-08 04:05 - 0000000 ____D C:\Users\Owner\Documents\Thai Lessons 300 Words
2012-02-08 06:20 - 2012-02-08 06:20 - 0016859 ____N C:\Users\Owner\Desktop\Resume EF 2012.docx
2012-02-07 17:42 - 2010-01-13 17:02 - 0079864 ____N C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-07 16:24 - 2012-02-07 16:24 - 0000000 ____D C:\Windows\System32\Macromed
2012-02-07 16:24 - 2011-06-12 16:03 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-02-06 16:12 - 2012-02-06 16:12 - 0000000 ____D C:\Users\All Users\F4D55F3B00018363000C11D3A60145BE
2012-02-06 16:12 - 2012-02-06 16:12 - 0000000 ____D C:\ProgramData\F4D55F3B00018363000C11D3A60145BE
2012-01-30 17:21 - 2012-01-30 17:21 - 0013389 ____N C:\Users\Owner\Desktop\Pros and cons.docx 1.docx
2012-01-29 10:48 - 2012-01-29 10:48 - 0000000 ____D C:\Program Files (x86)\Axis Communications
2012-01-26 13:25 - 2012-01-26 13:25 - 0027136 ____N C:\Users\Owner\Desktop\Resume_EF_2011.wps
2012-01-25 16:41 - 2012-01-25 16:41 - 0017078 ____A C:\Users\Owner\Documents\Resume_EF_2011.docx
2012-01-25 16:40 - 2012-01-25 16:40 - 0027648 ____N C:\Users\Owner\Desktop\Resume_EF_2010 ab.wps
2012-01-25 11:50 - 2012-01-25 11:50 - 0000000 ____D C:\Users\Owner\AppData\Local\{F9A85112-B2CA-4632-A306-B2EAA32A3DBA}
2012-01-25 11:50 - 2012-01-25 11:50 - 0000000 ____D C:\Users\Owner\AppData\Local\{BE511D6A-E7C9-4FCA-BC20-77D4D468D48A}
2012-01-23 09:24 - 2012-01-23 09:23 - 0000000 ____D C:\Users\Owner\AppData\Local\{1A715AF7-2C53-4FC8-9B43-BE64A970459F}
2012-01-23 09:23 - 2012-01-23 09:23 - 0000000 ____D C:\Users\Owner\AppData\Local\{5B873001-D36C-423F-82F6-AC3E97130131}
2012-01-19 16:03 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-01-16 17:18 - 2012-01-16 17:18 - 0017408 ____A C:\Users\Owner\Documents\Cover letter BASF.wps
2012-01-13 20:02 - 2012-02-16 10:16 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-11 03:05 - 2009-07-13 21:08 - 0032654 ____A C:\Windows\Tasks\SCHEDLGU.TXT

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 21%
Total physical RAM: 3003.19 MB
Available physical RAM: 2354.32 MB
Total Pagefile: 3001.34 MB
Available Pagefile: 2339.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:285.98 GB) (Free:197.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:11.91 GB) (Free:2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Removable) (Total:7.45 GB) (Free:4.16 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7633 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 285 GB 200 MB
Partition 3 Primary 11 GB 286 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 285 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 11 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 7633 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-02 22:19

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:34 AM

Posted 06 April 2012 - 01:17 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 tina6409

tina6409
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 06 April 2012 - 02:57 PM

Combofix log below. Haven't tried to run any programs so I have not noticed any problems other than with the keyboard. Whenever I type, random letters keep inserting themselves into my message.

ComboFix 12-04-04.02 - Owner 04/06/2012 14:38:01.4.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.2401 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 19:45 . 2012-04-06 19:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 13:13 . 2012-04-06 16:22 -------- d-----w- C:\FRST
2012-04-05 03:28 . 2012-04-05 03:28 -------- d-----w- C:\342db4e9e4c8132dda5a1a5c67
2012-04-04 04:10 . 2012-04-04 04:12 -------- d-----w- c:\users\Owner\DoctorWeb
2012-04-03 22:14 . 2012-04-03 22:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 01:13 . 2012-04-03 01:13 -------- d-----we c:\windows\system64
2012-04-02 00:38 . 2012-04-03 02:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-28 00:39 . 2012-04-01 13:19 -------- d-----w- c:\users\Owner\AppData\Roaming\Oqvue
2012-03-28 00:39 . 2012-03-31 01:03 -------- d-----w- c:\users\Owner\AppData\Roaming\Weab
2012-03-28 00:36 . 2012-03-28 00:36 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 00:24 . 2011-06-13 00:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-14 04:02 . 2012-02-16 18:16 3143168 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-05_03.57.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-17 18:30 . 2012-04-05 12:49 46134 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-05 12:49 64720 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-14 00:57 . 2012-04-05 12:49 12718 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-506606629-1344249172-2621164067-1000_UserData.bin
+ 2009-12-12 01:39 . 2012-04-05 12:52 32768 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-12 01:39 . 2012-04-03 22:27 32768 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-12 01:39 . 2012-04-03 22:27 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-12 01:39 . 2012-04-05 12:52 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-03 22:27 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-05 12:52 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-17 18:30 . 2012-04-05 12:49 46134 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-05 12:49 64720 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-14 00:57 . 2012-04-05 12:49 12718 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-506606629-1344249172-2621164067-1000_UserData.bin
- 2009-12-12 01:39 . 2012-04-03 22:27 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-12 01:39 . 2012-04-05 12:52 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-12 01:39 . 2012-04-03 22:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-12 01:39 . 2012-04-05 12:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-03 22:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-05 12:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-04-05 13:26 80504 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-04-05 03:56 . 2012-04-05 03:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-06 19:46 . 2012-04-06 19:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-06 19:46 . 2012-04-06 19:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-05 03:56 . 2012-04-05 03:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-14 02:38 . 2012-04-06 13:03 329890 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2010-01-14 02:38 . 2012-04-06 13:03 329890 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:01 . 2012-04-06 13:03 289492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-04 03:43 289492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-05-18 00:33 . 2012-04-03 22:14 2419988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-506606629-1344249172-2621164067-1000-8192.dat
+ 2011-05-18 00:33 . 2012-04-06 13:03 2419988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-506606629-1344249172-2621164067-1000-8192.dat
+ 2011-05-18 00:33 . 2012-04-06 13:03 37902652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-506606629-1344249172-2621164067-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-11-06 307768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-2-6 385024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 21:50 54576 ----a-w- c:\program files (x86)\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-24 16:07 323640 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2009-06-24 06:34 468264 ----a-w- c:\program files (x86)\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 10:17 149280 ----a-w- c:\program files (x86)\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-02-18 05:21 218408 ----a-w- c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePRCShortCut]
2009-05-20 05:16 222504 ----a-w- c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2010-03-23 18:47 500792 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 136176]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 136176]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd11358b0d203c.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 23:40]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cd11358cf2b8f4.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 23:40]
.
2012-04-03 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 10:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"MRT"="c:\windows\system32\MRT.exe" [2012-04-03 56297240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-06 14:51:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-06 19:51
ComboFix2.txt 2012-04-05 12:55
ComboFix3.txt 2012-04-05 04:04
ComboFix4.txt 2012-04-05 03:28
.
Pre-Run: 212,027,052,032 bytes free
Post-Run: 211,943,464,960 bytes free
.
- - End Of File - - 5F4AF2DD8DFFF8971E556DC7DDB3F38A

