Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with "Trojan horse PSW.Agent.ASTO"


  • This topic is locked This topic is locked
20 replies to this topic

#1 irish94

irish94

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 05 April 2012 - 01:06 PM

AVG virus scan and Malwarebytes have identified this PSW.Agent.ASTO (perhaps another name in Malwarebytes), but have been unable to remove it. I have backed up personal files to Mozy again, so I began trying to remove it last night after finding this on your site: http://www.bleepingcomputer.com/forums/topic441896.html.

While Combofix was running, I found other references suggesting NOT to do that without specific instruction, but it was already underway. Combofix did finish, reboot, and said it removed a Rootkit problem. Attached is the log from Combofix last night:
Attached File  ComboFix.txt   16.68KB   0 downloads

This morning I reinstalled AVG Free (since Combofix told me it was still running last night after I disabled it, I just uninstalled it). After running the scan in AVG, it still found this virus of the same name.

Therefore, I started over with your instructions and ran the DDS. Here is the log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Matthew at 8:59:03 on 2012-04-05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1333 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WerCon.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG\AVG2012\avgui.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=fmtgl
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.startsearcher.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
StartupFolder: c:\users\matthew\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 10.1.0.10 10.1.0.12
TCP: Interfaces\{705F09E2-C31B-4BE5-B8FD-B98333A1B7F2} : DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{87AF5F96-767B-40E5-A33E-FA85D1E50B4F} : DhcpNameServer = 10.1.0.10 10.1.0.12
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\matthew\appdata\roaming\mozilla\firefox\profiles\l8gphtqr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bff83aeab-0077-43eb-854a-c80d1e4b3921%7D&mid=23e18c9a76f5f614865f2f443835bb9a-36d445928e4ad2744b60248a6b07028622a118a3&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2012-04-05%2000%3A17%3A26&sap=ku&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\15\NP_wtapp.dll
FF - plugin: c:\users\matthew\appdata\local\roblox\versions\version-59ef45ad660c45f5\NPRobloxProxy.dll
FF - plugin: c:\users\matthew\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\matthew\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\matthew\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=fmtgl
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=fmtgl
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=fmtgl&q=
FF - user.js: extensions.funmoods_i.id - 2228748800000000000000242c07a2d5
FF - user.js: extensions.funmoods_i.instlDay - 15381
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1616:12:51
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - fmtgl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
============= SERVICES / DRIVERS ===============
.
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-2-22 299472]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-2-14 5104992]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-1-25 92216]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-7-1 290832]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-4-5 918880]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-5-26 122368]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidsehx.sys [2011-12-23 22992]
S2 antivirservice;Mskservice;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 21504]
S2 avp;SQLBrowser;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-20 133104]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S2 RAPIProtocol;Wltwo51b;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 21504]
S2 SbieDrv;Resourcemanagermail;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 21504]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-15 183560]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-4 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-10-20 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
.
=============== Created Last 30 ================
.
2012-04-05 12:49:40 -------- d-----w- c:\programdata\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
2012-04-05 04:17:25 -------- d-----w- c:\programdata\AVG Secure Search
2012-04-05 04:17:23 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-04-05 04:17:23 -------- d-----w- c:\program files\AVG Secure Search
2012-04-05 03:52:05 -------- d-----w- C:\$RECYCLE.BIN
2012-04-05 03:46:47 -------- d-----w- c:\users\matthew\appdata\local\temp
2012-04-05 02:27:31 -------- d-----w- c:\users\matthew\appdata\local\{4EA058D3-1F1B-4949-9EA5-3CE92751EEB2}
2012-04-05 02:27:00 -------- d-----w- c:\users\matthew\appdata\local\{1F279C7E-F757-4E19-82A1-EDAA93287779}
2012-04-05 02:05:39 518144 ----a-w- c:\windows\SWREG.exe
2012-04-05 02:05:39 256000 ----a-w- c:\windows\PEV.exe
2012-04-05 02:05:39 208896 ----a-w- c:\windows\MBR.exe
2012-04-05 02:05:38 98816 ----a-w- c:\windows\sed.exe
2012-04-05 01:50:08 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-05 00:31:01 -------- d-----w- c:\users\matthew\appdata\local\{C2F33B7D-B662-4756-B087-F3283A426009}
2012-04-04 00:33:42 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2012-04-02 22:27:13 -------- d-----w- c:\users\matthew\appdata\local\{37BABEDA-3E00-4513-AF7B-B4C7D6D53292}
2012-04-02 22:26:42 -------- d-----w- c:\users\matthew\appdata\local\{E9BCF4FB-4843-4FB3-985B-A9813B7F374D}
2012-04-02 22:04:20 -------- d-----w- c:\users\matthew\appdata\local\{6A6F5222-57DD-49A2-8D9A-01836B5B8DDF}
2012-04-02 21:29:15 -------- d-----w- c:\users\matthew\appdata\local\{DA9A1909-54F8-4833-803F-C75AD3984854}
2012-04-02 21:28:09 -------- d-----w- c:\users\matthew\appdata\local\{26B5EB64-B9CF-405D-BD66-50F0541547C3}
2012-04-02 21:25:58 -------- d-----w- c:\users\matthew\appdata\local\{48A41851-720F-454F-83E2-DE5AE87676A9}
2012-04-02 21:25:19 -------- d-----w- c:\users\matthew\appdata\local\{E16FE02E-CDEF-493E-B046-328402DD51FC}
2012-04-02 21:18:13 -------- d-----w- c:\users\matthew\appdata\local\{187CD0B4-8D4C-4C74-A4AD-927A5DF3BDC9}
2012-04-02 21:17:40 -------- d-----w- c:\users\matthew\appdata\local\{2DC8F31E-1E21-48E0-AE2F-38D05F5A8751}
2012-04-02 21:02:00 -------- d-----w- c:\users\matthew\appdata\roaming\AVG2012
2012-04-02 21:00:36 -------- d-----w- c:\programdata\AVG2012
2012-04-02 19:40:02 -------- d-----w- c:\users\matthew\appdata\local\{2A94A759-41BF-4939-85E7-5902495EB6D8}
2012-04-02 19:39:28 -------- d-----w- c:\users\matthew\appdata\local\{237DD46E-263D-4DCC-AFCD-FD169837E3A9}
2012-04-02 03:30:45 -------- d-----w- c:\users\matthew\appdata\local\{DC0DFF4F-7650-46A0-A56A-8B36B27EE9A0}
2012-04-02 03:30:24 -------- d-----w- c:\users\matthew\appdata\local\{3DDF4E1C-D233-4CEC-8513-8F097ACC1432}
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-13 22:46:12 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 22:46:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 22:46:11 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 22:46:11 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 22:46:11 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 22:46:10 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 22:46:09 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 22:46:09 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 22:45:59 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2012-04-05 01:51:24 503864 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-04-02 03:52:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-29 22:29:48 35328 ---ha-w- c:\windows\system32\drivers\drmkaud.sys
2012-02-22 09:25:52 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 09:25:32 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-01-31 08:46:50 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 9:00:30.14 ===============


The attach.txt file is attached: Attached File  Attach.txt   47.98KB   1 downloads

I ran the GMER program, but got the blue screen of death and then it rebooted automatically. I did not get any information off the screen before that.

Only other point I can share is that I also tried uninstalling Malwarebytes, because Windows is somehow starting two instances of Malwarebytes automatically on startup. After the automatic reboot, they still came up, so I am not sure how. May or may not be relevant.

Thank you for the help.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 PM

Posted 07 April 2012 - 11:46 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 irish94

irish94
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 08 April 2012 - 07:36 AM

* Computer is starting up all right, although somehow it is trying to start two instances of Malwarebytes on its own.
* The Start Menu shows programs (e.g., Word, Excel, etc.), but the links do not work and all of the folders under My Programs are visible but empty. You have to go find the EXE to run a program.
* Firefox loads properly, and searches work properly without being redirected.

Thank you for your help.

