Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google vipsearch virus removal?


  • This topic is locked This topic is locked
26 replies to this topic

#1 cazshie

cazshie

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 18 April 2012 - 06:00 PM

Infected with a vipsearch virus that re-directs when using google search engine.
Thought I'd removed it using varius malware removal tools but as soon as I re-installed google toolbar it was back again.

Windows XP SP3 - IE8

How do I permanently remove the virus?

DDS and Security Check details below ...

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Steven Carr at 0:32:43 on 2012-04-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.92 [GMT 1:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Cobian Backup 9\Cobian.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hibs.net/forumdisplay.php?2-hibs.net-Main-Forum
uInternet Connection Wizard,ShellNext = hxxp://www.blueyonder.co.uk/
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [iKeyWorks] c:\progra~1\a4tech\keyboard\Ikeymain.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [ISW]
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Anvi Smart Defender] c:\program files\anvisoft\anvi smart defender\ASDTray.exe
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\windows\installer\{90280409-6000-11d3-8cfe-0050048383c9}\outicon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - c:\program files\ladbrokesmpp\MPPoker.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: emcs-netport.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1096842F-FEE8-11D2-965E-0010E3622565} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_RYD.cab
DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {1E89A357-CF86-11D1-8CAE-00805F93E2D7} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Wz01.cab
DPF: {219CF65A-B13C-11D2-8D4A-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb04.cab
DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - hxxp://louk.solidworks.com/htdocs/pdownload/edrawings/e2010sp0/cab//eModelsStandard.cab
DPF: {29166FB6-2AD6-11D2-8DB7-0001FAF8D270} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Wz06.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.co.uk/SnapfishUKActivia.cab
DPF: {498439C0-0921-11D3-9484-0001FAF8503C} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb10.cab
DPF: {4DE7E614-E69B-11D2-947C-0001FAF8503C} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb07.cab
DPF: {5915C16A-F555-11D1-8E31-08005AAA630C} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Wz05.cab
DPF: {5B2FD039-D08C-11D2-9FFD-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb08.cab
DPF: {5DD1BBF5-E4B2-11D1-9211-0004ACF75CFC} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Wz02.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129294742531
DPF: {6A863F66-CA4A-11D2-9FF9-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb05.cab
DPF: {6CAE02B8-EB30-11D1-8CE5-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_List.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.putfile.com/includes/ImageUploader4-5.cab
DPF: {74545298-2152-11D2-8D16-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Wz03.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8F78C964-B20B-11D2-8D4A-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb01.cab
DPF: {9D24756B-CBFC-11D2-9FFB-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb13.cab
DPF: {9E2D89BB-D888-11D2-A002-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb12.cab
DPF: {B37DB118-5623-11D3-8769-0010E36241AE} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Wz09.cab
DPF: {BBAE9E7E-3F7D-11D3-94B7-0001FAF8503C} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb16.cab
DPF: {C0E10B5C-DA42-11D3-9FED-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb02.cab
DPF: {C1BA9623-F27F-11D2-947D-0001FAF8503C} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb11.cab
DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} - hxxps://www.emcs-netport.com/viewer/activeXViewer/activexviewer.cab
DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} - hxxp://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
DPF: {C6726AD0-E1E0-11D2-929E-0004ACF75CFC} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb03.cab
DPF: {C6C07D4E-3911-11D2-8708-0001FAF8D5C4} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Wz07.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - hxxp://static.photobox.co.uk/sg/common/uploader.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D71A2028-D578-11D2-9FFF-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb14.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://flashpoker.ladbrokes.com/Ladbrokes/FlashAX.cab
DPF: {DF3AA904-233E-11D3-9495-0001FAF8503C} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb17.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yvwrctl.cab
DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} - hxxp://update.hpphoto.com/download/HPSWUpdate.ocx
DPF: {F0FB4064-2940-11D3-92B1-0004ACF75CFC} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb06.cab
DPF: {F3DAE1EA-01DA-11D2-8E33-08005AAA630C} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Wz04.cab
DPF: {F49159DA-E0C6-11D1-8E28-08005AAA630C} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Serv.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6B273A0F-2DB5-4223-A3BB-CED0E8ABB974} : DhcpNameServer = 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\steven carr\application data\mozilla\firefox\profiles\3gm0yefg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hibs.net/message/forumdisplay.php?f=2
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdbplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\alwil software\avast5\webrep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-1-20 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-13 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-9 337880]
R1 avfsmn;avfsmn;c:\windows\system32\drivers\avfsmn.sys [2012-4-18 17704]
R1 dk3drv;DK3 Windows NT Driver;c:\windows\system32\drivers\dk3drv.sys [2007-8-30 20792]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-9 20696]
R2 avhips;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\drivers\avhips.sys [2012-4-18 23848]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R3 hpnuhst;HP NUSB Host;c:\windows\system32\drivers\hpnuhst.sys [2010-3-13 12032]
R3 HPNUHUB;HP NUSB Hub;c:\windows\system32\drivers\hpnuhub.sys [2010-3-13 39424]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-18 22344]
S3 HPNUCMP;HP NUSB Composite;c:\windows\system32\drivers\hpnucmp.sys [2010-3-13 11648]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-23 15232]
S3 lredbooo;lredbooo;\??\c:\docume~1\steven~1\locals~1\temp\lredbooo.sys --> c:\docume~1\steven~1\locals~1\temp\lredbooo.sys [?]
S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2011-8-26 239600]
.
=============== Created Last 30 ================
.
2012-04-18 22:14:29 23848 ----a-w- c:\windows\system32\drivers\avhips.sys
2012-04-18 22:14:29 17704 ----a-w- c:\windows\system32\drivers\avfsmn.sys
2012-04-18 21:59:04 -------- d-----w- c:\documents and settings\steven carr\local settings\application data\Deployment
2012-04-18 14:01:06 -------- d-----w- c:\program files\Anvisoft
2012-04-18 13:40:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-18 13:33:42 -------- d-----w- c:\documents and settings\steven carr\application data\Malwarebytes
2012-04-18 13:33:29 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-04-18 13:33:28 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-18 13:33:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-17 13:02:29 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-04-17 13:02:29 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-26 15:41:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-03-26 15:41:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-03-08 20:24:02 26112 ----a-w- c:\windows\system32\userinit.exe
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-24 21:57:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-20 10:16:40 16432 ----a-w- c:\windows\system32\lsdelete.exe
.