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:34 AM

Posted 06 April 2012 - 03:30 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 tina6409

tina6409
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 06 April 2012 - 08:36 PM

No problems running either TDSSKiller or aswMBR. I ran the Quick Scan option on aswMBR. Wasn't sure if I was supposed to run some other type of scan there. Reports attached.

20:32:19.0109 0112 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
20:32:19.0453 0112 ============================================================
20:32:19.0453 0112 Current date / time: 2012/04/06 20:32:19.0453
20:32:19.0453 0112 SystemInfo:
20:32:19.0453 0112
20:32:19.0453 0112 OS Version: 6.1.7600 ServicePack: 0.0
20:32:19.0453 0112 Product type: Workstation
20:32:19.0453 0112 ComputerName: OWNER-PC
20:32:19.0453 0112 UserName: Owner
20:32:19.0453 0112 Windows directory: C:\Windows
20:32:19.0453 0112 System windows directory: C:\Windows
20:32:19.0453 0112 Running under WOW64
20:32:19.0453 0112 Processor architecture: Intel x64
20:32:19.0453 0112 Number of processors: 2
20:32:19.0453 0112 Page size: 0x1000
20:32:19.0453 0112 Boot type: Safe boot with network
20:32:19.0453 0112 ============================================================
20:32:20.0545 0112 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x1E4843, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x5, Type 'K0', Flags 0x00000040
20:32:20.0560 0112 Drive \Device\Harddisk1\DR1 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:32:20.0560 0112 \Device\Harddisk0\DR0:
20:32:20.0560 0112 MBR used
20:32:20.0560 0112 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:32:20.0560 0112 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23BF8000
20:32:20.0560 0112 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23C5C000, BlocksNum 0x17D2000
20:32:20.0560 0112 \Device\Harddisk1\DR1:
20:32:20.0560 0112 MBR used
20:32:20.0560 0112 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0
20:32:20.0607 0112 Initialize success
20:32:20.0607 0112 ============================================================
20:32:27.0611 1540 ============================================================
20:32:27.0611 1540 Scan started
20:32:27.0611 1540 Mode: Manual;
20:32:27.0611 1540 ============================================================
20:32:28.0235 1540 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
20:32:28.0235 1540 1394ohci - ok
20:32:28.0298 1540 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
20:32:28.0298 1540 ACPI - ok
20:32:28.0313 1540 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
20:32:28.0313 1540 AcpiPmi - ok
20:32:28.0438 1540 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:32:28.0438 1540 AdobeARMservice - ok
20:32:28.0547 1540 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:32:28.0547 1540 adp94xx - ok
20:32:28.0625 1540 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:32:28.0625 1540 adpahci - ok
20:32:28.0657 1540 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:32:28.0657 1540 adpu320 - ok
20:32:28.0703 1540 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:32:28.0703 1540 AeLookupSvc - ok
20:32:28.0781 1540 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
20:32:28.0781 1540 AFD - ok
20:32:28.0828 1540 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
20:32:28.0828 1540 agp440 - ok
20:32:28.0859 1540 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:32:28.0859 1540 ALG - ok
20:32:28.0937 1540 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
20:32:28.0937 1540 aliide - ok
20:32:28.0969 1540 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
20:32:28.0969 1540 amdide - ok
20:32:29.0015 1540 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:32:29.0015 1540 AmdK8 - ok
20:32:29.0047 1540 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:32:29.0047 1540 AmdPPM - ok
20:32:29.0125 1540 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
20:32:29.0125 1540 amdsata - ok
20:32:29.0171 1540 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:32:29.0171 1540 amdsbs - ok
20:32:29.0203 1540 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
20:32:29.0203 1540 amdxata - ok
20:32:29.0234 1540 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:32:29.0234 1540 AppID - ok
20:32:29.0281 1540 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:32:29.0281 1540 AppIDSvc - ok
20:32:29.0296 1540 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
20:32:29.0296 1540 Appinfo - ok
20:32:29.0421 1540 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:32:29.0421 1540 Apple Mobile Device - ok
20:32:29.0530 1540 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:32:29.0530 1540 arc - ok
20:32:29.0546 1540 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:32:29.0546 1540 arcsas - ok
20:32:29.0593 1540 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:32:29.0593 1540 AsyncMac - ok
20:32:29.0624 1540 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
20:32:29.0624 1540 atapi - ok
20:32:29.0717 1540 athr (96abf88241f90ff647e55c934c55c2f1) C:\Windows\system32\DRIVERS\athrx.sys
20:32:29.0780 1540 athr - ok
20:32:29.0827 1540 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:32:29.0842 1540 AudioEndpointBuilder - ok
20:32:29.0858 1540 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:32:29.0858 1540 AudioSrv - ok
20:32:29.0873 1540 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
20:32:29.0873 1540 AxInstSV - ok
20:32:29.0920 1540 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:32:29.0920 1540 b06bdrv - ok
20:32:29.0951 1540 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:32:29.0951 1540 b57nd60a - ok
20:32:29.0967 1540 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:32:29.0983 1540 BDESVC - ok
20:32:30.0014 1540 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:32:30.0014 1540 Beep - ok
20:32:30.0076 1540 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
20:32:30.0076 1540 BITS - ok
20:32:30.0123 1540 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:32:30.0123 1540 blbdrive - ok
20:32:30.0248 1540 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:32:30.0263 1540 Bonjour Service - ok
20:32:30.0310 1540 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
20:32:30.0310 1540 bowser - ok
20:32:30.0341 1540 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:32:30.0357 1540 BrFiltLo - ok
20:32:30.0373 1540 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:32:30.0373 1540 BrFiltUp - ok
20:32:30.0404 1540 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:32:30.0404 1540 BridgeMP - ok
20:32:30.0419 1540 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
20:32:30.0435 1540 Browser - ok
20:32:30.0466 1540 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:32:30.0466 1540 Brserid - ok
20:32:30.0482 1540 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:32:30.0482 1540 BrSerWdm - ok
20:32:30.0497 1540 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:32:30.0497 1540 BrUsbMdm - ok
20:32:30.0513 1540 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:32:30.0513 1540 BrUsbSer - ok
20:32:30.0544 1540 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:32:30.0544 1540 BTHMODEM - ok
20:32:30.0575 1540 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:32:30.0575 1540 bthserv - ok
20:32:30.0591 1540 catchme - ok
20:32:30.0638 1540 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
20:32:30.0653 1540 CAXHWAZL - ok
20:32:30.0700 1540 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:32:30.0700 1540 cdfs - ok
20:32:30.0731 1540 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