Combofix log:

ComboFix 12-04-04.02 - Matthew 04/08/2012 7:41.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1659 [GMT -4:00]
Running from: c:\temp\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 11:57 . 2012-04-08 11:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-05 12:49 . 2012-04-05 12:49 -------- d-----w- c:\programdata\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
2012-04-05 04:17 . 2012-04-05 04:17 -------- d-----w- c:\programdata\AVG Secure Search
2012-04-05 04:17 . 2012-04-05 04:17 -------- d-----w- c:\program files\AVG Secure Search
2012-04-05 04:17 . 2012-04-05 04:17 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-04-05 03:46 . 2012-04-08 11:57 -------- d-----w- c:\users\Matthew\AppData\Local\temp
2012-04-05 01:50 . 2012-04-05 01:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-04 00:33 . 2011-07-12 01:21 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2012-04-02 21:02 . 2012-04-02 21:02 -------- d-----w- c:\users\Matthew\AppData\Roaming\AVG2012
2012-04-02 21:00 . 2012-04-05 04:18 -------- d-----w- c:\programdata\AVG2012
2012-04-02 20:11 . 2012-04-03 21:58 -------- d-----w- c:\users\Kiddos
2012-03-27 01:22 . 2012-03-27 01:22 -------- d-----w- c:\windows\Sun
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-13 22:46 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 22:46 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 22:46 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 22:46 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 22:46 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 22:46 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 22:46 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 22:46 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 22:45 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 01:51 . 2008-01-21 02:23 503864 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-04-02 03:52 . 2010-05-16 11:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-29 22:29 . 2008-01-21 02:23 35328 ---ha-w- c:\windows\system32\drivers\drmkaud.sys
2012-02-22 09:25 . 2012-02-22 09:25 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 09:25 . 2012-02-22 09:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-01-31 08:46 . 2012-01-31 08:46 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-03-13 04:39 . 2012-04-02 20:23 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]
2012-02-20 09:04 898912 ----a-w- c:\program files\AVG\AVG2012\avgdtiex.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-04-05 04:17 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-04-05 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2012-03-19 19:58 4253544 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2012-03-19 19:58 4253544 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-04-05 982880]
.
c:\users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2012-3-19 4511080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 21:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2009-03-11 00:19 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-12-04 02:15 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-10-07 03:42 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPService REG_MULTI_SZ HPSLPSVC
getPlusHelper REG_MULTI_SZ getPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
RAPIProtocol
nfmservice
usbbus
nisum
awhost32
Anydlc
SbieDrv
cidaemon
cccredmgr
dm1service
artourservice
trufos
nsm1mdm
viaudio
igateway
intelroam
serialkeys
wlancig
s217unic
{eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc}
SaiNtBus
vvoice
gv3
passthru
PSDNServ
ESDCR
avp
cwcspud
AVRec
iolo_srv
vwkernel
owstimer
s716nd5
issvc
NOWMEMDF
outpostfirewall
NdisFilt
srvdpi
CoolerXPDriver
openldap-slapd
se45bus
W700mgmt
imapi
mbr
vaiomediaplatform-photoserver-appserver
lvhidsvc
ati
mnsframework
VC6SecS
orbpvr
LUsbKbd
GoToAssist
ADIDTSFiltService
fsma
btnetfilter
mwagent
Stltrk2k
AcronisOSSReinstallSvc
Defrag32
aksusb
HSXHWBS2
forcewarewebinterface
sfman
wmconnectcds
UDFReadr
w550mdm
ClntMgmt.sys
psdvdisk
diskeeper
dirms_defragmentation
elnkfwppservice
LVRS
3comtftp
antivirservice
UPATC
tosrfbd
atkdisplf
artdhcp
W700mdm
CE3
agpcpq
dklogger
bb-run
AFGMp50
ntsecure
DXEC02
p2pgasvc
pinnaclesys.mediaserver
ctsfm2k
Tapisrv
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-28 02:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 17:25]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 17:25]
.
2012-04-05 c:\windows\Tasks\HPCeeScheduleForMatthew.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 08:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=fmtgl
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.startsearcher.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\l8gphtqr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bff83aeab-0077-43eb-854a-c80d1e4b3921%7D&mid=23e18c9a76f5f614865f2f443835bb9a-36d445928e4ad2744b60248a6b07028622a118a3&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2012-04-05%2000%3A17%3A26&sap=ku&q=
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=fmtgl
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=fmtgl
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=fmtgl&q=
FF - user.js: extensions.funmoods_i.id - 2228748800000000000000242c07a2d5
FF - user.js: extensions.funmoods_i.instlDay - 15381
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1616:12
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - fmtgl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-08 07:57
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5884)
c:\program files\MozyHome\mozyshell.dll
c:\program files\MozyHome\LIBEAY32.dll
.
Completion time: 2012-04-08 08:01:07
ComboFix-quarantined-files.txt 2012-04-08 12:00
ComboFix2.txt 2012-04-05 04:01
.
Pre-Run: 226,588,880,896 bytes free
Post-Run: 226,717,954,048 bytes free
.
- - End Of File - - 731A9C2E47A6F885EE6AA8FAD96AA3CE

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 PM

Posted 08 April 2012 - 11:04 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 irish94

irish94
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 08 April 2012 - 03:24 PM