============= FINISH: 0:39:55.26 ===============

Also did security check ...

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
AVG 2011
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Toolbar
ZoneAlarm Spy Blocker
ZoneAlarm Security
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
ZoneAlarm Spy Blocker
Java™ 6 Update 24
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player ( 10.0.12.36) Flash Player Out of Date!
Mozilla Firefox (3.0.6) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Malwarebytes' Anti-Malware mbamservice.exe
IObit IObit Malware Fighter IMFsrv.exe
Anvisoft Anvi Smart Defender ASDSrv.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
``````````End of Log````````````

Edited by cazshie, 18 April 2012 - 07:20 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~Budapest


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:56 PM

Posted 18 April 2012 - 11:41 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 cazshie

cazshie
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 19 April 2012 - 03:58 AM

Thanks for the reply Gringo.

One problem I am having after combofix is that opening IE it trys to redirect to an unsecure page? Actually, every new page I open a box pops up "You are about to leave a secure internet connection. It will be possible for others to see information you send. Do you want to continue?. .. YES .. NO .. MORE INFO.." (with tick box for In future do not show this warning)

Here is the combofix log.

ComboFix 12-04-19.01 - Steven Carr 19/04/2012 9:21.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.367 [GMT 1:00]
Running from: c:\documents and settings\Steven Carr\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Free Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Stephen\WINDOWS
c:\documents and settings\Steven Carr\Application Data\inst.exe
c:\documents and settings\Steven Carr\Recent\Thumbs.db
c:\documents and settings\Steven Carr\WINDOWS
c:\windows\dbxesellerate.exe
c:\windows\picn1020.dll
c:\windows\picn1120.dll
c:\windows\ST6UNST.000
c:\windows\system32\AutoRun.inf
c:\windows\system32\CddbCdda.dll
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\SET23C.tmp
c:\windows\system32\SET248.tmp
c:\windows\system32\SET255.tmp
c:\windows\system32\SET289.tmp
c:\windows\system32\SET28B.tmp
c:\windows\system32\SET28D.tmp
c:\windows\system32\SET28E.tmp
c:\windows\system32\SET445.tmp
c:\windows\system32\SET447.tmp
c:\windows\system32\SET44C.tmp
c:\windows\system32\SET453.tmp
c:\windows\system32\SET455.tmp
c:\windows\system32\SET45C.tmp
c:\windows\system32\SET45D.tmp
c:\windows\system32\SET45E.tmp
c:\windows\system32\SET461.tmp
c:\windows\system32\SET498.tmp
c:\windows\system32\SETD1.tmp
c:\windows\system32\SETD3.tmp
c:\windows\system32\usp10(3).dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-19 to 2012-04-19 )))))))))))))))))))))))))))))))
.
.
2012-04-18 22:14 . 2012-01-09 08:26 23848 ----a-w- c:\windows\system32\drivers\avhips.sys
2012-04-18 22:14 . 2012-01-09 08:26 17704 ----a-w- c:\windows\system32\drivers\avfsmn.sys
2012-04-18 21:59 . 2012-04-18 21:59 -------- d-----w- c:\documents and settings\Steven Carr\Local Settings\Application Data\Deployment
2012-04-18 14:01 . 2012-04-18 22:12 -------- d-----w- c:\program files\Anvisoft
2012-04-18 13:40 . 2012-04-18 13:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-18 13:33 . 2012-04-18 13:33 -------- d-----w- c:\documents and settings\Steven Carr\Application Data\Malwarebytes
2012-04-18 13:33 . 2012-04-18 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-18 13:33 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-18 13:33 . 2012-04-18 13:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-17 13:02 . 2012-04-17 13:02 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-26 15:41 . 2012-01-03 08:22 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-03-26 15:41 . 2012-01-03 08:22 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-08 20:24 . 2004-08-10 11:51 26112 ----a-w- c:\windows\system32\userinit.exe
2012-03-06 23:15 . 2010-11-09 17:56 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2010-11-09 17:56 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-06-13 07:45 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2010-11-09 17:56 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2010-11-09 17:56 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2010-11-09 17:56 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2010-11-09 17:56 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2010-11-09 17:56 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2010-11-09 17:56 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2010-11-09 17:56 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-01 11:01 . 2004-08-10 11:51 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-10 11:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-10 11:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-10 11:51 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-10 11:51 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-10 11:51 385024 ----a-w- c:\windows\system32\html.iec
2012-02-24 21:57 . 2011-06-07 07:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2004-08-10 11:51 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-20 10:16 . 2012-01-20 19:54 16432 ----a-w- c:\windows\system32\lsdelete.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 2048000]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"iKeyWorks"="c:\progra~1\A4Tech\Keyboard\Ikeymain.exe" [2004-08-31 61440]
"nwiz"="nwiz.exe" [2006-03-09 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-03-23 1398272]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-16 1325936]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-16 904840]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-16 136544]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-30 273528]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Anvi Smart Defender"="c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-02-03 715048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Microsoft Outlook.lnk - c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe [2009-7-24 114688]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-1-24 118784]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9438:TCP"= 9438:TCP:BitComet 9438 TCP
"9438:UDP"= 9438:UDP:BitComet 9438 UDP
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [20/01/2012 11:13 64512]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [26/08/2011 20:15 13496]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [13/06/2011 08:45 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [09/11/2010 18:56 337880]
R1 avfsmn;avfsmn;c:\windows\system32\drivers\avfsmn.sys [18/04/2012 23:14 17704]
R1 dk3drv;DK3 Windows NT Driver;c:\windows\system32\drivers\dk3drv.sys [30/08/2007 09:03 20792]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [29/11/2011 13:58 913752]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [03/02/2012 08:55 296232]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09/11/2010 18:56 20696]
R2 avhips;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\drivers\avhips.sys [18/04/2012 23:14 23848]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [26/08/2011 20:16 820568]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [03/11/2011 15:44 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [03/11/2011 15:44 497280]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18/04/2012 14:33 654408]
R2 Sage SData Service;Sage SData Service;c:\program files\Common Files\Sage SData\Sage.SData.Service.exe [21/08/2009 16:52 49152]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [16/10/2009 19:39 431456]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [23/01/2012 05:43 92592]
R3 hpnuhst;HP NUSB Host;c:\windows\system32\drivers\hpnuhst.sys [13/03/2010 18:40 12032]
R3 HPNUHUB;HP NUSB Hub;c:\windows\system32\drivers\hpnuhub.sys [13/03/2010 18:40 39424]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18/04/2012 14:33 22344]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [07/08/2009 19:40 47360]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18/04/2012 22:59 116648]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [23/12/2011 08:12 2152152]
S2 PIEUsb;Single Frame Film Scanner;c:\windows\system32\drivers\usbscan.sys [19/02/2008 23:26 15104]
S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [18/04/2012 22:59 116648]
S3 HPNUCMP;HP NUSB Composite;c:\windows\system32\drivers\hpnucmp.sys [13/03/2010 18:40 11648]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [23/12/2011 08:12 15232]
S3 lredbooo;lredbooo;\??\c:\docume~1\STEVEN~1\LOCALS~1\Temp\lredbooo.sys --> c:\docume~1\STEVEN~1\LOCALS~1\Temp\lredbooo.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [12/08/2010 00:34 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [12/08/2010 00:34 8320]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [10/08/2004 12:51 14336]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [26/08/2011 20:16 30368]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [26/08/2011 20:16 16080]
S4 Bt042nl;Bt042nl; [x]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [26/08/2011 20:16 239600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
HPService REG_MULTI_SZ HPSLPSVC
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 10:16]
.