20:32:30.0731 1540 cdrom - ok
20:32:30.0778 1540 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:32:30.0778 1540 CertPropSvc - ok
20:32:30.0809 1540 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:32:30.0809 1540 circlass - ok
20:32:30.0856 1540 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:32:30.0856 1540 CLFS - ok
20:32:30.0934 1540 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:32:30.0934 1540 clr_optimization_v2.0.50727_32 - ok
20:32:30.0981 1540 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:32:30.0981 1540 clr_optimization_v2.0.50727_64 - ok
20:32:31.0043 1540 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:32:31.0043 1540 clr_optimization_v4.0.30319_32 - ok
20:32:31.0121 1540 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:32:31.0121 1540 clr_optimization_v4.0.30319_64 - ok
20:32:31.0199 1540 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:32:31.0199 1540 CmBatt - ok
20:32:31.0231 1540 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
20:32:31.0231 1540 cmdide - ok
20:32:31.0277 1540 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
20:32:31.0277 1540 CNG - ok
20:32:31.0309 1540 CnxtHdAudService (a44dfdb81dc62b11760881175e5b2266) C:\Windows\system32\drivers\CHDRT64.sys
20:32:31.0324 1540 CnxtHdAudService - ok
20:32:31.0449 1540 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
20:32:31.0449 1540 Com4QLBEx - ok
20:32:31.0527 1540 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:32:31.0527 1540 Compbatt - ok
20:32:31.0558 1540 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:32:31.0558 1540 CompositeBus - ok
20:32:31.0574 1540 COMSysApp - ok
20:32:31.0589 1540 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:32:31.0605 1540 crcdisk - ok
20:32:31.0636 1540 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
20:32:31.0636 1540 CryptSvc - ok
20:32:31.0683 1540 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:32:31.0699 1540 DcomLaunch - ok
20:32:31.0730 1540 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:32:31.0745 1540 defragsvc - ok
20:32:31.0792 1540 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
20:32:31.0808 1540 DfsC - ok
20:32:31.0839 1540 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
20:32:31.0855 1540 Dhcp - ok
20:32:31.0886 1540 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:32:31.0886 1540 discache - ok
20:32:31.0917 1540 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:32:31.0917 1540 Disk - ok
20:32:31.0964 1540 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
20:32:31.0964 1540 Dnscache - ok
20:32:31.0979 1540 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
20:32:31.0995 1540 dot3svc - ok
20:32:32.0011 1540 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
20:32:32.0011 1540 DPS - ok
20:32:32.0057 1540 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:32:32.0057 1540 drmkaud - ok
20:32:32.0104 1540 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
20:32:32.0120 1540 DXGKrnl - ok
20:32:32.0276 1540 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:32:32.0291 1540 EapHost - ok
20:32:32.0385 1540 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:32:32.0463 1540 ebdrv - ok
20:32:32.0494 1540 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
20:32:32.0494 1540 EFS - ok
20:32:32.0572 1540 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
20:32:32.0588 1540 ehRecvr - ok
20:32:32.0619 1540 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:32:32.0619 1540 ehSched - ok
20:32:32.0666 1540 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:32:32.0681 1540 elxstor - ok
20:32:32.0713 1540 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
20:32:32.0713 1540 ErrDev - ok
20:32:32.0775 1540 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:32:32.0775 1540 EventSystem - ok
20:32:32.0806 1540 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:32:32.0822 1540 exfat - ok
20:32:32.0837 1540 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:32:32.0837 1540 fastfat - ok
20:32:32.0869 1540 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
20:32:32.0884 1540 Fax - ok
20:32:32.0931 1540 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:32:32.0931 1540 fdc - ok
20:32:32.0947 1540 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:32:32.0947 1540 fdPHost - ok
20:32:32.0962 1540 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:32:32.0962 1540 FDResPub - ok
20:32:33.0009 1540 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:32:33.0009 1540 FileInfo - ok
20:32:33.0040 1540 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:32:33.0040 1540 Filetrace - ok
20:32:33.0056 1540 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:32:33.0056 1540 flpydisk - ok
20:32:33.0103 1540 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
20:32:33.0103 1540 FltMgr - ok
20:32:33.0165 1540 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
20:32:33.0196 1540 FontCache - ok
20:32:33.0259 1540 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:32:33.0259 1540 FontCache3.0.0.0 - ok
20:32:33.0305 1540 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:32:33.0305 1540 FsDepends - ok
20:32:33.0352 1540 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
20:32:33.0352 1540 fssfltr - ok
20:32:33.0508 1540 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:32:33.0555 1540 fsssvc - ok
20:32:33.0680 1540 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:32:33.0680 1540 Fs_Rec - ok
20:32:33.0727 1540 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:32:33.0727 1540 fvevol - ok
20:32:33.0758 1540 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:32:33.0758 1540 gagp30kx - ok
20:32:33.0883 1540 GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
20:32:33.0898 1540 GameConsoleService - ok
20:32:33.0992 1540 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:32:33.0992 1540 GEARAspiWDM - ok
20:32:34.0054 1540 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
20:32:34.0070 1540 gpsvc - ok
20:32:34.0179 1540 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:32:34.0179 1540 gupdate - ok
20:32:34.0210 1540 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:32:34.0210 1540 gupdatem - ok
20:32:34.0288 1540 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:32:34.0288 1540 hcw85cir - ok
20:32:34.0351 1540 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
20:32:34.0351 1540 HdAudAddService - ok
20:32:34.0382 1540 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:32:34.0382 1540 HDAudBus - ok
20:32:34.0397 1540 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:32:34.0397 1540 HidBatt - ok
20:32:34.0429 1540 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:32:34.0429 1540 HidBth - ok
20:32:34.0460 1540 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:32:34.0460 1540 HidIr - ok
20:32:34.0491 1540 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:32:34.0491 1540 hidserv - ok
20:32:34.0522 1540 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
20:32:34.0538 1540 HidUsb - ok
20:32:34.0569 1540 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
20:32:34.0569 1540 hkmsvc - ok
20:32:34.0585 1540 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
20:32:34.0600 1540 HomeGroupListener - ok
20:32:34.0631 1540 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
20:32:34.0631 1540 HomeGroupProvider - ok
20:32:34.0663 1540 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
20:32:34.0663 1540 HpqKbFiltr - ok
20:32:34.0803 1540 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
20:32:34.0819 1540 hpqwmiex - ok
20:32:34.0897 1540 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:32:34.0897 1540 HpSAMD - ok