TDS log:
15:34:05.0276 2740 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
15:34:05.0603 2740 ============================================================
15:34:05.0603 2740 Current date / time: 2012/04/08 15:34:05.0603
15:34:05.0603 2740 SystemInfo:
15:34:05.0603 2740
15:34:05.0603 2740 OS Version: 6.0.6002 ServicePack: 2.0
15:34:05.0603 2740 Product type: Workstation
15:34:05.0603 2740 ComputerName: MJMLAPTOP
15:34:05.0603 2740 UserName: Matthew
15:34:05.0603 2740 Windows directory: C:\Windows
15:34:05.0603 2740 System windows directory: C:\Windows
15:34:05.0603 2740 Processor architecture: Intel x86
15:34:05.0603 2740 Number of processors: 2
15:34:05.0603 2740 Page size: 0x1000
15:34:05.0603 2740 Boot type: Normal boot
15:34:05.0603 2740 ============================================================
15:34:09.0925 2740 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:34:09.0925 2740 \Device\Harddisk0\DR0:
15:34:09.0925 2740 MBR used
15:34:09.0925 2740 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23E68FC1
15:34:09.0925 2740 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23E69000, BlocksNum 0x15C4000
15:34:10.0049 2740 Initialize success
15:34:10.0049 2740 ============================================================
15:34:13.0169 5416 ============================================================
15:34:13.0169 5416 Scan started
15:34:13.0169 5416 Mode: Manual;
15:34:13.0169 5416 ============================================================
15:34:15.0182 5416 3comtftp - ok
15:34:15.0369 5416 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:34:15.0416 5416 ACPI - ok
15:34:15.0447 5416 AcronisOSSReinstallSvc - ok
15:34:15.0541 5416 ADIDTSFiltService - ok
15:34:15.0712 5416 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:34:15.0743 5416 adp94xx - ok
15:34:15.0884 5416 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:34:15.0962 5416 adpahci - ok
15:34:16.0102 5416 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:34:16.0133 5416 adpu160m - ok
15:34:16.0274 5416 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:34:16.0336 5416 adpu320 - ok
15:34:16.0430 5416 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
15:34:16.0430 5416 AeLookupSvc - ok
15:34:16.0601 5416 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:34:16.0601 5416 AFD - ok
15:34:16.0711 5416 AFGMp50 - ok
15:34:16.0945 5416 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:34:16.0976 5416 agp440 - ok
15:34:17.0007 5416 agpcpq - ok
15:34:17.0085 5416 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:34:17.0116 5416 aic78xx - ok
15:34:17.0163 5416 aksusb - ok
15:34:17.0303 5416 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
15:34:17.0303 5416 ALG - ok
15:34:17.0397 5416 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
15:34:17.0459 5416 aliide - ok
15:34:17.0569 5416 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:34:17.0584 5416 amdagp - ok
15:34:17.0631 5416 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
15:34:17.0647 5416 amdide - ok
15:34:17.0912 5416 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:34:17.0959 5416 AmdK7 - ok
15:34:18.0099 5416 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:34:18.0115 5416 AmdK8 - ok
15:34:18.0161 5416 antivirservice - ok
15:34:18.0317 5416 Anydlc - ok
15:34:18.0489 5416 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
15:34:18.0489 5416 Appinfo - ok
15:34:18.0629 5416 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:34:18.0629 5416 Apple Mobile Device - ok
15:34:18.0910 5416 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:34:18.0926 5416 arc - ok
15:34:18.0988 5416 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:34:19.0035 5416 arcsas - ok
15:34:19.0113 5416 artdhcp - ok
15:34:19.0129 5416 artourservice - ok
15:34:19.0425 5416 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:34:19.0441 5416 AsyncMac - ok
15:34:19.0519 5416 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:34:19.0519 5416 atapi - ok
15:34:19.0971 5416 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
15:34:20.0127 5416 athr - ok
15:34:20.0283 5416 ati - ok
15:34:20.0392 5416 atkdisplf - ok
15:34:20.0595 5416 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:34:20.0595 5416 AudioEndpointBuilder - ok
15:34:20.0611 5416 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:34:20.0626 5416 Audiosrv - ok
15:34:20.0751 5416 AVG Security Toolbar Service - ok
15:34:21.0375 5416 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files\AVG\AVG2012\avgidsagent.exe
15:34:21.0937 5416 AVGIDSAgent - ok
15:34:22.0202 5416 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
15:34:22.0233 5416 AVGIDSDriver - ok
15:34:22.0280 5416 AVGIDSEH (f4050c31e6a83cf1e4cdc80d165f7f08) C:\Windows\system32\DRIVERS\avgidsehx.sys
15:34:22.0311 5416 AVGIDSEH - ok
15:34:22.0545 5416 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
15:34:22.0561 5416 AVGIDSFilter - ok
15:34:22.0654 5416 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
15:34:22.0670 5416 AVGIDSShim - ok
15:34:22.0795 5416 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
15:34:22.0826 5416 Avgldx86 - ok
15:34:22.0904 5416 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
15:34:22.0951 5416 Avgmfx86 - ok
15:34:23.0044 5416 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
15:34:23.0075 5416 Avgrkx86 - ok
15:34:23.0153 5416 Avgtdix (b2fc9d4de6a2e57a4dfb5a11440c5b85) C:\Windows\system32\DRIVERS\avgtdix.sys
15:34:23.0185 5416 Avgtdix - ok
15:34:23.0559 5416 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
15:34:23.0575 5416 avgwd - ok
15:34:23.0637 5416 avp - ok
15:34:23.0668 5416 AVRec - ok
15:34:23.0699 5416 awhost32 - ok
15:34:23.0902 5416 bb-run - ok
15:34:24.0074 5416 BBSvc (66e66fd5a83c8bbfb791d14246d84015) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
15:34:24.0230 5416 BBSvc - ok
15:34:24.0370 5416 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:34:24.0386 5416 Beep - ok
15:34:24.0667 5416 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
15:34:24.0667 5416 BFE - ok
15:34:24.0994 5416 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
15:34:25.0010 5416 BITS - ok
15:34:25.0181 5416 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:34:25.0228 5416 blbdrive - ok
15:34:25.0525 5416 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe
15:34:25.0540 5416 Bonjour Service - ok
15:34:25.0681 5416 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:34:25.0696 5416 bowser - ok
15:34:25.0837 5416 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:34:25.0868 5416 BrFiltLo - ok
15:34:25.0946 5416 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:34:25.0961 5416 BrFiltUp - ok
15:34:26.0117 5416 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
15:34:26.0117 5416 Browser - ok
15:34:26.0211 5416 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:34:26.0242 5416 Brserid - ok
15:34:26.0367 5416 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:34:26.0383 5416 BrSerWdm - ok
15:34:26.0445 5416 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:34:26.0461 5416 BrUsbMdm - ok
15:34:26.0648 5416 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:34:26.0663 5416 BrUsbSer - ok
15:34:26.0788 5416 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:34:26.0804 5416 BTHMODEM - ok
15:34:26.0882 5416 btnetfilter - ok
15:34:27.0147 5416 catchme - ok
15:34:27.0241 5416 cccredmgr - ok
15:34:27.0412 5416 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:34:27.0537 5416 cdfs - ok
15:34:27.0662 5416 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:34:27.0677 5416 cdrom - ok
15:34:27.0693 5416 CE3 - ok
15:34:27.0849 5416 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:34:27.0849 5416 CertPropSvc - ok
15:34:27.0911 5416 cidaemon - ok
15:34:27.0974 5416 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:34:27.0989 5416 circlass - ok
15:34:28.0270 5416 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:34:28.0567 5416 CLFS - ok
15:34:28.0816 5416 ClntMgmt.sys - ok
15:34:28.0925 5416 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:34:28.0988 5416 clr_optimization_v2.0.50727_32 - ok
15:34:29.0050 5416 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:34:29.0113 5416 clr_optimization_v4.0.30319_32 - ok
15:34:29.0284 5416 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:34:29.0300 5416 CmBatt - ok
15:34:29.0378 5416 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
15:34:29.0409 5416 cmdide - ok
15:34:29.0627 5416 CnxtHdAudService (1adf6f4852e7d7e2e8ac481bdb970586) C:\Windows\system32\drivers\CHDRT32.sys
15:34:29.0659 5416 CnxtHdAudService - ok
15:34:29.0783 5416 Com4QLBEx (7795f8cebc284a426b53f541e538695f) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
15:34:29.0783 5416 Com4QLBEx - ok
15:34:29.0955 5416 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:34:29.0971 5416 Compbatt - ok
15:34:30.0002 5416 COMSysApp - ok
15:34:30.0033 5416 CoolerXPDriver - ok
15:34:30.0080 5416 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:34:30.0095 5416 crcdisk - ok
15:34:30.0251 5416 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:34:30.0267 5416 Crusoe - ok
15:34:30.0361 5416 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
15:34:30.0361 5416 CryptSvc - ok
15:34:30.0485 5416 ctsfm2k - ok
15:34:30.0548 5416 cwcspud - ok
15:34:30.0688 5416 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:34:30.0688 5416 DcomLaunch - ok
15:34:30.0751 5416 Defrag32 - ok
15:34:30.0907 5416 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
15:34:31.0094 5416 DFSR - ok
15:34:31.0250 5416 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
15:34:31.0250 5416 Dhcp - ok
15:34:31.0328 5416 dirms_defragmentation - ok
15:34:31.0515 5416 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:34:31.0609 5416 disk - ok
15:34:31.0702 5416 diskeeper - ok
15:34:31.0749 5416 dklogger - ok
15:34:31.0796 5416 dm1service - ok
15:34:31.0952 5416 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
15:34:31.0967 5416 Dnscache - ok
15:34:32.0108 5416 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
15:34:32.0108 5416 dot3svc - ok
15:34:32.0326 5416 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
15:34:32.0357 5416 dot4 - ok
15:34:32.0560 5416 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:34:32.0576 5416 Dot4Print - ok
15:34:32.0685 5416 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
15:34:32.0701 5416 dot4usb - ok
15:34:32.0950 5416 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
15:34:32.0950 5416 DPS - ok
15:34:33.0075 5416 drmkaud (31109abc6495b7f461f59a5d2463bf38) C:\Windows\system32\drivers\drmkaud.sys
15:34:33.0559 5416 drmkaud - ok
15:34:33.0699 5416 DXEC02 - ok
15:34:34.0151 5416 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:34:34.0167 5416 DXGKrnl - ok
15:34:34.0323 5416 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:34:34.0354 5416 E1G60 - ok
15:34:34.0417 5416 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
15:34:34.0417 5416 EapHost - ok
15:34:34.0619 5416 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:34:34.0760 5416 Ecache - ok
15:34:34.0853 5416 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
15:34:34.0869 5416 ehRecvr - ok
15:34:34.0885 5416 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
15:34:34.0900 5416 ehSched - ok
15:34:34.0916 5416 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
15:34:34.0931 5416 ehstart - ok
15:34:35.0025 5416 elnkfwppservice - ok
15:34:35.0150 5416 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:34:35.0181 5416 elxstor - ok
15:34:35.0431 5416 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
15:34:35.0446 5416 EMDMgmt - ok
15:34:35.0555 5416 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:34:35.0587 5416 ErrDev - ok
15:34:35.0789 5416 ESDCR - ok
15:34:35.0899 5416 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
15:34:35.0914 5416 EventSystem - ok
15:34:36.0101 5416 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:34:36.0148 5416 exfat - ok
15:34:36.0351 5416 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:34:36.0429 5416 fastfat - ok
15:34:36.0523 5416 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:34:36.0554 5416 fdc - ok
15:34:36.0772 5416 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
15:34:36.0772 5416 fdPHost - ok
15:34:36.0850 5416 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
15:34:36.0850 5416 FDResPub - ok
15:34:36.0944 5416 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:34:36.0959 5416 FileInfo - ok
15:34:37.0100 5416 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:34:37.0115 5416 Filetrace - ok
15:34:37.0193 5416 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:34:37.0209 5416 flpydisk - ok
15:34:37.0349 5416 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:34:37.0396 5416 FltMgr - ok
15:34:37.0771 5416 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
15:34:37.0786 5416 FontCache - ok
15:34:37.0895 5416 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:34:37.0927 5416 FontCache3.0.0.0 - ok
15:34:38.0051 5416 forcewarewebinterface - ok
15:34:38.0083 5416 fsma - ok
15:34:38.0317 5416 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
15:34:38.0332 5416 fssfltr - ok
15:34:38.0816 5416 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
15:34:39.0050 5416 fsssvc - ok
15:34:39.0299 5416 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:34:39.0315 5416 Fs_Rec - ok
15:34:39.0362 5416 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:34:39.0393 5416 gagp30kx - ok
15:34:39.0643 5416 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files\WildTangent Games\App\GamesAppService.exe
15:34:39.0799 5416 GamesAppService - ok
15:34:40.0033 5416 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:34:40.0048 5416 GEARAspiWDM - ok
15:34:40.0298 5416 getPlusHelper (0879dc7444a201df84e69c5dd5083d61) C:\Program Files\NOS\bin\getPlus_Helper.dll
15:34:40.0298 5416 getPlusHelper - ok
15:34:40.0407 5416 GoToAssist - ok
15:34:40.0532 5416 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
15:34:40.0547 5416 gpsvc - ok
15:34:40.0719 5416 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
15:34:40.0735 5416 gupdate - ok
15:34:40.0781 5416 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
15:34:40.0781 5416 gupdatem - ok
15:34:40.0844 5416 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:34:40.0953 5416 gusvc - ok
15:34:41.0031 5416 gv3 - ok
15:34:41.0125 5416 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:34:41.0249 5416 HdAudAddService - ok
15:34:41.0343 5416 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:34:41.0421 5416 HDAudBus - ok
15:34:41.0639 5416 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:34:41.0655 5416 HidBth - ok
15:34:41.0827 5416 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:34:41.0873 5416 HidIr - ok
15:34:42.0014 5416 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
15:34:42.0014 5416 hidserv - ok
15:34:42.0154 5416 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:34:42.0185 5416 HidUsb - ok
15:34:42.0232 5416 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
15:34:42.0232 5416 hkmsvc - ok
15:34:42.0419 5416 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
15:34:42.0419 5416 HP Health Check Service - ok
15:34:42.0638 5416 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:34:42.0653 5416 HpCISSs - ok
15:34:42.0856 5416 HPDrvMntSvc.exe (f55442690a70a0278a7eed4faaebf576) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:34:42.0856 5416 HPDrvMntSvc.exe - ok
15:34:43.0059 5416 hpqcxs08 (97aac45a375168c6a2297beeb9692e31) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
15:34:43.0075 5416 hpqcxs08 - ok
15:34:43.0153 5416 hpqddsvc (19a4fb67b1c97ea18edff44340973cd9) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
15:34:43.0168 5416 hpqddsvc - ok
15:34:43.0355 5416 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
15:34:43.0387 5416 HpqKbFiltr - ok
15:34:43.0730 5416 hpqwmiex (640e51db253265c3eac075866b3d2b33) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
15:34:43.0730 5416 hpqwmiex - ok
15:34:44.0057 5416 HPSLPSVC (56fc98f1014ea8dc51b92839c32759ec) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
15:34:44.0073 5416 HPSLPSVC - ok
15:34:44.0385 5416 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:34:44.0650 5416 HSF_DPV - ok
15:34:44.0837 5416 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:34:44.0869 5416 HSXHWAZL - ok
15:34:44.0993 5416 HSXHWBS2 - ok
15:34:45.0134 5416 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:34:45.0149 5416 HTTP - ok
15:34:45.0383 5416 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:34:45.0399 5416 i2omp - ok