2012-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:57]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-18 21:59]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-18 21:59]
.
2012-04-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 13:40]
.
2012-04-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2722381666-273064381-2530740262-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 13:40]
.
2012-04-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2722381666-273064381-2530740262-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 13:40]
.
2012-04-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 13:40]
.
2012-04-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2722381666-273064381-2530740262-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 13:40]
.
2012-04-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2722381666-273064381-2530740262-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 13:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hibs.net/forumdisplay.php?2-hibs.net-Main-Forum
uInternet Connection Wizard,ShellNext = hxxp://www.blueyonder.co.uk/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: emcs-netport.com\www
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1096842F-FEE8-11D2-965E-0010E3622565} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_RYD.cab
DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
DPF: {1E89A357-CF86-11D1-8CAE-00805F93E2D7} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Wz01.cab
DPF: {219CF65A-B13C-11D2-8D4A-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb04.cab
DPF: {29166FB6-2AD6-11D2-8DB7-0001FAF8D270} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Wz06.cab
DPF: {498439C0-0921-11D3-9484-0001FAF8503C} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb10.cab
DPF: {4DE7E614-E69B-11D2-947C-0001FAF8503C} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb07.cab
DPF: {5915C16A-F555-11D1-8E31-08005AAA630C} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Wz05.cab
DPF: {5B2FD039-D08C-11D2-9FFD-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb08.cab
DPF: {5DD1BBF5-E4B2-11D1-9211-0004ACF75CFC} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Wz02.cab
DPF: {6A863F66-CA4A-11D2-9FF9-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb05.cab
DPF: {6CAE02B8-EB30-11D1-8CE5-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_List.cab
DPF: {74545298-2152-11D2-8D16-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Wz03.cab
DPF: {8F78C964-B20B-11D2-8D4A-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb01.cab
DPF: {9D24756B-CBFC-11D2-9FFB-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb13.cab
DPF: {9E2D89BB-D888-11D2-A002-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb12.cab
DPF: {B37DB118-5623-11D3-8769-0010E36241AE} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Wz09.cab
DPF: {BBAE9E7E-3F7D-11D3-94B7-0001FAF8503C} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb16.cab
DPF: {C0E10B5C-DA42-11D3-9FED-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb02.cab
DPF: {C1BA9623-F27F-11D2-947D-0001FAF8503C} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb11.cab
DPF: {C6726AD0-E1E0-11D2-929E-0004ACF75CFC} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb03.cab
DPF: {C6C07D4E-3911-11D2-8708-0001FAF8D5C4} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Wz07.cab
DPF: {D71A2028-D578-11D2-9FFF-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb14.cab
DPF: {DF3AA904-233E-11D3-9495-0001FAF8503C} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb17.cab
DPF: {F0FB4064-2940-11D3-92B1-0004ACF75CFC} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb06.cab
DPF: {F3DAE1EA-01DA-11D2-8E33-08005AAA630C} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Wz04.cab
DPF: {F49159DA-E0C6-11D1-8E28-08005AAA630C} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Serv.cab
FF - ProfilePath - c:\documents and settings\Steven Carr\Application Data\Mozilla\Firefox\Profiles\3gm0yefg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hibs.net/message/forumdisplay.php?f=2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-ISW - (no file)
SafeBoot-43433396.sys
AddRemove-DVD Shrink_is1 - c:\program files\DVD Shrink\unins000.exe
AddRemove-Easy Video Joiner_is1 - c:\program files\Easy Video Joiner\unins001.exe
AddRemove-Ruslan Russian 1 demo_is1 - c:\r1demo\unins000.exe
AddRemove-Ruslan Russian 1 version 4.0_is1 - c:\program files\Ruslan14\unins000.exe
AddRemove-Ruslan Russian 2 version 4.1_is1 - c:\program files\Ruslan24\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-19 09:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,a4,f4,7b,e5,3b,15,45,9a,8b,c0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,a4,f4,7b,e5,3b,15,45,9a,8b,c0,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1220)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(1280)
c:\windows\system32\relog_ap.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2012-04-19 09:51:36
ComboFix-quarantined-files.txt 2012-04-19 08:51
.
Pre-Run: 224,571,596,800 bytes free
Post-Run: 225,665,208,320 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - FC712D51A2E768F8ED61D411921B063D

Edited by cazshie, 19 April 2012 - 04:32 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:56 PM

Posted 19 April 2012 - 05:28 AM

Greetings

One problem I am having after combofix is that opening IE it trys to redirect to an unsecure page? Actually, every new page I open a box pops up "You are about to leave a secure internet connection. It will be possible for others to see information you send. Do you want to continue?. .. YES .. NO .. MORE INFO.." (with tick box for In future do not show this warning)

this is normal and was reset by combofix - put a checkmark in don't show me again

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 cazshie

cazshie
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 19 April 2012 - 07:47 AM

Thanks for the reply, below are the reports.