20:32:34.0990 1540 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll
20:32:34.0990 1540 HsfXAudioService - ok
20:32:35.0053 1540 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
20:32:35.0099 1540 HSF_DPV - ok
20:32:35.0146 1540 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:32:35.0162 1540 HTTP - ok
20:32:35.0177 1540 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:32:35.0177 1540 hwpolicy - ok
20:32:35.0209 1540 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:32:35.0209 1540 i8042prt - ok
20:32:35.0255 1540 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
20:32:35.0271 1540 iaStorV - ok
20:32:35.0349 1540 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:32:35.0365 1540 idsvc - ok
20:32:35.0645 1540 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:32:35.0879 1540 igfx - ok
20:32:35.0911 1540 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:32:35.0911 1540 iirsp - ok
20:32:35.0957 1540 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
20:32:35.0973 1540 IKEEXT - ok
20:32:36.0035 1540 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
20:32:36.0035 1540 IntcHdmiAddService - ok
20:32:36.0067 1540 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
20:32:36.0067 1540 intelide - ok
20:32:36.0098 1540 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:32:36.0098 1540 intelppm - ok
20:32:36.0145 1540 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:32:36.0145 1540 IPBusEnum - ok
20:32:36.0176 1540 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:32:36.0176 1540 IpFilterDriver - ok
20:32:36.0207 1540 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
20:32:36.0223 1540 iphlpsvc - ok
20:32:36.0254 1540 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:32:36.0254 1540 IPMIDRV - ok
20:32:36.0285 1540 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:32:36.0285 1540 IPNAT - ok
20:32:36.0394 1540 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
20:32:36.0410 1540 iPod Service - ok
20:32:36.0488 1540 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:32:36.0488 1540 IRENUM - ok
20:32:36.0535 1540 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
20:32:36.0550 1540 isapnp - ok
20:32:36.0566 1540 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
20:32:36.0581 1540 iScsiPrt - ok
20:32:36.0597 1540 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:32:36.0597 1540 kbdclass - ok
20:32:36.0628 1540 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
20:32:36.0628 1540 kbdhid - ok
20:32:36.0659 1540 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:32:36.0659 1540 KeyIso - ok
20:32:36.0706 1540 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
20:32:36.0706 1540 KSecDD - ok
20:32:36.0753 1540 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
20:32:36.0753 1540 KSecPkg - ok
20:32:36.0784 1540 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:32:36.0784 1540 ksthunk - ok
20:32:36.0831 1540 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:32:36.0831 1540 KtmRm - ok
20:32:36.0893 1540 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
20:32:36.0893 1540 LanmanServer - ok
20:32:36.0940 1540 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
20:32:36.0940 1540 LanmanWorkstation - ok
20:32:37.0003 1540 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:32:37.0003 1540 lltdio - ok
20:32:37.0049 1540 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:32:37.0065 1540 lltdsvc - ok
20:32:37.0081 1540 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:32:37.0081 1540 lmhosts - ok
20:32:37.0127 1540 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:32:37.0127 1540 LSI_FC - ok
20:32:37.0174 1540 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:32:37.0174 1540 LSI_SAS - ok
20:32:37.0190 1540 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:32:37.0190 1540 LSI_SAS2 - ok
20:32:37.0221 1540 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:32:37.0237 1540 LSI_SCSI - ok
20:32:37.0268 1540 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:32:37.0283 1540 luafv - ok
20:32:37.0517 1540 McMPFSvc - ok
20:32:37.0580 1540 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
20:32:37.0580 1540 Mcx2Svc - ok
20:32:37.0642 1540 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:32:37.0642 1540 mdmxsdk - ok
20:32:37.0689 1540 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:32:37.0689 1540 megasas - ok
20:32:37.0736 1540 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:32:37.0736 1540 MegaSR - ok
20:32:37.0767 1540 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:32:37.0767 1540 MMCSS - ok
20:32:37.0829 1540 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:32:37.0829 1540 Modem - ok
20:32:37.0829 1540 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:32:37.0829 1540 monitor - ok
20:32:37.0861 1540 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:32:37.0861 1540 mouclass - ok
20:32:37.0892 1540 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:32:37.0892 1540 mouhid - ok
20:32:37.0907 1540 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:32:37.0907 1540 mountmgr - ok
20:32:37.0939 1540 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
20:32:37.0939 1540 mpio - ok
20:32:37.0954 1540 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:32:37.0954 1540 mpsdrv - ok
20:32:37.0985 1540 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:32:37.0985 1540 MRxDAV - ok
20:32:38.0032 1540 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:32:38.0032 1540 mrxsmb - ok
20:32:38.0095 1540 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:32:38.0095 1540 mrxsmb10 - ok
20:32:38.0126 1540 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:32:38.0126 1540 mrxsmb20 - ok
20:32:38.0157 1540 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
20:32:38.0157 1540 msahci - ok
20:32:38.0188 1540 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
20:32:38.0188 1540 msdsm - ok
20:32:38.0219 1540 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:32:38.0235 1540 MSDTC - ok
20:32:38.0282 1540 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:32:38.0282 1540 Msfs - ok
20:32:38.0297 1540 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:32:38.0297 1540 mshidkmdf - ok
20:32:38.0313 1540 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
20:32:38.0313 1540 msisadrv - ok
20:32:38.0344 1540 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:32:38.0344 1540 MSiSCSI - ok
20:32:38.0360 1540 msiserver - ok
20:32:38.0375 1540 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:32:38.0375 1540 MSKSSRV - ok
20:32:38.0391 1540 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:32:38.0391 1540 MSPCLOCK - ok
20:32:38.0407 1540 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:32:38.0407 1540 MSPQM - ok
20:32:38.0422 1540 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:32:38.0438 1540 MsRPC - ok
20:32:38.0453 1540 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:32:38.0453 1540 mssmbios - ok
20:32:38.0485 1540 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:32:38.0485 1540 MSTEE - ok
20:32:38.0516 1540 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:32:38.0516 1540 MTConfig - ok
20:32:38.0531 1540 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:32:38.0547 1540 Mup - ok
20:32:38.0578 1540 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
20:32:38.0594 1540 napagent - ok
20:32:38.0641 1540 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:32:38.0641 1540 NativeWifiP - ok
20:32:38.0672 1540 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:32:38.0687 1540 NDIS - ok