15:34:45.0493 5416 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:34:45.0508 5416 i8042prt - ok
15:34:45.0805 5416 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:34:45.0883 5416 iaStorV - ok
15:34:46.0039 5416 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:34:46.0070 5416 IDriverT - ok
15:34:46.0241 5416 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:34:46.0382 5416 idsvc - ok
15:34:46.0475 5416 igateway - ok
15:34:47.0240 5416 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:34:47.0911 5416 igfx - ok
15:34:48.0160 5416 IHA_MessageCenter (c135bff15563592b8ea070ea109967f7) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
15:34:48.0160 5416 IHA_MessageCenter - ok
15:34:48.0425 5416 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:34:48.0441 5416 iirsp - ok
15:34:48.0613 5416 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
15:34:48.0691 5416 IKEEXT - ok
15:34:48.0753 5416 imapi - ok
15:34:48.0878 5416 IntcHdmiAddService (e63cd0d9aa8d406cabde5aa718936f40) C:\Windows\system32\drivers\IntcHdmi.sys
15:34:48.0909 5416 IntcHdmiAddService - ok
15:34:49.0081 5416 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
15:34:49.0112 5416 intelide - ok
15:34:49.0330 5416 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:34:49.0346 5416 intelppm - ok
15:34:49.0393 5416 intelroam - ok
15:34:49.0439 5416 iolo_srv - ok
15:34:49.0533 5416 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
15:34:49.0533 5416 IPBusEnum - ok
15:34:49.0580 5416 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:34:49.0595 5416 IpFilterDriver - ok
15:34:49.0720 5416 IPHLPSVC (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
15:34:49.0720 5416 IPHLPSVC - ok
15:34:49.0892 5416 IpInIp - ok
15:34:50.0017 5416 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:34:50.0032 5416 IPMIDRV - ok
15:34:50.0282 5416 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:34:50.0313 5416 IPNAT - ok
15:34:50.0438 5416 iPod Service (b84a28b3984185eda8867541af14cddb) C:\Program Files\iPod\bin\iPodService.exe
15:34:50.0453 5416 iPod Service - ok
15:34:50.0641 5416 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:34:50.0656 5416 IRENUM - ok
15:34:50.0719 5416 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:34:50.0734 5416 isapnp - ok
15:34:51.0031 5416 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:34:51.0062 5416 iScsiPrt - ok
15:34:51.0171 5416 issvc - ok
15:34:51.0327 5416 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:34:51.0358 5416 iteatapi - ok
15:34:51.0577 5416 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:34:51.0623 5416 iteraid - ok
15:34:51.0889 5416 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:34:51.0951 5416 kbdclass - ok
15:34:52.0045 5416 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:34:52.0060 5416 kbdhid - ok
15:34:52.0294 5416 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:34:52.0294 5416 KeyIso - ok
15:34:52.0637 5416 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
15:34:52.0809 5416 KSecDD - ok
15:34:53.0012 5416 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
15:34:53.0183 5416 KtmRm - ok
15:34:53.0277 5416 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
15:34:53.0277 5416 LanmanServer - ok
15:34:53.0417 5416 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
15:34:53.0433 5416 LanmanWorkstation - ok
15:34:54.0104 5416 LeapFrog Connect Device Service (24a7d535bd9e58e5bc1ac52ef7e2ec8e) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
15:34:54.0151 5416 LeapFrog Connect Device Service - ok
15:34:54.0338 5416 LightScribeService (9188d073cd14f886790d6037d1986063) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:34:54.0353 5416 LightScribeService - ok
15:34:54.0463 5416 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:34:54.0478 5416 lltdio - ok
15:34:54.0697 5416 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
15:34:54.0884 5416 lltdsvc - ok
15:34:55.0352 5416 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
15:34:55.0352 5416 lmhosts - ok
15:34:55.0523 5416 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:34:55.0539 5416 LSI_FC - ok
15:34:55.0601 5416 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:34:55.0633 5416 LSI_SAS - ok
15:34:55.0664 5416 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:34:55.0679 5416 LSI_SCSI - ok
15:34:55.0711 5416 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:34:55.0726 5416 luafv - ok
15:34:55.0742 5416 LUsbKbd - ok
15:34:55.0773 5416 lvhidsvc - ok
15:34:55.0789 5416 LVRS - ok
15:34:56.0241 5416 mbr - ok
15:34:56.0366 5416 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2svc.dll
15:34:56.0397 5416 Mcx2Svc - ok
15:34:56.0475 5416 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:34:56.0491 5416 mdmxsdk - ok
15:34:56.0569 5416 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:34:56.0584 5416 megasas - ok
15:34:56.0756 5416 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:34:56.0787 5416 MegaSR - ok
15:34:56.0834 5416 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:34:56.0849 5416 MMCSS - ok
15:34:57.0037 5416 mnsframework - ok
15:34:57.0255 5416 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:34:57.0286 5416 Modem - ok
15:34:57.0395 5416 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:34:57.0411 5416 monitor - ok
15:34:57.0427 5416 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:34:57.0442 5416 mouclass - ok
15:34:57.0473 5416 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:34:57.0520 5416 mouhid - ok
15:34:57.0567 5416 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:34:57.0567 5416 MountMgr - ok
15:34:57.0692 5416 mozybackup (ab1fe8235e6abada86ecc040c43b6df0) C:\Program Files\MozyHome\mozybackup.exe
15:34:57.0692 5416 mozybackup - ok
15:34:58.0019 5416 mozyFilter (31dfc6f8efaec37e7e863002c63f0dbe) C:\Windows\system32\DRIVERS\mozy.sys
15:34:58.0035 5416 mozyFilter - ok
15:34:58.0129 5416 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:34:58.0144 5416 mpio - ok
15:34:58.0331 5416 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:34:58.0347 5416 mpsdrv - ok
15:34:58.0487 5416 MPSSVC (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
15:34:58.0519 5416 MPSSVC - ok
15:34:58.0690 5416 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:34:58.0706 5416 Mraid35x - ok
15:34:58.0877 5416 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:34:58.0893 5416 MRxDAV - ok
15:34:58.0987 5416 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:34:59.0002 5416 mrxsmb - ok
15:34:59.0127 5416 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:34:59.0158 5416 mrxsmb10 - ok
15:34:59.0439 5416 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:34:59.0455 5416 mrxsmb20 - ok
15:34:59.0704 5416 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
15:34:59.0735 5416 msahci - ok
15:34:59.0829 5416 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:34:59.0845 5416 msdsm - ok
15:34:59.0907 5416 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
15:34:59.0938 5416 MSDTC - ok
15:35:00.0313 5416 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:35:00.0328 5416 Msfs - ok
15:35:00.0391 5416 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:35:00.0406 5416 msisadrv - ok
15:35:00.0515 5416 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
15:35:00.0531 5416 MSiSCSI - ok
15:35:00.0578 5416 msiserver - ok
15:35:00.0703 5416 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:35:00.0734 5416 MSKSSRV - ok
15:35:00.0983 5416 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:35:00.0999 5416 MSPCLOCK - ok
15:35:01.0093 5416 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:35:01.0124 5416 MSPQM - ok
15:35:01.0327 5416 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:35:01.0389 5416 MsRPC - ok
15:35:01.0592 5416 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:35:01.0607 5416 mssmbios - ok
15:35:01.0670 5416 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:35:01.0685 5416 MSTEE - ok
15:35:01.0763 5416 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:35:01.0779 5416 Mup - ok
15:35:01.0826 5416 mwagent - ok
15:35:02.0153 5416 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
15:35:02.0169 5416 napagent - ok
15:35:02.0528 5416 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:35:02.0543 5416 NativeWifiP - ok
15:35:02.0575 5416 NAVENG - ok
15:35:02.0575 5416 NAVEX15 - ok
15:35:02.0824 5416 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:35:02.0933 5416 NDIS - ok
15:35:03.0199 5416 NdisFilt - ok
15:35:03.0292 5416 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:35:03.0308 5416 NdisTapi - ok
15:35:03.0433 5416 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:35:03.0448 5416 Ndisuio - ok
15:35:03.0635 5416 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:35:03.0745 5416 NdisWan - ok
15:35:03.0885 5416 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:35:03.0932 5416 NDProxy - ok
15:35:04.0197 5416 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll
15:35:04.0213 5416 Net Driver HPZ12 - ok
15:35:04.0337 5416 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:35:04.0369 5416 NetBIOS - ok
15:35:04.0462 5416 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:35:04.0478 5416 netbt - ok
15:35:04.0681 5416 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:35:04.0681 5416 Netlogon - ok
15:35:04.0899 5416 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
15:35:04.0899 5416 Netman - ok
15:35:05.0102 5416 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
15:35:05.0117 5416 netprofm - ok
15:35:05.0211 5416 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:35:05.0227 5416 NetTcpPortSharing - ok
15:35:05.0663 5416 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
15:35:05.0835 5416 NETw3v32 - ok
15:35:06.0085 5416 nfmservice - ok
15:35:06.0178 5416 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:35:06.0194 5416 nfrd960 - ok
15:35:06.0256 5416 nisum - ok
15:35:06.0443 5416 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
15:35:06.0443 5416 NlaSvc - ok
15:35:06.0506 5416 Norton Internet Security - ok
15:35:06.0755 5416 NOWMEMDF - ok
15:35:07.0005 5416 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:35:07.0021 5416 Npfs - ok
15:35:07.0364 5416 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
15:35:07.0379 5416 nsi - ok
15:35:07.0442 5416 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:35:07.0457 5416 nsiproxy - ok
15:35:07.0504 5416 nsm1mdm - ok
15:35:07.0738 5416 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:35:07.0816 5416 Ntfs - ok
15:35:08.0019 5416 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:35:08.0050 5416 ntrigdigi - ok
15:35:08.0097 5416 ntsecure - ok
15:35:08.0222 5416 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
15:35:08.0269 5416 NuidFltr - ok
15:35:08.0440 5416 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:35:08.0440 5416 Null - ok
15:35:08.0534 5416 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:35:08.0581 5416 nvraid - ok
15:35:08.0627 5416 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:35:08.0643 5416 nvstor - ok
15:35:08.0783 5416 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:35:08.0815 5416 nv_agp - ok
15:35:08.0939 5416 NwlnkFlt - ok
15:35:09.0142 5416 NwlnkFwd - ok
15:35:09.0407 5416 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:35:09.0626 5416 odserv - ok
15:35:09.0813 5416 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
15:35:09.0829 5416 ohci1394 - ok
15:35:09.0860 5416 openldap-slapd - ok
15:35:09.0953 5416 orbpvr - ok
15:35:10.0203 5416 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:35:10.0234 5416 ose - ok
15:35:10.0312 5416 outpostfirewall - ok
15:35:10.0343 5416 owstimer - ok
15:35:10.0359 5416 p2pgasvc - ok
15:35:10.0733 5416 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:35:10.0733 5416 p2pimsvc - ok
15:35:10.0905 5416 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:35:10.0905 5416 p2psvc - ok
15:35:11.0170 5416 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:35:11.0186 5416 Parport - ok
15:35:11.0576 5416 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:35:11.0607 5416 partmgr - ok
15:35:11.0716 5416 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:35:11.0732 5416 Parvdm - ok
15:35:11.0981 5416 passthru - ok
15:35:12.0044 5416 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
15:35:12.0044 5416 PcaSvc - ok
15:35:12.0309 5416 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:35:12.0403 5416 pci - ok
15:35:12.0746 5416 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
15:35:12.0777 5416 pciide - ok
15:35:12.0949 5416 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:35:12.0995 5416 pcmcia - ok
15:35:13.0229 5416 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
15:35:13.0261 5416 pcouffin - ok
15:35:13.0370 5416 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:35:13.0635 5416 PEAUTH - ok
15:35:13.0697 5416 pinnaclesys.mediaserver - ok
15:35:14.0009 5416 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
15:35:14.0025 5416 pla - ok
15:35:14.0134 5416 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
15:35:14.0134 5416 PlugPlay - ok
15:35:14.0399 5416 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll
15:35:14.0431 5416 Pml Driver HPZ12 - ok
15:35:14.0727 5416 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:35:14.0743 5416 PNRPAutoReg - ok
15:35:14.0789 5416 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:35:14.0789 5416 PNRPsvc - ok
15:35:15.0023 5416 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
15:35:15.0086 5416 PolicyAgent - ok
15:35:15.0335 5416 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:35:15.0398 5416 PptpMiniport - ok
15:35:15.0507 5416 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:35:15.0569 5416 Processor - ok
15:35:15.0772 5416 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
15:35:15.0772 5416 ProfSvc - ok
15:35:15.0881 5416 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:35:15.0881 5416 ProtectedStorage - ok
15:35:16.0115 5416 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:35:16.0115 5416 PSched - ok
15:35:16.0178 5416 PSDNServ - ok
15:35:16.0318 5416 psdvdisk - ok
15:35:16.0396 5416 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
15:35:16.0412 5416 PxHelp20 - ok
15:35:16.0677 5416 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:35:16.0817 5416 ql2300 - ok
15:35:16.0989 5416 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:35:17.0083 5416 ql40xx - ok
15:35:17.0176 5416 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
15:35:17.0176 5416 QWAVE - ok
15:35:17.0613 5416 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:35:17.0629 5416 QWAVEdrv - ok
15:35:17.0894 5416 RAPIProtocol - ok
15:35:18.0081 5416 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:35:18.0097 5416 RasAcd - ok
15:35:18.0393 5416 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
15:35:18.0393 5416 RasAuto - ok
15:35:18.0752 5416 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:35:18.0767 5416 Rasl2tp - ok
15:35:18.0892 5416 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
15:35:18.0892 5416 RasMan - ok
15:35:19.0267 5416 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:35:19.0282 5416 RasPppoe - ok
15:35:19.0501 5416 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:35:19.0703 5416 RasSstp - ok
15:35:20.0187 5416 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:35:20.0327 5416 rdbss - ok
15:35:20.0671 5416 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:35:20.0733 5416 RDPCDD - ok
15:35:21.0045 5416 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:35:21.0201 5416 rdpdr - ok
15:35:21.0638 5416 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:35:21.0653 5416 RDPENCDD - ok
15:35:21.0965 5416 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
15:35:22.0121 5416 RDPWD - ok
15:35:22.0465 5416 Recovery Service for Windows (0d362785bef9bdf5a6e1f4628d06716d) C:\Program Files\SMINST\BLService.exe
15:35:22.0496 5416 Recovery Service for Windows - ok
15:35:22.0714 5416 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
15:35:22.0714 5416 RemoteAccess - ok
15:35:22.0870 5416 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
15:35:22.0886 5416 RemoteRegistry - ok
15:35:22.0995 5416 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files\CyberLink\Shared files\RichVideo.exe
15:35:23.0026 5416 RichVideo - ok
15:35:23.0354 5416 RimUsb - ok
15:35:23.0619 5416 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
15:35:23.0681 5416 RimVSerPort - ok