The tdsskiller did not find any threats.


13:04:41.0846 4712 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
13:04:43.0690 4712 ============================================================
13:04:43.0690 4712 Current date / time: 2012/04/19 13:04:43.0690
13:04:43.0690 4712 SystemInfo:
13:04:43.0690 4712
13:04:43.0690 4712 OS Version: 5.1.2600 ServicePack: 3.0
13:04:43.0690 4712 Product type: Workstation
13:04:43.0690 4712 ComputerName: STEVEN
13:04:43.0690 4712 UserName: Steven Carr
13:04:43.0690 4712 Windows directory: C:\WINDOWS
13:04:43.0690 4712 System windows directory: C:\WINDOWS
13:04:43.0690 4712 Processor architecture: Intel x86
13:04:43.0690 4712 Number of processors: 2
13:04:43.0690 4712 Page size: 0x1000
13:04:43.0690 4712 Boot type: Normal boot
13:04:43.0690 4712 ============================================================
13:04:44.0581 4712 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:04:44.0612 4712 \Device\Harddisk0\DR0:
13:04:44.0612 4712 MBR used
13:04:44.0612 4712 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x56496, BlocksNum 0x39071BA4
13:04:44.0690 4712 Initialize success
13:04:44.0690 4712 ============================================================
13:04:51.0268 4752 ============================================================
13:04:51.0268 4752 Scan started
13:04:51.0268 4752 Mode: Manual;
13:04:51.0268 4752 ============================================================
13:04:52.0393 4752 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
13:04:52.0393 4752 61883 - ok
13:04:52.0518 4752 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
13:04:52.0518 4752 Aavmker4 - ok
13:04:52.0549 4752 Abiosdsk - ok
13:04:52.0596 4752 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:04:52.0596 4752 abp480n5 - ok
13:04:52.0612 4752 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:04:52.0612 4752 ACPI - ok
13:04:52.0659 4752 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:04:52.0659 4752 ACPIEC - ok
13:04:52.0706 4752 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:04:52.0706 4752 adpu160m - ok
13:04:52.0831 4752 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
13:04:52.0831 4752 AdvancedSystemCareService5 - ok
13:04:52.0893 4752 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:04:52.0893 4752 aec - ok
13:04:52.0940 4752 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:04:52.0940 4752 AFD - ok
13:04:52.0987 4752 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:04:52.0987 4752 agp440 - ok
13:04:53.0003 4752 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:04:53.0003 4752 agpCPQ - ok
13:04:53.0096 4752 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:04:53.0096 4752 Aha154x - ok
13:04:53.0159 4752 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:04:53.0159 4752 aic78u2 - ok
13:04:53.0206 4752 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:04:53.0206 4752 aic78xx - ok
13:04:53.0253 4752 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:04:53.0268 4752 Alerter - ok
13:04:53.0299 4752 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:04:53.0299 4752 ALG - ok
13:04:53.0331 4752 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
13:04:53.0331 4752 AliIde - ok
13:04:53.0346 4752 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:04:53.0346 4752 alim1541 - ok
13:04:53.0362 4752 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:04:53.0378 4752 amdagp - ok
13:04:53.0424 4752 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
13:04:53.0424 4752 amsint - ok
13:04:53.0549 4752 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:04:53.0549 4752 Apple Mobile Device - ok
13:04:53.0565 4752 AppMgmt - ok
13:04:53.0612 4752 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:04:53.0612 4752 Arp1394 - ok
13:04:53.0674 4752 ASAPIW2K (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\Drivers\ASAPIW2K.sys
13:04:53.0674 4752 ASAPIW2K - ok
13:04:53.0706 4752 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
13:04:53.0706 4752 asc - ok
13:04:53.0721 4752 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:04:53.0721 4752 asc3350p - ok
13:04:53.0737 4752 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:04:53.0737 4752 asc3550 - ok
13:04:53.0846 4752 asdsrv (2be4aa54c7728b7a432713961b09fa89) C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
13:04:53.0862 4752 asdsrv - ok
13:04:53.0971 4752 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:04:54.0018 4752 aspnet_state - ok
13:04:54.0143 4752 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
13:04:54.0143 4752 aswFsBlk - ok
13:04:54.0174 4752 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
13:04:54.0174 4752 aswMon2 - ok
13:04:54.0206 4752 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
13:04:54.0206 4752 aswRdr - ok
13:04:54.0253 4752 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
13:04:54.0268 4752 aswSnx - ok
13:04:54.0299 4752 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
13:04:54.0299 4752 aswSP - ok
13:04:54.0315 4752 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
13:04:54.0315 4752 aswTdi - ok
13:04:54.0378 4752 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:04:54.0378 4752 AsyncMac - ok
13:04:54.0393 4752 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:04:54.0393 4752 atapi - ok
13:04:54.0409 4752 Atdisk - ok
13:04:54.0456 4752 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:04:54.0456 4752 Atmarpc - ok
13:04:54.0487 4752 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:04:54.0503 4752 AudioSrv - ok
13:04:54.0534 4752 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:04:54.0534 4752 audstub - ok
13:04:54.0612 4752 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
13:04:54.0612 4752 avast! Antivirus - ok
13:04:54.0659 4752 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
13:04:54.0659 4752 Avc - ok
13:04:54.0706 4752 avfsmn (0dd083cf4f58bd8aae850d3931f1aa98) C:\WINDOWS\system32\DRIVERS\avfsmn.sys
13:04:54.0706 4752 avfsmn - ok
13:04:54.0737 4752 avhips (908604bc15c3aa0052c791cb31e732a3) C:\WINDOWS\system32\DRIVERS\avhips.sys
13:04:54.0737 4752 avhips - ok
13:04:54.0768 4752 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:04:54.0768 4752 Beep - ok
13:04:54.0815 4752 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:04:55.0018 4752 BITS - ok
13:04:55.0128 4752 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:04:55.0128 4752 Bonjour Service - ok
13:04:55.0206 4752 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
13:04:55.0221 4752 Browser - ok
13:04:55.0299 4752 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
13:04:55.0315 4752 BthEnum - ok
13:04:55.0331 4752 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
13:04:55.0331 4752 BthPan - ok
13:04:55.0393 4752 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
13:04:55.0393 4752 BTHPORT - ok