20:32:38.0703 1540 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:32:38.0703 1540 NdisCap - ok
20:32:38.0719 1540 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:32:38.0734 1540 NdisTapi - ok
20:32:38.0765 1540 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:32:38.0765 1540 Ndisuio - ok
20:32:38.0781 1540 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:32:38.0781 1540 NdisWan - ok
20:32:38.0797 1540 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:32:38.0797 1540 NDProxy - ok
20:32:38.0828 1540 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:32:38.0828 1540 NetBIOS - ok
20:32:38.0843 1540 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:32:38.0843 1540 NetBT - ok
20:32:38.0875 1540 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:32:38.0875 1540 Netlogon - ok
20:32:38.0921 1540 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:32:38.0921 1540 Netman - ok
20:32:38.0937 1540 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:32:38.0953 1540 netprofm - ok
20:32:39.0015 1540 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:32:39.0015 1540 NetTcpPortSharing - ok
20:32:39.0171 1540 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
20:32:39.0311 1540 netw5v64 - ok
20:32:39.0327 1540 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:32:39.0327 1540 nfrd960 - ok
20:32:39.0374 1540 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
20:32:39.0374 1540 NlaSvc - ok
20:32:39.0405 1540 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:32:39.0405 1540 Npfs - ok
20:32:39.0421 1540 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:32:39.0421 1540 nsi - ok
20:32:39.0452 1540 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:32:39.0452 1540 nsiproxy - ok
20:32:39.0530 1540 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
20:32:39.0545 1540 Ntfs - ok
20:32:39.0577 1540 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:32:39.0577 1540 Null - ok
20:32:39.0608 1540 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
20:32:39.0608 1540 nvraid - ok
20:32:39.0639 1540 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
20:32:39.0655 1540 nvstor - ok
20:32:39.0686 1540 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
20:32:39.0686 1540 nv_agp - ok
20:32:39.0717 1540 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
20:32:39.0717 1540 ohci1394 - ok
20:32:39.0748 1540 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:32:39.0764 1540 p2pimsvc - ok
20:32:39.0779 1540 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:32:39.0795 1540 p2psvc - ok
20:32:39.0826 1540 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:32:39.0826 1540 Parport - ok
20:32:39.0857 1540 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
20:32:39.0857 1540 partmgr - ok
20:32:39.0889 1540 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:32:39.0889 1540 PcaSvc - ok
20:32:39.0920 1540 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
20:32:39.0935 1540 pci - ok
20:32:39.0935 1540 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:32:39.0935 1540 pciide - ok
20:32:39.0982 1540 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:32:39.0982 1540 pcmcia - ok
20:32:40.0013 1540 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:32:40.0013 1540 pcw - ok
20:32:40.0045 1540 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:32:40.0060 1540 PEAUTH - ok
20:32:40.0123 1540 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:32:40.0123 1540 PerfHost - ok
20:32:40.0201 1540 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
20:32:40.0232 1540 pla - ok
20:32:40.0279 1540 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
20:32:40.0279 1540 PlugPlay - ok
20:32:40.0310 1540 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:32:40.0310 1540 PNRPAutoReg - ok
20:32:40.0325 1540 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:32:40.0341 1540 PNRPsvc - ok
20:32:40.0372 1540 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
20:32:40.0388 1540 PolicyAgent - ok
20:32:40.0419 1540 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:32:40.0419 1540 Power - ok
20:32:40.0450 1540 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:32:40.0466 1540 PptpMiniport - ok
20:32:40.0481 1540 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:32:40.0481 1540 Processor - ok
20:32:40.0513 1540 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
20:32:40.0528 1540 ProfSvc - ok
20:32:40.0560 1540 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:32:40.0560 1540 ProtectedStorage - ok
20:32:40.0575 1540 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:32:40.0575 1540 Psched - ok
20:32:40.0653 1540 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:32:40.0684 1540 ql2300 - ok
20:32:40.0700 1540 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:32:40.0700 1540 ql40xx - ok
20:32:40.0747 1540 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:32:40.0747 1540 QWAVE - ok
20:32:40.0778 1540 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:32:40.0778 1540 QWAVEdrv - ok
20:32:40.0809 1540 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:32:40.0809 1540 RasAcd - ok
20:32:40.0840 1540 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:32:40.0840 1540 RasAgileVpn - ok
20:32:40.0872 1540 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:32:40.0872 1540 RasAuto - ok
20:32:40.0903 1540 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:32:40.0903 1540 Rasl2tp - ok
20:32:40.0934 1540 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
20:32:40.0934 1540 RasMan - ok
20:32:40.0950 1540 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:32:40.0965 1540 RasPppoe - ok
20:32:40.0981 1540 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:32:40.0981 1540 RasSstp - ok
20:32:41.0028 1540 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:32:41.0028 1540 rdbss - ok
20:32:41.0059 1540 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:32:41.0059 1540 rdpbus - ok
20:32:41.0090 1540 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:32:41.0090 1540 RDPCDD - ok
20:32:41.0121 1540 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:32:41.0121 1540 RDPENCDD - ok
20:32:41.0137 1540 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:32:41.0137 1540 RDPREFMP - ok
20:32:41.0184 1540 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
20:32:41.0184 1540 RDPWD - ok
20:32:41.0230 1540 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
20:32:41.0230 1540 rdyboost - ok
20:32:41.0262 1540 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:32:41.0262 1540 RemoteAccess - ok
20:32:41.0293 1540 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:32:41.0293 1540 RemoteRegistry - ok
20:32:41.0402 1540 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
20:32:41.0402 1540 RichVideo - ok
20:32:41.0418 1540 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:32:41.0418 1540 RpcEptMapper - ok
20:32:41.0449 1540 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:32:41.0449 1540 RpcLocator - ok
20:32:41.0496 1540 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\System32\rpcss.dll
20:32:41.0496 1540 RpcSs - ok
20:32:41.0558 1540 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:32:41.0558 1540 rspndr - ok
20:32:41.0589 1540 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
20:32:41.0605 1540 RSUSBSTOR - ok
20:32:41.0636 1540 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:32:41.0636 1540 RTL8167 - ok
20:32:41.0652 1540 RtsUIR - ok
20:32:41.0683 1540 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:32:41.0683 1540 SamSs - ok
20:32:41.0730 1540 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