15:35:23.0900 5416 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
15:35:23.0915 5416 ROOTMODEM - ok
15:35:24.0274 5416 RoxLiveShare9 - ok
15:35:24.0711 5416 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
15:35:24.0711 5416 RpcLocator - ok
15:35:25.0226 5416 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:35:25.0241 5416 RpcSs - ok
15:35:25.0772 5416 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:35:25.0787 5416 rspndr - ok
15:35:26.0177 5416 RTL8169 (125c504a34d0a2e152517e342e7e432c) C:\Windows\system32\DRIVERS\Rtlh86.sys
15:35:26.0240 5416 RTL8169 - ok
15:35:26.0630 5416 RTSTOR (08c3394391ab0aff65d75ae65d4207e1) C:\Windows\system32\drivers\RTSTOR.SYS
15:35:26.0645 5416 RTSTOR - ok
15:35:26.0708 5416 s217unic - ok
15:35:26.0786 5416 s716nd5 - ok
15:35:26.0895 5416 SaiNtBus - ok
15:35:27.0004 5416 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:35:27.0004 5416 SamSs - ok
15:35:27.0020 5416 SbieDrv - ok
15:35:27.0379 5416 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:35:27.0425 5416 sbp2port - ok
15:35:27.0581 5416 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
15:35:27.0597 5416 SCardSvr - ok
15:35:27.0784 5416 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
15:35:27.0784 5416 Schedule - ok
15:35:27.0925 5416 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:35:27.0925 5416 SCPolicySvc - ok
15:35:28.0049 5416 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
15:35:28.0159 5416 sdbus - ok
15:35:28.0549 5416 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
15:35:28.0549 5416 SDRSVC - ok
15:35:28.0751 5416 se45bus - ok
15:35:28.0923 5416 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
15:35:28.0923 5416 SeaPort - ok
15:35:29.0048 5416 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:35:29.0063 5416 secdrv - ok
15:35:29.0110 5416 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
15:35:29.0110 5416 seclogon - ok
15:35:29.0157 5416 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
15:35:29.0173 5416 SENS - ok
15:35:29.0641 5416 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:35:29.0656 5416 Serenum - ok
15:35:29.0719 5416 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:35:29.0750 5416 Serial - ok
15:35:29.0921 5416 serialkeys - ok
15:35:30.0015 5416 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:35:30.0031 5416 sermouse - ok
15:35:30.0265 5416 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
15:35:30.0265 5416 SessionEnv - ok
15:35:30.0483 5416 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
15:35:30.0483 5416 sffdisk - ok
15:35:30.0779 5416 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:35:30.0826 5416 sffp_mmc - ok
15:35:30.0920 5416 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:35:30.0920 5416 sffp_sd - ok
15:35:30.0982 5416 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:35:30.0998 5416 sfloppy - ok
15:35:31.0154 5416 sfman - ok
15:35:31.0403 5416 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
15:35:31.0403 5416 SharedAccess - ok
15:35:31.0731 5416 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
15:35:31.0731 5416 ShellHWDetection - ok
15:35:31.0981 5416 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:35:32.0074 5416 sisagp - ok
15:35:32.0152 5416 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:35:32.0168 5416 SiSRaid2 - ok
15:35:32.0683 5416 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:35:32.0698 5416 SiSRaid4 - ok
15:35:33.0135 5416 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
15:35:33.0182 5416 slsvc - ok
15:35:33.0665 5416 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
15:35:33.0681 5416 SLUINotify - ok
15:35:33.0931 5416 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:35:33.0946 5416 Smb - ok
15:35:34.0055 5416 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
15:35:34.0055 5416 SNMPTRAP - ok
15:35:34.0617 5416 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:35:34.0648 5416 spldr - ok
15:35:34.0820 5416 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
15:35:34.0835 5416 Spooler - ok
15:35:35.0179 5416 SRTSP - ok
15:35:35.0225 5416 SRTSPX - ok
15:35:35.0335 5416 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:35:35.0350 5416 srv - ok
15:35:35.0631 5416 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:35:35.0647 5416 srv2 - ok
15:35:35.0678 5416 srvdpi - ok
15:35:35.0849 5416 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:35:35.0865 5416 srvnet - ok
15:35:35.0974 5416 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
15:35:35.0974 5416 SSDPSRV - ok
15:35:36.0193 5416 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
15:35:36.0193 5416 SstpSvc - ok
15:35:36.0567 5416 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
15:35:36.0614 5416 StillCam - ok
15:35:37.0097 5416 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
15:35:37.0113 5416 stisvc - ok
15:35:37.0253 5416 Stltrk2k - ok
15:35:37.0378 5416 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:35:37.0409 5416 swenum - ok
15:35:37.0721 5416 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
15:35:37.0721 5416 swprv - ok
15:35:37.0971 5416 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:35:38.0002 5416 Symc8xx - ok
15:35:38.0158 5416 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:35:38.0221 5416 Sym_hi - ok
15:35:38.0345 5416 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:35:38.0377 5416 Sym_u3 - ok
15:35:38.0845 5416 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
15:35:38.0891 5416 SynTP - ok
15:35:39.0079 5416 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
15:35:39.0094 5416 SysMain - ok
15:35:39.0188 5416 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
15:35:39.0188 5416 TabletInputService - ok
15:35:39.0313 5416 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
15:35:39.0328 5416 TapiSrv - ok
15:35:39.0640 5416 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
15:35:39.0640 5416 TBS - ok
15:35:39.0890 5416 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
15:35:40.0015 5416 Tcpip - ok
15:35:40.0436 5416 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
15:35:40.0451 5416 Tcpip6 - ok
15:35:40.0857 5416 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:35:40.0873 5416 tcpipreg - ok
15:35:40.0982 5416 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:35:40.0997 5416 TDPIPE - ok
15:35:41.0247 5416 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:35:41.0263 5416 TDTCP - ok
15:35:41.0434 5416 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:35:41.0575 5416 tdx - ok
15:35:41.0731 5416 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:35:41.0965 5416 TermDD - ok
15:35:42.0791 5416 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
15:35:42.0791 5416 TermService - ok
15:35:42.0885 5416 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
15:35:42.0885 5416 Themes - ok
15:35:43.0057 5416 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:35:43.0057 5416 THREADORDER - ok
15:35:43.0119 5416 tosrfbd - ok
15:35:43.0306 5416 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
15:35:43.0306 5416 TrkWks - ok
15:35:43.0369 5416 trufos - ok
15:35:43.0447 5416 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
15:35:43.0447 5416 TrustedInstaller - ok
15:35:43.0743 5416 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:35:43.0759 5416 tssecsrv - ok
15:35:43.0852 5416 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:35:43.0899 5416 tunmp - ok
15:35:44.0164 5416 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:35:44.0227 5416 tunnel - ok
15:35:44.0601 5416 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:35:44.0617 5416 uagp35 - ok
15:35:44.0695 5416 UDFReadr - ok
15:35:44.0882 5416 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:35:44.0897 5416 udfs - ok
15:35:45.0085 5416 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
15:35:45.0085 5416 UI0Detect - ok
15:35:45.0194 5416 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:35:45.0225 5416 uliagpkx - ok
15:35:45.0521 5416 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:35:45.0553 5416 uliahci - ok
15:35:45.0724 5416 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:35:45.0911 5416 UlSata - ok
15:35:46.0083 5416 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:35:46.0130 5416 ulsata2 - ok
15:35:46.0333 5416 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:35:46.0364 5416 umbus - ok
15:35:46.0442 5416 UPATC - ok
15:35:46.0645 5416 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
15:35:46.0645 5416 upnphost - ok
15:35:46.0801 5416 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
15:35:46.0879 5416 USBAAPL - ok
15:35:46.0957 5416 usbbus - ok
15:35:47.0035 5416 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:35:47.0066 5416 usbccgp - ok
15:35:47.0284 5416 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:35:47.0315 5416 usbcir - ok
15:35:47.0456 5416 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:35:47.0471 5416 usbehci - ok
15:35:47.0690 5416 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:35:47.0690 5416 usbhub - ok
15:35:47.0737 5416 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:35:47.0752 5416 usbohci - ok
15:35:47.0799 5416 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:35:47.0815 5416 usbprint - ok
15:35:48.0033 5416 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
15:35:48.0049 5416 usbscan - ok
15:35:48.0142 5416 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:35:48.0173 5416 USBSTOR - ok
15:35:48.0392 5416 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:35:48.0407 5416 usbuhci - ok
15:35:48.0610 5416 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
15:35:48.0641 5416 usbvideo - ok
15:35:48.0766 5416 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
15:35:48.0782 5416 UxSms - ok
15:35:49.0000 5416 vaiomediaplatform-photoserver-appserver - ok
15:35:49.0047 5416 VC6SecS - ok
15:35:49.0219 5416 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
15:35:49.0234 5416 vds - ok
15:35:49.0421 5416 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:35:49.0453 5416 vga - ok
15:35:49.0655 5416 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:35:49.0671 5416 VgaSave - ok
15:35:49.0780 5416 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:35:49.0796 5416 viaagp - ok
15:35:49.0905 5416 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:35:49.0921 5416 ViaC7 - ok
15:35:50.0045 5416 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
15:35:50.0061 5416 viaide - ok
15:35:50.0108 5416 viaudio - ok
15:35:50.0248 5416 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:35:50.0264 5416 volmgr - ok
15:35:50.0435 5416 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:35:50.0451 5416 volmgrx - ok
15:35:50.0841 5416 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:35:50.0872 5416 volsnap - ok
15:35:50.0966 5416 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:35:51.0106 5416 vsmraid - ok
15:35:51.0293 5416 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
15:35:51.0465 5416 VSS - ok
15:35:51.0605 5416 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
15:35:51.0621 5416 vToolbarUpdater10.2.0 - ok
15:35:51.0902 5416 vvoice - ok
15:35:51.0964 5416 vwkernel - ok
15:35:52.0058 5416 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
15:35:52.0073 5416 W32Time - ok
15:35:52.0261 5416 w550mdm - ok
15:35:52.0323 5416 W700mdm - ok
15:35:52.0370 5416 W700mgmt - ok
15:35:52.0635 5416 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:35:52.0666 5416 WacomPen - ok
15:35:52.0744 5416 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:35:52.0760 5416 Wanarp - ok
15:35:52.0807 5416 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:35:52.0807 5416 Wanarpv6 - ok
15:35:53.0150 5416 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
15:35:53.0150 5416 wcncsvc - ok
15:35:53.0259 5416 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
15:35:53.0259 5416 WcsPlugInService - ok
15:35:53.0509 5416 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:35:53.0524 5416 Wd - ok
15:35:53.0789 5416 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:35:53.0789 5416 Wdf01000 - ok
15:35:53.0852 5416 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:35:53.0852 5416 WdiServiceHost - ok
15:35:53.0867 5416 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:35:53.0867 5416 WdiSystemHost - ok
15:35:53.0945 5416 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
15:35:53.0945 5416 WebClient - ok
15:35:54.0226 5416 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
15:35:54.0226 5416 Wecsvc - ok
15:35:54.0382 5416 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
15:35:54.0382 5416 wercplsupport - ok
15:35:54.0538 5416 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
15:35:54.0538 5416 WerSvc - ok
15:35:54.0788 5416 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:35:54.0866 5416 winachsf - ok
15:35:54.0991 5416 WINDEFEND (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
15:35:55.0069 5416 WINDEFEND - ok
15:35:55.0084 5416 WinHttpAutoProxySvc - ok
15:35:55.0240 5416 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
15:35:55.0240 5416 Winmgmt - ok
15:35:55.0412 5416 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
15:35:55.0521 5416 WinRM - ok
15:35:55.0661 5416 wlancig - ok
15:35:55.0895 5416 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
15:35:55.0911 5416 Wlansvc - ok
15:35:56.0145 5416 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:35:56.0161 5416 wlidsvc - ok
15:35:56.0363 5416 WmBEnum (1abfd1399436e81c9d857f5fc76eaf98) C:\Windows\system32\drivers\WmBEnum.sys
15:35:56.0379 5416 WmBEnum - ok
15:35:56.0473 5416 wmconnectcds - ok
15:35:56.0551 5416 WmFilter (b3cfcbcc91ff61ef82fc693b8b57e7f0) C:\Windows\system32\drivers\WmFilter.sys
15:35:56.0566 5416 WmFilter - ok
15:35:56.0847 5416 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:35:56.0847 5416 WmiAcpi - ok
15:35:57.0081 5416 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
15:35:57.0081 5416 wmiApSrv - ok
15:35:57.0409 5416 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:35:57.0409 5416 WMPNetworkSvc - ok
15:35:57.0767 5416 WmVirHid (a40d2dd0f019423ef6c363f1295eb38d) C:\Windows\system32\drivers\WmVirHid.sys
15:35:57.0799 5416 WmVirHid - ok
15:35:57.0877 5416 WmXlCore (2bf505424f469155cd90d7b3301d7adc) C:\Windows\system32\drivers\WmXlCore.sys
15:35:57.0892 5416 WmXlCore - ok
15:35:58.0048 5416 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
15:35:58.0048 5416 WPCSvc - ok
15:35:58.0251 5416 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
15:35:58.0267 5416 WPDBusEnum - ok
15:35:58.0485 5416 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
15:35:58.0501 5416 WpdUsb - ok
15:35:58.0953 5416 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:35:59.0000 5416 WPFFontCache_v0400 - ok
15:35:59.0296 5416 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:35:59.0312 5416 ws2ifsl - ok
15:35:59.0390 5416 WSCSVC (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
15:35:59.0390 5416 WSCSVC - ok
15:35:59.0842 5416 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
15:35:59.0842 5416 WSDPrintDevice - ok
15:36:00.0045 5416 WSearch - ok
15:36:00.0357 5416 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
15:36:00.0482 5416 wuauserv - ok
15:36:00.0669 5416 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:36:00.0763 5416 WUDFRd - ok
15:36:00.0872 5416 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
15:36:00.0872 5416 wudfsvc - ok
15:36:01.0168 5416 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
15:36:01.0199 5416 XAudio - ok
15:36:01.0262 5416 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
15:36:01.0277 5416 XAudioService - ok
15:36:01.0449 5416 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
15:36:01.0480 5416 yukonwlh - ok
15:36:01.0652 5416 {eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc} - ok
15:36:01.0745 5416 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
15:36:01.0792 5416 \Device\Harddisk0\DR0 - ok
15:36:01.0808 5416 Boot (0x1200) (9dcdaf7f471265c30d24dfcfe84401fc) \Device\Harddisk0\DR0\Partition0
15:36:01.0808 5416 \Device\Harddisk0\DR0\Partition0 - ok
15:36:01.0839 5416 Boot (0x1200) (a4e83531e7bf87edd281c544693ee6ae) \Device\Harddisk0\DR0\Partition1
15:36:01.0839 5416 \Device\Harddisk0\DR0\Partition1 - ok
15:36:01.0839 5416 ============================================================
15:36:01.0839 5416 Scan finished
15:36:01.0839 5416 ============================================================
15:36:01.0855 5636 Detected object count: 0
15:36:01.0855 5636 Actual detected object count: 0