13:04:55.0440 4752 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
13:04:55.0440 4752 BthServ - ok
13:04:55.0471 4752 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
13:04:55.0471 4752 BTHUSB - ok
13:04:55.0471 4752 BVRPMPR5 - ok
13:04:55.0487 4752 bvrp_pci - ok
13:04:55.0612 4752 catchme - ok
13:04:55.0628 4752 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:04:55.0643 4752 cbidf - ok
13:04:55.0659 4752 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:04:55.0659 4752 cbidf2k - ok
13:04:55.0690 4752 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:04:55.0690 4752 CCDECODE - ok
13:04:55.0753 4752 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:04:55.0753 4752 cd20xrnt - ok
13:04:55.0815 4752 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:04:55.0815 4752 Cdaudio - ok
13:04:55.0878 4752 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:04:55.0878 4752 Cdfs - ok
13:04:55.0893 4752 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:04:55.0893 4752 Cdrom - ok
13:04:55.0909 4752 Changer - ok
13:04:55.0956 4752 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:04:55.0956 4752 CiSvc - ok
13:04:55.0956 4752 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:04:55.0971 4752 ClipSrv - ok
13:04:56.0081 4752 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:04:56.0190 4752 clr_optimization_v2.0.50727_32 - ok
13:04:56.0221 4752 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:04:56.0237 4752 CmdIde - ok
13:04:56.0284 4752 com0com (e3d0dc2e7250feba831e850512ef3f82) C:\WINDOWS\system32\DRIVERS\com0com.sys
13:04:56.0284 4752 com0com - ok
13:04:56.0299 4752 COMSysApp - ok
13:04:56.0315 4752 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:04:56.0315 4752 Cpqarray - ok
13:04:56.0362 4752 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.exe
13:04:56.0362 4752 Creative Service for CDROM Access - ok
13:04:56.0409 4752 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:04:56.0409 4752 CryptSvc - ok
13:04:56.0424 4752 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:04:56.0440 4752 dac2w2k - ok
13:04:56.0456 4752 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:04:56.0456 4752 dac960nt - ok
13:04:56.0503 4752 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:04:56.0549 4752 DcomLaunch - ok
13:04:56.0581 4752 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:04:56.0596 4752 Dhcp - ok
13:04:56.0628 4752 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:04:56.0628 4752 Disk - ok
13:04:56.0674 4752 dk3drv (bcd8a24f0664c7dc97b6e75467c1f7df) C:\WINDOWS\SYSTEM32\Drivers\dk3drv.sys
13:04:56.0674 4752 dk3drv - ok
13:04:56.0690 4752 dmadmin - ok
13:04:56.0721 4752 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:04:56.0737 4752 dmboot - ok
13:04:56.0753 4752 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:04:56.0753 4752 dmio - ok
13:04:56.0768 4752 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:04:56.0768 4752 dmload - ok
13:04:56.0815 4752 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:04:56.0815 4752 dmserver - ok
13:04:56.0846 4752 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:04:56.0846 4752 DMusic - ok
13:04:56.0878 4752 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
13:04:56.0878 4752 Dnscache - ok
13:04:56.0924 4752 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:04:56.0940 4752 Dot3svc - ok
13:04:56.0940 4752 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:04:56.0956 4752 dpti2o - ok
13:04:56.0987 4752 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:04:56.0987 4752 drmkaud - ok
13:04:57.0049 4752 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:04:57.0049 4752 E100B - ok
13:04:57.0081 4752 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:04:57.0081 4752 EapHost - ok
13:04:57.0128 4752 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:04:57.0128 4752 ERSvc - ok
13:04:57.0190 4752 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:04:57.0221 4752 Eventlog - ok
13:04:57.0253 4752 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
13:04:57.0268 4752 EventSystem - ok
13:04:57.0315 4752 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:04:57.0315 4752 Fastfat - ok
13:04:57.0346 4752 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:04:57.0378 4752 FastUserSwitchingCompatibility - ok
13:04:57.0424 4752 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
13:04:57.0424 4752 Fax - ok
13:04:57.0440 4752 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:04:57.0440 4752 Fdc - ok
13:04:57.0628 4752 FileMonitor (c21fc36d3cd28c2726fee10d397216c7) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
13:04:57.0628 4752 FileMonitor - ok
13:04:57.0659 4752 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:04:57.0659 4752 Fips - ok
13:04:57.0674 4752 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:04:57.0674 4752 Flpydisk - ok
13:04:57.0721 4752 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:04:57.0721 4752 FltMgr - ok
13:04:57.0815 4752 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:04:57.0815 4752 FontCache3.0.0.0 - ok
13:04:57.0846 4752 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:04:57.0846 4752 Fs_Rec - ok
13:04:57.0878 4752 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:04:57.0878 4752 Ftdisk - ok
13:04:57.0924 4752 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:04:57.0924 4752 GEARAspiWDM - ok
13:04:58.0003 4752 getPlusHelper (0879dc7444a201df84e69c5dd5083d61) C:\Program Files\NOS\bin\getPlus_Helper.dll
13:04:58.0003 4752 getPlusHelper - ok
13:04:58.0065 4752 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:04:58.0065 4752 Gpc - ok
13:04:58.0159 4752 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
13:04:58.0159 4752 gupdate - ok
13:04:58.0159 4752 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
13:04:58.0159 4752 gupdatem - ok
13:04:58.0206 4752 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:04:58.0221 4752 gusvc - ok
13:04:58.0253 4752 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:04:58.0268 4752 HDAudBus - ok
13:04:58.0346 4752 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:04:58.0346 4752 helpsvc - ok
13:04:58.0378 4752 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
13:04:58.0378 4752 HidServ - ok
13:04:58.0424 4752 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:04:58.0424 4752 HidUsb - ok
13:04:58.0456 4752 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:04:58.0471 4752 hkmsvc - ok
13:04:58.0503 4752 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
13:04:58.0503 4752 hpn - ok
13:04:58.0534 4752 HPNUCMP (7cd1be2631f98cabda8254154e913835) C:\WINDOWS\system32\DRIVERS\hpnucmp.sys
13:04:58.0534 4752 HPNUCMP - ok
13:04:58.0581 4752 hpnuhst (ac6abca57a9ca35dca94f9d0c60758bf) C:\WINDOWS\system32\DRIVERS\hpnuhst.sys
13:04:58.0581 4752 hpnuhst - ok