20:32:41.0730 1540 sbp2port - ok
20:32:41.0761 1540 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:32:41.0776 1540 SCardSvr - ok
20:32:41.0808 1540 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:32:41.0808 1540 scfilter - ok
20:32:41.0870 1540 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
20:32:41.0886 1540 Schedule - ok
20:32:41.0901 1540 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:32:41.0901 1540 SCPolicySvc - ok
20:32:41.0948 1540 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
20:32:41.0948 1540 sdbus - ok
20:32:41.0995 1540 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
20:32:41.0995 1540 SDRSVC - ok
20:32:42.0026 1540 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:32:42.0026 1540 secdrv - ok
20:32:42.0057 1540 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
20:32:42.0057 1540 seclogon - ok
20:32:42.0073 1540 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:32:42.0088 1540 SENS - ok
20:32:42.0120 1540 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:32:42.0120 1540 SensrSvc - ok
20:32:42.0151 1540 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:32:42.0151 1540 Serenum - ok
20:32:42.0182 1540 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:32:42.0182 1540 Serial - ok
20:32:42.0213 1540 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:32:42.0213 1540 sermouse - ok
20:32:42.0244 1540 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
20:32:42.0244 1540 SessionEnv - ok
20:32:42.0276 1540 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:32:42.0276 1540 sffdisk - ok
20:32:42.0291 1540 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:32:42.0291 1540 sffp_mmc - ok
20:32:42.0338 1540 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:32:42.0338 1540 sffp_sd - ok
20:32:42.0354 1540 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:32:42.0354 1540 sfloppy - ok
20:32:42.0400 1540 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:32:42.0400 1540 SharedAccess - ok
20:32:42.0432 1540 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
20:32:42.0432 1540 ShellHWDetection - ok
20:32:42.0463 1540 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:32:42.0463 1540 SiSRaid2 - ok
20:32:42.0510 1540 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:32:42.0510 1540 SiSRaid4 - ok
20:32:42.0556 1540 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:32:42.0556 1540 Smb - ok
20:32:42.0588 1540 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:32:42.0588 1540 SNMPTRAP - ok
20:32:42.0619 1540 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:32:42.0619 1540 spldr - ok
20:32:42.0666 1540 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
20:32:42.0666 1540 Spooler - ok
20:32:42.0759 1540 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
20:32:42.0837 1540 sppsvc - ok
20:32:42.0884 1540 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:32:42.0900 1540 sppuinotify - ok
20:32:42.0962 1540 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
20:32:42.0962 1540 srv - ok
20:32:43.0009 1540 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
20:32:43.0009 1540 srv2 - ok
20:32:43.0056 1540 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:32:43.0056 1540 SrvHsfHDA - ok
20:32:43.0102 1540 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:32:43.0134 1540 SrvHsfV92 - ok
20:32:43.0165 1540 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:32:43.0180 1540 SrvHsfWinac - ok
20:32:43.0212 1540 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
20:32:43.0243 1540 srvnet - ok
20:32:43.0290 1540 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:32:43.0290 1540 SSDPSRV - ok
20:32:43.0321 1540 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:32:43.0321 1540 SstpSvc - ok
20:32:43.0352 1540 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:32:43.0352 1540 stexstor - ok
20:32:43.0383 1540 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
20:32:43.0399 1540 stisvc - ok
20:32:43.0446 1540 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:32:43.0446 1540 swenum - ok
20:32:43.0492 1540 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:32:43.0508 1540 swprv - ok
20:32:43.0539 1540 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
20:32:43.0539 1540 SynTP - ok
20:32:43.0617 1540 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
20:32:43.0664 1540 SysMain - ok
20:32:43.0695 1540 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
20:32:43.0695 1540 TabletInputService - ok
20:32:43.0726 1540 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
20:32:43.0726 1540 TapiSrv - ok
20:32:43.0742 1540 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:32:43.0742 1540 TBS - ok
20:32:43.0820 1540 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
20:32:43.0836 1540 Tcpip - ok
20:32:43.0882 1540 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
20:32:43.0898 1540 TCPIP6 - ok
20:32:43.0945 1540 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:32:43.0945 1540 tcpipreg - ok
20:32:43.0992 1540 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:32:43.0992 1540 TDPIPE - ok
20:32:44.0007 1540 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:32:44.0007 1540 TDTCP - ok
20:32:44.0054 1540 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:32:44.0054 1540 tdx - ok
20:32:44.0085 1540 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
20:32:44.0085 1540 TermDD - ok
20:32:44.0148 1540 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
20:32:44.0148 1540 TermService - ok
20:32:44.0179 1540 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:32:44.0179 1540 Themes - ok
20:32:44.0210 1540 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:32:44.0210 1540 THREADORDER - ok
20:32:44.0226 1540 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:32:44.0226 1540 TrkWks - ok
20:32:44.0288 1540 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
20:32:44.0288 1540 TrustedInstaller - ok
20:32:44.0335 1540 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:32:44.0335 1540 tssecsrv - ok
20:32:44.0350 1540 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:32:44.0350 1540 tunnel - ok
20:32:44.0382 1540 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:32:44.0397 1540 uagp35 - ok
20:32:44.0413 1540 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
20:32:44.0428 1540 udfs - ok
20:32:44.0460 1540 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:32:44.0460 1540 UI0Detect - ok
20:32:44.0491 1540 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:32:44.0491 1540 uliagpkx - ok
20:32:44.0506 1540 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
20:32:44.0506 1540 umbus - ok
20:32:44.0538 1540 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:32:44.0538 1540 UmPass - ok
20:32:44.0569 1540 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:32:44.0584 1540 upnphost - ok
20:32:44.0631 1540 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
20:32:44.0631 1540 USBAAPL64 - ok
20:32:44.0662 1540 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
20:32:44.0662 1540 usbaudio - ok
20:32:44.0725 1540 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
20:32:44.0740 1540 usbccgp - ok
20:32:44.0756 1540 USBCCID - ok
20:32:44.0787 1540 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
20:32:44.0787 1540 usbcir - ok
20:32:44.0834 1540 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
20:32:44.0834 1540 usbehci - ok
20:32:44.0850 1540 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
20:32:44.0865 1540 usbhub - ok
20:32:44.0881 1540 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
20:32:44.0881 1540 usbohci - ok