ASWMBR log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-08 16:02:47
-----------------------------
16:02:47.352 OS Version: Windows 6.0.6002 Service Pack 2
16:02:47.367 Number of processors: 2 586 0x170A
16:02:47.367 ComputerName: MJMLAPTOP UserName: Matthew
16:03:25.634 Initialize success
16:04:12.190 AVAST engine defs: 12040801
16:04:14.998 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:04:14.998 Disk 0 Vendor: FUJITSU_MHZ2320BH_G2 8909 Size: 305245MB BusType: 3
16:04:15.060 Disk 0 MBR read successfully
16:04:15.060 Disk 0 MBR scan
16:04:15.060 Disk 0 unknown MBR code
16:04:15.122 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294097 MB offset 63
16:04:15.216 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11144 MB offset 602312704
16:04:15.247 Disk 0 scanning sectors +625135616
16:04:15.419 Disk 0 scanning C:\Windows\system32\drivers
16:04:26.604 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Sirefef-PL [Rtk]
16:04:27.883 File: C:\Windows\system32\drivers\drmkaud.sys **INFECTED** Win32:Rootkit-gen [Rtk]
16:05:01.096 Disk 0 trace - called modules:
16:05:01.142 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
16:05:01.642 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8609e108]
16:05:01.642 3 CLASSPNP.SYS[8a60c8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85e91b98]
16:05:07.866 AVAST engine scan C:\Windows
16:05:27.366 AVAST engine scan C:\Windows\system32
16:16:47.448 AVAST engine scan C:\Windows\system32\drivers
16:16:52.690 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Sirefef-PL [Rtk]
16:16:53.423 File: C:\Windows\system32\drivers\drmkaud.sys **INFECTED** Win32:Rootkit-gen [Rtk]
16:17:28.694 AVAST engine scan C:\Users\Matthew
16:22:42.707 Disk 0 MBR has been saved successfully to "C:\Users\Matthew\Desktop\MBR.dat"
16:22:42.722 The log file has been saved successfully to "C:\Users\Matthew\Desktop\aswMBR.txt"
16:23:04.341 Disk 0 MBR has been saved successfully to "C:\Users\Matthew\Desktop\MBR.dat"
16:23:04.356 The log file has been saved successfully to "C:\Users\Matthew\Desktop\aswMBR2.txt"