13:04:58.0596 4752 HPNUHUB (b5195883028b927cf05bfeddd6e80265) C:\WINDOWS\system32\DRIVERS\hpnuhub.sys
13:04:58.0612 4752 HPNUHUB - ok
13:04:58.0706 4752 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:04:58.0706 4752 hpqcxs08 - ok
13:04:58.0753 4752 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:04:58.0753 4752 hpqddsvc - ok
13:04:58.0799 4752 HPSLPSVC (79737e0f7d25de8405cb34d4c9882253) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
13:04:58.0799 4752 HPSLPSVC - ok
13:04:58.0846 4752 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:04:58.0846 4752 HPZid412 - ok
13:04:58.0862 4752 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:04:58.0862 4752 HPZipr12 - ok
13:04:58.0878 4752 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:04:58.0878 4752 HPZius12 - ok
13:04:58.0924 4752 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:04:58.0924 4752 HTTP - ok
13:04:58.0940 4752 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:04:58.0971 4752 HTTPFilter - ok
13:04:59.0003 4752 hwdatacard (53f1160666435151b6fcf89d015fe620) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
13:04:59.0003 4752 hwdatacard - ok
13:04:59.0065 4752 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:04:59.0065 4752 i2omgmt - ok
13:04:59.0112 4752 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:04:59.0112 4752 i2omp - ok
13:04:59.0128 4752 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:04:59.0128 4752 i8042prt - ok
13:04:59.0206 4752 IAANTMon (5400c14134e7d6a0069c46febcb2dddf) C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
13:04:59.0206 4752 IAANTMon - ok
13:04:59.0253 4752 iastor (d593517879e65167df35f6015814ac59) C:\WINDOWS\system32\drivers\iastor.sys
13:04:59.0253 4752 iastor - ok
13:04:59.0346 4752 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
13:04:59.0346 4752 IDriverT - ok
13:04:59.0440 4752 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:04:59.0456 4752 idsvc - ok
13:04:59.0503 4752 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:04:59.0503 4752 Imapi - ok
13:04:59.0534 4752 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
13:04:59.0549 4752 ImapiService - ok
13:04:59.0690 4752 IMFservice (1f0aedcbd294a0a3b479896b278ad343) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
13:04:59.0706 4752 IMFservice - ok
13:04:59.0753 4752 InCDfs (d8a77fc386f9297ce4b692fc83b4ba02) C:\WINDOWS\system32\drivers\InCDfs.sys
13:04:59.0753 4752 InCDfs - ok
13:04:59.0784 4752 InCDPass (433bb499bcea1c88b55aa67d1b3ef1dc) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
13:04:59.0784 4752 InCDPass - ok
13:04:59.0799 4752 InCDrec (12dbb035cd2ed0313fab864470f31c23) C:\WINDOWS\system32\drivers\InCDrec.sys
13:04:59.0799 4752 InCDrec - ok
13:04:59.0846 4752 incdrm (9d1adfe6ce5c2e2a42f3b8aa57821d87) C:\WINDOWS\system32\drivers\incdrm.sys
13:04:59.0846 4752 incdrm - ok
13:04:59.0924 4752 InCDsrv (394bf2329ac168f253c74e1eead15fac) C:\Program Files\Ahead\InCD\InCDsrv.exe
13:04:59.0924 4752 InCDsrv - ok
13:04:59.0971 4752 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:04:59.0971 4752 ini910u - ok
13:05:00.0018 4752 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
13:05:00.0049 4752 IntelC51 - ok
13:05:00.0065 4752 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
13:05:00.0081 4752 IntelC52 - ok
13:05:00.0112 4752 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
13:05:00.0112 4752 IntelC53 - ok
13:05:00.0143 4752 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:05:00.0143 4752 IntelIde - ok
13:05:00.0174 4752 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:05:00.0190 4752 intelppm - ok
13:05:00.0190 4752 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:05:00.0206 4752 Ip6Fw - ok
13:05:00.0221 4752 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:05:00.0221 4752 IpFilterDriver - ok
13:05:00.0237 4752 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:05:00.0237 4752 IpInIp - ok
13:05:00.0253 4752 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:05:00.0268 4752 IpNat - ok
13:05:00.0315 4752 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
13:05:00.0331 4752 iPod Service - ok
13:05:00.0346 4752 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:05:00.0346 4752 IPSec - ok
13:05:00.0378 4752 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:05:00.0378 4752 IRENUM - ok
13:05:00.0393 4752 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:05:00.0393 4752 isapnp - ok
13:05:00.0456 4752 ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
13:05:00.0456 4752 ISWKL - ok
13:05:00.0471 4752 IswSvc (5b2ccef06f96dfb22893ab8f0b3f891d) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
13:05:00.0487 4752 IswSvc - ok
13:05:00.0565 4752 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
13:05:00.0565 4752 JavaQuickStarterService - ok
13:05:00.0596 4752 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:05:00.0596 4752 Kbdclass - ok
13:05:00.0612 4752 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:05:00.0612 4752 kbdhid - ok
13:05:00.0643 4752 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:05:00.0643 4752 kmixer - ok
13:05:00.0674 4752 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:05:00.0690 4752 KSecDD - ok
13:05:00.0721 4752 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
13:05:00.0737 4752 lanmanserver - ok
13:05:00.0784 4752 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
13:05:00.0799 4752 lanmanworkstation - ok
13:05:00.0971 4752 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
13:05:00.0987 4752 Lavasoft Ad-Aware Service - ok
13:05:01.0018 4752 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
13:05:01.0018 4752 Lavasoft Kernexplorer - ok
13:05:01.0081 4752 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
13:05:01.0081 4752 Lbd - ok
13:05:01.0096 4752 lbrtfdc - ok
13:05:01.0143 4752 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:05:01.0143 4752 LmHosts - ok
13:05:01.0284 4752 lredbooo - ok
13:05:01.0331 4752 MarvinBus (269c14d512b74cc28d2812ff7d1eb066) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
13:05:01.0331 4752 MarvinBus - ok
13:05:01.0378 4752 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
13:05:01.0378 4752 MBAMProtector - ok
13:05:01.0424 4752 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:05:01.0440 4752 MBAMService - ok
13:05:01.0503 4752 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
13:05:01.0503 4752 MDM - ok
13:05:01.0549 4752 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
13:05:01.0549 4752 Messenger - ok
13:05:01.0596 4752 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:05:01.0596 4752 mnmdd - ok
13:05:01.0628 4752 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
13:05:01.0643 4752 mnmsrvc - ok
13:05:01.0690 4752 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:05:01.0690 4752 Modem - ok
13:05:01.0706 4752 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