20:32:44.0912 1540 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:32:44.0912 1540 usbprint - ok
20:32:44.0959 1540 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:32:44.0959 1540 usbscan - ok
20:32:44.0990 1540 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:32:44.0990 1540 USBSTOR - ok
20:32:45.0021 1540 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:32:45.0037 1540 usbuhci - ok
20:32:45.0068 1540 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
20:32:45.0068 1540 usbvideo - ok
20:32:45.0115 1540 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:32:45.0115 1540 UxSms - ok
20:32:45.0146 1540 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:32:45.0146 1540 VaultSvc - ok
20:32:45.0193 1540 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:32:45.0193 1540 vdrvroot - ok
20:32:45.0224 1540 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
20:32:45.0240 1540 vds - ok
20:32:45.0271 1540 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:32:45.0271 1540 vga - ok
20:32:45.0302 1540 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:32:45.0302 1540 VgaSave - ok
20:32:45.0333 1540 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
20:32:45.0333 1540 vhdmp - ok
20:32:45.0380 1540 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
20:32:45.0380 1540 viaide - ok
20:32:45.0411 1540 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
20:32:45.0411 1540 volmgr - ok
20:32:45.0474 1540 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:32:45.0474 1540 volmgrx - ok
20:32:45.0520 1540 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
20:32:45.0520 1540 volsnap - ok
20:32:45.0567 1540 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:32:45.0567 1540 vsmraid - ok
20:32:45.0630 1540 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
20:32:45.0676 1540 VSS - ok
20:32:45.0739 1540 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:32:45.0739 1540 vwifibus - ok
20:32:45.0770 1540 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:32:45.0770 1540 vwififlt - ok
20:32:45.0786 1540 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:32:45.0786 1540 vwifimp - ok
20:32:45.0832 1540 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:32:45.0832 1540 W32Time - ok
20:32:45.0864 1540 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:32:45.0864 1540 WacomPen - ok
20:32:45.0879 1540 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:32:45.0895 1540 WANARP - ok
20:32:45.0895 1540 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:32:45.0895 1540 Wanarpv6 - ok
20:32:46.0004 1540 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:32:46.0035 1540 WatAdminSvc - ok
20:32:46.0098 1540 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
20:32:46.0129 1540 wbengine - ok
20:32:46.0144 1540 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:32:46.0160 1540 WbioSrvc - ok
20:32:46.0191 1540 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
20:32:46.0207 1540 wcncsvc - ok
20:32:46.0222 1540 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:32:46.0222 1540 WcsPlugInService - ok
20:32:46.0269 1540 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:32:46.0269 1540 Wd - ok
20:32:46.0300 1540 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:32:46.0316 1540 Wdf01000 - ok
20:32:46.0347 1540 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:32:46.0347 1540 WdiServiceHost - ok
20:32:46.0347 1540 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:32:46.0347 1540 WdiSystemHost - ok
20:32:46.0394 1540 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
20:32:46.0410 1540 WebClient - ok
20:32:46.0425 1540 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:32:46.0425 1540 Wecsvc - ok
20:32:46.0441 1540 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:32:46.0456 1540 wercplsupport - ok
20:32:46.0472 1540 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:32:46.0472 1540 WerSvc - ok
20:32:46.0550 1540 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:32:46.0550 1540 WfpLwf - ok
20:32:46.0566 1540 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:32:46.0566 1540 WIMMount - ok
20:32:46.0628 1540 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
20:32:46.0644 1540 winachsf - ok
20:32:46.0690 1540 WinDefend - ok
20:32:46.0706 1540 WinHttpAutoProxySvc - ok
20:32:46.0784 1540 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:32:46.0800 1540 Winmgmt - ok
20:32:46.0878 1540 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
20:32:46.0924 1540 WinRM - ok
20:32:46.0987 1540 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
20:32:46.0987 1540 WinUsb - ok
20:32:47.0034 1540 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:32:47.0049 1540 Wlansvc - ok
20:32:47.0143 1540 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:32:47.0143 1540 wlcrasvc - ok
20:32:47.0283 1540 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:32:47.0346 1540 wlidsvc - ok
20:32:47.0424 1540 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:32:47.0424 1540 WmiAcpi - ok
20:32:47.0502 1540 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:32:47.0502 1540 wmiApSrv - ok
20:32:47.0548 1540 WMPNetworkSvc - ok
20:32:47.0580 1540 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:32:47.0580 1540 WPCSvc - ok
20:32:47.0595 1540 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
20:32:47.0611 1540 WPDBusEnum - ok
20:32:47.0642 1540 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:32:47.0642 1540 ws2ifsl - ok
20:32:47.0673 1540 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
20:32:47.0673 1540 wscsvc - ok
20:32:47.0704 1540 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
20:32:47.0704 1540 WSDPrintDevice - ok
20:32:47.0704 1540 WSearch - ok
20:32:47.0782 1540 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
20:32:47.0845 1540 wuauserv - ok
20:32:47.0860 1540 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
20:32:47.0860 1540 WudfPf - ok
20:32:47.0892 1540 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:32:47.0892 1540 WUDFRd - ok
20:32:47.0923 1540 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
20:32:47.0923 1540 wudfsvc - ok
20:32:47.0954 1540 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:32:47.0954 1540 WwanSvc - ok
20:32:47.0985 1540 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
20:32:47.0985 1540 XAudio - ok
20:32:48.0032 1540 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
20:32:48.0032 1540 yukonw7 - ok
20:32:48.0063 1540 MBR (0x1B8) (26f09bb2d3c825f4e28a6915a269f46d) \Device\Harddisk0\DR0
20:32:48.0094 1540 \Device\Harddisk0\DR0 - ok
20:32:48.0110 1540 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
20:32:48.0110 1540 \Device\Harddisk1\DR1 - ok
20:32:48.0141 1540 Boot (0x1200) (bcebb3bfec9c8f3a286738f48c5bac0d) \Device\Harddisk0\DR0\Partition0
20:32:48.0141 1540 \Device\Harddisk0\DR0\Partition0 - ok
20:32:48.0157 1540 Boot (0x1200) (dc4f07280d9caf32bf8c530e60351f8b) \Device\Harddisk0\DR0\Partition1
20:32:48.0157 1540 \Device\Harddisk0\DR0\Partition1 - ok
20:32:48.0188 1540 Boot (0x1200) (5eeb8f5de11aed2915d13b3155cb7db1) \Device\Harddisk0\DR0\Partition2
20:32:48.0188 1540 \Device\Harddisk0\DR0\Partition2 - ok
20:32:48.0188 1540 Boot (0x1200) (5673ef098dff03e9e724148a7d42d6d8) \Device\Harddisk1\DR1\Partition0
20:32:48.0188 1540 \Device\Harddisk1\DR1\Partition0 - ok
20:32:48.0188 1540 ============================================================
20:32:48.0188 1540 Scan finished
20:32:48.0188 1540 ============================================================
20:32:48.0204 1672 Detected object count: 0
20:32:48.0204 1672 Actual detected object count: 0