AVG came up while ASW was running still saying that Trojan horse PSW.Agent.ASTO was detected. Thanks for your help.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 PM

Posted 08 April 2012 - 09:34 PM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
dfsc.sys
drmkaud.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 irish94

irish94
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 08 April 2012 - 10:12 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 22:41 on 08/04/2012 by Matthew
Administrator - Elevation successful

========== filefind ==========

Searching for "dfsc.sys"
C:\Windows\System32\drivers\dfsc.sys --a---- 75264 bytes [20:33 15/06/2011] [14:59 14/04/2011] 048D6FEC8033B3C0ED624693EC9ADA2B
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18000_none_879a2ddde61be4de\dfsc.sys --a---- 75264 bytes [02:24 21/01/2008] [02:24 21/01/2008] 9E635AE5E8AD93E2B5989E2E23679F97
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18633_none_877cca5be63173a0\dfsc.sys --a---- 75264 bytes [20:33 15/06/2011] [14:24 14/04/2011] A3E9FA213F443AC77C7746119D13FEEC
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.22899_none_87cb8b40ff7a5041\dfsc.sys --a---- 75264 bytes [20:33 15/06/2011] [13:22 13/04/2011] E20FB30D720810646ED24FB7CA9899A2
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18005_none_8985a6e9e33db02a\dfsc.sys --a---- 75264 bytes [18:29 29/07/2009] [04:14 11/04/2009] 218D8AE46C88E82014F5D73D0236D9B2
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.22625_none_89f9ad5afc6b7999\dfsc.sys --a---- 75264 bytes [20:33 15/06/2011] [14:36 14/04/2011] 3A3436F7DFE0E0C58CD5C3B6C9F21634

Searching for "drmkaud.sys"
C:\Windows\System32\drivers\drmkaud.sys --ah--- 35328 bytes [02:23 21/01/2008] [22:29 29/03/2012] 31109ABC6495B7F461F59A5D2463BF38
C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_1493ef6e\drmkaud.sys --ah--- 5632 bytes [10:25 02/11/2006] [08:54 02/11/2006] EE472CD2C01F6F8E8AA1FA06FFEF61B6
C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_84db3286\drmkaud.sys --ah--- 5632 bytes [02:23 21/01/2008] [02:23 21/01/2008] 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_e9a56ed0\drmkaud.sys --ah--- 5632 bytes [02:23 21/01/2008] [02:23 21/01/2008] 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\winsxs\x86_wdmaudio.inf_31bf3856ad364e35_6.0.6001.18000_none_606759131a25a8c1\drmkaud.sys --a---- 5632 bytes [02:23 21/01/2008] [02:23 21/01/2008] 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\winsxs\x86_wdmaudio.inf_31bf3856ad364e35_6.0.6002.18005_none_6252d21f1747740d\drmkaud.sys --a---- 5632 bytes [02:23 21/01/2008] [02:23 21/01/2008] 97FEF831AB90BEE128C9AF390E243F80

-= EOF =-

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 PM

Posted 08 April 2012 - 10:27 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

FCopy::
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18000_none_879a2ddde61be4de\dfsc.sys | C:\Windows\System32\drivers\dfsc.sys
C:\Windows\winsxs\x86_wdmaudio.inf_31bf3856ad364e35_6.0.6002.18005_none_6252d21f1747740d\drmkaud.sys | C:\Windows\System32\drivers\drmkaud.sys

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 irish94

irish94
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 09 April 2012 - 05:56 AM

Did not have to restart computer. Start Menu is still showing names and folders, but links do not work on main Start Menu and folders under All Programs are empty. Computer speed seems the same and Firefox is still running ok without redirecting, pop-ups, etc. Thanks.