13:05:01.0706 4752 MODEMCSA - ok
13:05:01.0721 4752 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
13:05:01.0721 4752 mohfilt - ok
13:05:01.0768 4752 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:05:01.0768 4752 Mouclass - ok
13:05:01.0784 4752 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:05:01.0784 4752 mouhid - ok
13:05:01.0799 4752 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:05:01.0815 4752 MountMgr - ok
13:05:01.0831 4752 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:05:01.0831 4752 mraid35x - ok
13:05:01.0846 4752 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:05:01.0846 4752 MRxDAV - ok
13:05:01.0909 4752 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:05:01.0924 4752 MRxSmb - ok
13:05:01.0956 4752 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
13:05:01.0971 4752 MSDTC - ok
13:05:01.0987 4752 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
13:05:01.0987 4752 MSDV - ok
13:05:02.0003 4752 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:05:02.0003 4752 Msfs - ok
13:05:02.0018 4752 MSIServer - ok
13:05:02.0081 4752 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:05:02.0081 4752 MSKSSRV - ok
13:05:02.0096 4752 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:05:02.0096 4752 MSPCLOCK - ok
13:05:02.0143 4752 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:05:02.0143 4752 MSPQM - ok
13:05:02.0190 4752 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:05:02.0190 4752 mssmbios - ok
13:05:02.0206 4752 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:05:02.0206 4752 MSTEE - ok
13:05:02.0237 4752 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:05:02.0237 4752 Mup - ok
13:05:02.0268 4752 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:05:02.0268 4752 NABTSFEC - ok
13:05:02.0315 4752 NAL (9121d8ffff773c66bbf4955e4f7aac23) C:\WINDOWS\system32\Drivers\iqvw32.sys
13:05:02.0315 4752 NAL - ok
13:05:02.0362 4752 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:05:02.0378 4752 napagent - ok
13:05:02.0393 4752 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:05:02.0409 4752 NDIS - ok
13:05:02.0424 4752 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
13:05:02.0424 4752 ndiscm - ok
13:05:02.0440 4752 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:05:02.0440 4752 NdisIP - ok
13:05:02.0487 4752 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:05:02.0487 4752 NdisTapi - ok
13:05:02.0503 4752 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:05:02.0503 4752 Ndisuio - ok
13:05:02.0518 4752 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:05:02.0518 4752 NdisWan - ok
13:05:02.0565 4752 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:05:02.0565 4752 NDProxy - ok
13:05:02.0612 4752 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\WINDOWS\system32\HPZinw12.dll
13:05:02.0612 4752 Net Driver HPZ12 - ok
13:05:02.0628 4752 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:05:02.0643 4752 NetBIOS - ok
13:05:02.0659 4752 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:05:02.0659 4752 NetBT - ok
13:05:02.0690 4752 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:05:02.0706 4752 NetDDE - ok
13:05:02.0721 4752 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:05:02.0721 4752 NetDDEdsdm - ok
13:05:02.0768 4752 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:05:02.0768 4752 Netlogon - ok
13:05:02.0815 4752 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:05:02.0831 4752 Netman - ok
13:05:02.0924 4752 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:05:02.0940 4752 NetTcpPortSharing - ok
13:05:02.0971 4752 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:05:02.0971 4752 NIC1394 - ok
13:05:03.0018 4752 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
13:05:03.0034 4752 Nla - ok
13:05:03.0081 4752 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
13:05:03.0081 4752 nmwcd - ok
13:05:03.0112 4752 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
13:05:03.0112 4752 nmwcdc - ok
13:05:03.0159 4752 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
13:05:03.0159 4752 nmwcdnsu - ok
13:05:03.0206 4752 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
13:05:03.0206 4752 nmwcdnsuc - ok
13:05:03.0268 4752 nosGetPlusHelper (f44addbf29905cb19f52fc9fe6a0efa1) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
13:05:03.0268 4752 nosGetPlusHelper - ok
13:05:03.0346 4752 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:05:03.0346 4752 Npfs - ok
13:05:03.0393 4752 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:05:03.0409 4752 Ntfs - ok
13:05:03.0456 4752 NTIDrvr (3c25d8a23c366fbe1511b4a250a1a2ad) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
13:05:03.0471 4752 NTIDrvr - ok
13:05:03.0534 4752 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:05:03.0534 4752 NtLmSsp - ok
13:05:03.0612 4752 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:05:03.0628 4752 NtmsSvc - ok
13:05:03.0659 4752 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:05:03.0659 4752 Null - ok
13:05:03.0799 4752 nv (29b9163a6d9c486dcaefed190130acb0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:05:03.0862 4752 nv - ok
13:05:03.0909 4752 NVSvc (aa78c4677e06cfd4fe048718ee7f6332) C:\WINDOWS\system32\nvsvc32.exe
13:05:03.0924 4752 NVSvc - ok
13:05:03.0940 4752 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:05:03.0956 4752 NwlnkFlt - ok
13:05:03.0971 4752 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:05:03.0971 4752 NwlnkFwd - ok
13:05:04.0003 4752 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:05:04.0003 4752 ohci1394 - ok
13:05:04.0081 4752 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
13:05:04.0081 4752 omci - ok
13:05:04.0143 4752 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:05:04.0143 4752 Parport - ok
13:05:04.0159 4752 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:05:04.0159 4752 PartMgr - ok
13:05:04.0174 4752 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:05:04.0174 4752 ParVdm - ok
13:05:04.0237 4752 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
13:05:04.0237 4752 pccsmcfd - ok
13:05:04.0253 4752 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:05:04.0253 4752 PCI - ok
13:05:04.0268 4752 PCIDump - ok
13:05:04.0284 4752 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:05:04.0284 4752 PCIIde - ok
13:05:04.0315 4752 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
13:05:04.0315 4752 PCLEPCI - ok
13:05:04.0331 4752 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:05:04.0346 4752 Pcmcia - ok
13:05:04.0393 4752 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
13:05:04.0393 4752 pcouffin - ok
13:05:04.0409 4752 PDCOMP - ok
13:05:04.0424 4752 PDFRAME - ok
13:05:04.0440 4752 PDRELI - ok
13:05:04.0456 4752 PDRFRAME - ok
13:05:04.0471 4752 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