**************aswMBR report

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-06 20:34:31
-----------------------------
20:34:31.008 OS Version: Windows x64 6.1.7600
20:34:31.008 Number of processors: 2 586 0x170A
20:34:31.008 ComputerName: OWNER-PC UserName: Owner
20:34:32.084 Initialize success
20:35:09.462 AVAST engine defs: 12040601
20:36:40.784 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:36:40.784 Disk 0 Vendor: WDC_WD3200BEVT-60ZCT1 13.01A13 Size: 305245MB BusType: 11
20:36:41.128 Disk 0 MBR read successfully
20:36:41.143 Disk 0 MBR scan
20:36:41.143 Disk 0 unknown MBR code
20:36:41.143 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
20:36:41.174 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292848 MB offset 409600
20:36:41.206 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12196 MB offset 600162304
20:36:41.252 Disk 0 scanning C:\Windows\system32\drivers
20:36:50.316 Service scanning
20:37:10.596 Modules scanning
20:37:10.596 Disk 0 trace - called modules:
20:37:10.658 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:37:10.658 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002ffc060]
20:37:10.674 3 CLASSPNP.SYS[fffff880010cb43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002e62060]
20:37:11.906 AVAST engine scan C:\Windows
20:37:14.293 AVAST engine scan C:\Windows\system32
20:39:44.849 AVAST engine scan C:\Windows\system32\drivers
20:39:55.519 AVAST engine scan C:\Users\Owner
20:46:32.712 File: C:\Users\Owner\DoctorWeb\Quarantine\consrv_1.dll **INFECTED** Win32:Sirefef-HO [Rtk]
20:49:11.863 AVAST engine scan C:\ProgramData
20:50:39.395 Scan finished successfully
20:53:39.575 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
20:53:39.575 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

Edited by tina6409, 06 April 2012 - 08:57 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:34 AM

Posted 06 April 2012 - 09:04 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\users\Owner\AppData\Roaming\Oqvue
c:\users\Owner\AppData\Roaming\Weab

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 tina6409

tina6409
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 06 April 2012 - 09:36 PM

I haven't noticed any problems with the computer. Here is the latest ComboFix log.

ComboFix 12-04-04.02 - Owner 04/06/2012 21:15:19.5.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.1952 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Roaming\Oqvue
c:\users\Owner\AppData\Roaming\Weab
.
.
((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))
.
.
2012-04-07 02:20 . 2012-04-07 02:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 13:13 . 2012-04-06 16:22 -------- d-----w- C:\FRST
2012-04-05 03:28 . 2012-04-05 03:28 -------- d-----w- C:\342db4e9e4c8132dda5a1a5c67
2012-04-04 04:10 . 2012-04-04 04:12 -------- d-----w- c:\users\Owner\DoctorWeb
2012-04-03 22:14 . 2012-04-03 22:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 01:13 . 2012-04-03 01:13 -------- d-----we c:\windows\system64
2012-04-02 00:38 . 2012-04-03 02:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-28 00:36 . 2012-03-28 00:36 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 00:24 . 2011-06-13 00:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-14 04:02 . 2012-02-16 18:16 3143168 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-05_03.57.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-17 18:30 . 2012-04-07 02:23 46284 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-07 02:23 64736 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-14 00:57 . 2012-04-07 02:23 12790 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-506606629-1344249172-2621164067-1000_UserData.bin
+ 2009-12-12 01:39 . 2012-04-05 12:52 32768 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-12 01:39 . 2012-04-03 22:27 32768 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-12 01:39 . 2012-04-03 22:27 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-12 01:39 . 2012-04-05 12:52 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-03 22:27 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-05 12:52 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-17 18:30 . 2012-04-07 02:23 46284 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-05 12:49 64720 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-14 00:57 . 2012-04-05 12:49 12718 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-506606629-1344249172-2621164067-1000_UserData.bin
- 2009-12-12 01:39 . 2012-04-03 22:27 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-12 01:39 . 2012-04-05 12:52 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-12 01:39 . 2012-04-03 22:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-12 01:39 . 2012-04-05 12:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-03 22:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-05 12:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-04-05 13:26 80504 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-04-05 03:56 . 2012-04-05 03:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-07 02:21 . 2012-04-07 02:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-07 02:21 . 2012-04-07 02:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-05 03:56 . 2012-04-05 03:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-14 02:38 . 2012-04-06 13:03 329890 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2010-01-14 02:38 . 2012-04-06 13:03 329890 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:01 . 2012-04-06 13:03 289492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-04 03:43 289492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-05-18 00:33 . 2012-04-03 22:14 2419988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-506606629-1344249172-2621164067-1000-8192.dat
+ 2011-05-18 00:33 . 2012-04-06 13:03 2419988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-506606629-1344249172-2621164067-1000-8192.dat
+ 2011-05-18 00:33 . 2012-04-06 13:03 37902652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-506606629-1344249172-2621164067-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-11-06 307768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-2-6 385024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 21:50 54576 ----a-w- c:\program files (x86)\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-24 16:07 323640 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2009-06-24 06:34 468264 ----a-w- c:\program files (x86)\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 10:17 149280 ----a-w- c:\program files (x86)\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-02-18 05:21 218408 ----a-w- c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePRCShortCut]
2009-05-20 05:16 222504 ----a-w- c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2010-03-23 18:47 500792 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 136176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 136176]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd11358b0d203c.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 23:40]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cd11358cf2b8f4.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 23:40]
.
2012-04-03 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 10:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"MRT"="c:\windows\system32\MRT.exe" [2012-04-03 56297240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Completion time: 2012-04-06 21:28:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-07 02:28
ComboFix2.txt 2012-04-06 19:51
ComboFix3.txt 2012-04-05 12:55
ComboFix4.txt 2012-04-05 04:04
ComboFix5.txt 2012-04-07 02:14
.
Pre-Run: 211,887,902,720 bytes free
Post-Run: 211,907,375,104 bytes free
.
- - End Of File - - A73A67DC50FBFBB0C5C5D652D940DCB5

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:34 AM

Posted 06 April 2012 - 09:46 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 17
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 tina6409

tina6409
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 06 April 2012 - 10:51 PM

MBAM log gand Hijackthis report are attached. No problems that I noticed.

MBAM log

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.06.09

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

4/6/2012 10:29:31 PM
mbam-log-2012-04-06 (22-29-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200443
Time elapsed: 2 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

**************
Hijackthis report

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:44:00 PM, on 4/6/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /c
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9391 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:34 AM

Posted 06 April 2012 - 11:59 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
      O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo

Edited by gringo_pr, 07 April 2012 - 12:00 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 tina6409

tina6409
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 07 April 2012 - 10:19 AM

I initially ran the ESET scan in safe mode and it didn't find anything. I wasn't sure if I did it correctly because there was no report to copy to the clipboard, so I ran the scan again in regular mode and the ESET scan found this:

C:\Users\Owner\DoctorWeb\Quarantine\hosts Win32/Qhost trojan

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:34 AM

Posted 07 April 2012 - 11:39 AM

Hello

The Online scan looks very good!! It is only reporting backups created during the course of this fix!!


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 tina6409

tina6409
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 07 April 2012 - 11:59 AM

Excellent! Thank you so much for your help. Everything appears to be in order and working fine.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users