ComboFix 12-04-04.02 - Matthew 04/09/2012 6:32.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1746 [GMT -4:00]
Running from: c:\users\Matthew\Desktop\ComboFix.exe
Command switches used :: c:\users\Matthew\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18000_none_879a2ddde61be4de\dfsc.sys --> c:\windows\System32\drivers\dfsc.sys
c:\windows\winsxs\x86_wdmaudio.inf_31bf3856ad364e35_6.0.6002.18005_none_6252d21f1747740d\drmkaud.sys --> c:\windows\System32\drivers\drmkaud.sys
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-09 10:47 . 2012-04-09 10:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-05 12:49 . 2012-04-05 12:49 -------- d-----w- c:\programdata\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
2012-04-05 04:17 . 2012-04-05 04:17 -------- d-----w- c:\programdata\AVG Secure Search
2012-04-05 04:17 . 2012-04-05 04:17 -------- d-----w- c:\program files\AVG Secure Search
2012-04-05 04:17 . 2012-04-05 04:17 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-04-05 03:46 . 2012-04-09 10:47 -------- d-----w- c:\users\Matthew\AppData\Local\temp
2012-04-05 01:50 . 2012-04-05 01:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-04 00:33 . 2011-07-12 01:21 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2012-04-02 21:02 . 2012-04-02 21:02 -------- d-----w- c:\users\Matthew\AppData\Roaming\AVG2012
2012-04-02 21:00 . 2012-04-05 04:18 -------- d-----w- c:\programdata\AVG2012
2012-04-02 20:11 . 2012-04-03 21:58 -------- d-----w- c:\users\Kiddos
2012-03-27 01:22 . 2012-03-27 01:22 -------- d-----w- c:\windows\Sun
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-13 22:46 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 22:46 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 22:46 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 22:46 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 22:46 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 22:46 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 22:46 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 22:46 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 22:45 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 01:51 . 2008-01-21 02:23 503864 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-04-02 03:52 . 2010-05-16 11:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-22 09:25 . 2012-02-22 09:25 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 09:25 . 2012-02-22 09:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-01-31 08:46 . 2012-01-31 08:46 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-03-13 04:39 . 2012-04-02 20:23 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]
2012-02-20 09:04 898912 ----a-w- c:\program files\AVG\AVG2012\avgdtiex.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-04-05 04:17 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-04-05 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2012-03-19 19:58 4253544 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2012-03-19 19:58 4253544 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-04-05 982880]
.
c:\users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2012-3-19 4511080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 21:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2009-03-11 00:19 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-12-04 02:15 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-10-07 03:42 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPService REG_MULTI_SZ HPSLPSVC
getPlusHelper REG_MULTI_SZ getPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
RAPIProtocol
nfmservice
usbbus
nisum
awhost32
Anydlc
SbieDrv
cidaemon
cccredmgr
dm1service
artourservice
trufos
nsm1mdm
viaudio
igateway
intelroam
serialkeys
wlancig
s217unic
{eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc}
SaiNtBus
vvoice
gv3
passthru
PSDNServ
ESDCR
avp
cwcspud
AVRec
iolo_srv
vwkernel
owstimer
s716nd5
issvc
NOWMEMDF
outpostfirewall
NdisFilt
srvdpi
CoolerXPDriver
openldap-slapd
se45bus
W700mgmt
imapi
mbr
vaiomediaplatform-photoserver-appserver
lvhidsvc
ati
mnsframework
VC6SecS
orbpvr
LUsbKbd
GoToAssist
ADIDTSFiltService
fsma
btnetfilter
mwagent
Stltrk2k
AcronisOSSReinstallSvc
Defrag32
aksusb
HSXHWBS2
forcewarewebinterface
sfman
wmconnectcds
UDFReadr
w550mdm
ClntMgmt.sys
psdvdisk
diskeeper
dirms_defragmentation
elnkfwppservice
LVRS
3comtftp
antivirservice
UPATC
tosrfbd
atkdisplf
artdhcp
W700mdm
CE3
agpcpq
dklogger
bb-run
AFGMp50
ntsecure
DXEC02
p2pgasvc
pinnaclesys.mediaserver
ctsfm2k
Tapisrv
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-28 02:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 17:25]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 17:25]
.
2012-04-05 c:\windows\Tasks\HPCeeScheduleForMatthew.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 08:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=fmtgl
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.startsearcher.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\l8gphtqr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bff83aeab-0077-43eb-854a-c80d1e4b3921%7D&mid=23e18c9a76f5f614865f2f443835bb9a-36d445928e4ad2744b60248a6b07028622a118a3&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2012-04-05%2000%3A17%3A26&sap=ku&q=
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=fmtgl
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=fmtgl
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=fmtgl&q=
FF - user.js: extensions.funmoods_i.id - 2228748800000000000000242c07a2d5
FF - user.js: extensions.funmoods_i.instlDay - 15381
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1616:12
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - fmtgl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-09 06:47
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3008)
c:\program files\MozyHome\mozyshell.dll
c:\program files\MozyHome\LIBEAY32.dll
.
Completion time: 2012-04-09 06:49:23
ComboFix-quarantined-files.txt 2012-04-09 10:49
ComboFix2.txt 2012-04-08 12:01
ComboFix3.txt 2012-04-05 04:01
.
Pre-Run: 224,631,595,008 bytes free
Post-Run: 228,940,009,472 bytes free
.
- - End Of File - - 9C409F6E61EF217CF804578769D29E86

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 PM

Posted 09 April 2012 - 07:57 AM

Hello

I want you to run this first - http://download.bleepingcomputer.com/grinler/unhide.exe

now use this to fix the accessories and default folder - http://download.bleepingcomputer.com/grinler/fakehdd/vista-32-sm-reset.exe

and if those two this did not work then we have to fix the rest like this

using Avast as an example

In case, program's link shows as (empty):

Posted Image

  • Open Windows Explorer, navigate to Avast folder in Program Files
  • Right click on Avast ".exe" file, click "Create shortcut":

Posted Image

  • Copy that shortcut, go back to Start menu.
  • Right click on avast!Free Antivirus, click "Paste".
  • You'll see Avast shortcut recreated replacing (empty) entry.

Alternatively....
...you paste that shortcut in:
(XP) - C:\Documents and Settings\All Users\Start Menu\Programs\Avast
(Vista/7) - C:\Program Data\Start Menu\Programs\Avast

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 irish94

irish94
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 09 April 2012 - 07:16 PM

Thanks. The Start Menu still has invalid links to Excel, etc. and the All Programs folders are mostly empty. I can go back and repopulate as needed.

Are there final tests for validating that the virus is removed?

One odd thing persists -- 2 instances of malwarebytes are automatically starting when Windows starts. When I go to Control Panel to uninstall, malwarebytes is not in the list of programs.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 PM

Posted 09 April 2012 - 07:50 PM

Uninstall Malwarebytes

  • Click on the Start Posted Image button and select Control Panel
  • Click on Programs and Features
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important
  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or post to ask and we'll explain how to do it.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 irish94

irish94
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 10 April 2012 - 06:14 AM

Malwarebytes was still not showing in the Programs list in Control Panel, but I found an uninstall EXE in its Program Files folder. I used that, then ran the Clean EXE and restarted. The new version is now installed. Run it or something else now? Thank you.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 PM

Posted 10 April 2012 - 07:34 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.0
Bing Bar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 irish94

irish94
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 10 April 2012 - 08:32 PM

Hijack this was giving the popup window saying "for some reason, your system denied access to the Hosts file." I tried running as administrator as you suggested, but that gave the same error. I tried restarting too. Same error. Are there any errors you see that would need to be fixed manually? Malwarebytes returned nothing.

Computer seems to be doing all right. Thank you!

mbam log:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.10.11

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Matthew :: MJMLAPTOP [administrator]

4/10/2012 8:37:26 PM
mbam-log-2012-04-10 (20-37-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226191
Time elapsed: 15 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


hijack this log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:21:07 PM, on 4/10/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\System32\mobsync.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=fmtgl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do-Not-Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (file missing)
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bing Bar Update Service (BBSvc) - Unknown owner - C:\Program Files\Microsoft\BingBar\BBSvc.EXE (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SeaPort - Unknown owner - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (file missing)
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10317 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users