13:05:04.0471 4752 perc2 - ok
13:05:04.0487 4752 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:05:04.0487 4752 perc2hib - ok
13:05:04.0596 4752 PIEUsb (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\Drivers\usbscan.sys
13:05:04.0596 4752 PIEUsb - ok
13:05:04.0643 4752 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:05:04.0659 4752 PlugPlay - ok
13:05:04.0706 4752 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\WINDOWS\system32\HPZipm12.dll
13:05:04.0706 4752 Pml Driver HPZ12 - ok
13:05:04.0737 4752 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:05:04.0737 4752 PolicyAgent - ok
13:05:04.0768 4752 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:05:04.0784 4752 PptpMiniport - ok
13:05:04.0799 4752 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:05:04.0799 4752 ProtectedStorage - ok
13:05:04.0831 4752 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:05:04.0831 4752 PSched - ok
13:05:04.0846 4752 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:05:04.0862 4752 Ptilink - ok
13:05:04.0909 4752 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:05:04.0909 4752 PxHelp20 - ok
13:05:04.0940 4752 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:05:04.0940 4752 ql1080 - ok
13:05:04.0956 4752 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:05:04.0956 4752 Ql10wnt - ok
13:05:04.0971 4752 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:05:04.0971 4752 ql12160 - ok
13:05:04.0987 4752 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:05:05.0003 4752 ql1240 - ok
13:05:05.0018 4752 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:05:05.0018 4752 ql1280 - ok
13:05:05.0049 4752 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:05:05.0049 4752 RasAcd - ok
13:05:05.0081 4752 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:05:05.0096 4752 RasAuto - ok
13:05:05.0128 4752 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:05:05.0128 4752 Rasl2tp - ok
13:05:05.0190 4752 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:05:05.0206 4752 RasMan - ok
13:05:05.0221 4752 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:05:05.0221 4752 RasPppoe - ok
13:05:05.0237 4752 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:05:05.0237 4752 Raspti - ok
13:05:05.0268 4752 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:05:05.0268 4752 Rdbss - ok
13:05:05.0299 4752 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:05:05.0299 4752 RDPCDD - ok
13:05:05.0362 4752 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:05:05.0362 4752 rdpdr - ok
13:05:05.0424 4752 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
13:05:05.0424 4752 RDPWD - ok
13:05:05.0456 4752 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:05:05.0471 4752 RDSessMgr - ok
13:05:05.0487 4752 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:05:05.0503 4752 redbook - ok
13:05:05.0628 4752 RegFilter (3bc05ec17f0a2bf4f141cb3d3390515e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
13:05:05.0628 4752 RegFilter - ok
13:05:05.0674 4752 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:05:05.0690 4752 RemoteAccess - ok
13:05:05.0737 4752 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
13:05:05.0737 4752 RFCOMM - ok
13:05:05.0768 4752 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
13:05:05.0768 4752 RpcLocator - ok
13:05:05.0831 4752 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
13:05:05.0846 4752 RpcSs - ok
13:05:05.0878 4752 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:05:05.0893 4752 RSVP - ok
13:05:05.0987 4752 Sage SData Service (daf4d47e625670f3952687210100d2cb) C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
13:05:05.0987 4752 Sage SData Service - ok
13:05:06.0034 4752 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:05:06.0034 4752 SamSs - ok
13:05:06.0143 4752 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:05:06.0159 4752 SCardSvr - ok
13:05:06.0237 4752 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:05:06.0253 4752 Schedule - ok
13:05:06.0299 4752 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:05:06.0315 4752 Secdrv - ok
13:05:06.0331 4752 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:05:06.0346 4752 seclogon - ok
13:05:06.0346 4752 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
13:05:06.0362 4752 SENS - ok
13:05:06.0393 4752 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:05:06.0393 4752 serenum - ok
13:05:06.0424 4752 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:05:06.0424 4752 Serial - ok
13:05:06.0518 4752 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
13:05:06.0518 4752 ServiceLayer - ok
13:05:06.0565 4752 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
13:05:06.0565 4752 Sfloppy - ok
13:05:06.0612 4752 SgtSch2Svc (c240035fb95c2faef99cfc2403edcd46) C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
13:05:06.0628 4752 SgtSch2Svc - ok
13:05:06.0674 4752 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
13:05:06.0674 4752 SharedAccess - ok
13:05:06.0721 4752 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:05:06.0737 4752 ShellHWDetection - ok
13:05:06.0753 4752 Simbad - ok
13:05:06.0784 4752 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:05:06.0799 4752 sisagp - ok
13:05:06.0815 4752 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:05:06.0831 4752 SLIP - ok
13:05:06.0878 4752 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
13:05:06.0878 4752 SmartDefragDriver - ok
13:05:06.0909 4752 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\WINDOWS\system32\DRIVERS\snapman.sys
13:05:06.0924 4752 snapman - ok
13:05:06.0987 4752 SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
13:05:07.0003 4752 SolidWorks Licensing Service - ok
13:05:07.0018 4752 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:05:07.0034 4752 Sparrow - ok
13:05:07.0065 4752 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:05:07.0065 4752 splitter - ok
13:05:07.0128 4752 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:05:07.0143 4752 Spooler - ok
13:05:07.0159 4752 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:05:07.0159 4752 sr - ok
13:05:07.0174 4752 srescan - ok
13:05:07.0237 4752 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
13:05:07.0253 4752 srservice - ok
13:05:07.0284 4752 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:05:07.0299 4752 Srv - ok
13:05:07.0315 4752 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:05:07.0331 4752 SSDPSRV - ok
13:05:07.0409 4752 STHDA (352b663a81402be7cd7bd4ea27c9998c) C:\WINDOWS\system32\drivers\sthda.sys
13:05:07.0409 4752 STHDA - ok
13:05:07.0440 4752 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:05:07.0456 4752 stisvc - ok
13:05:07.0565 4752 stllssvr (e5ff667e416dac99bff16b626234a379) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
13:05:07.0565 4752 stllssvr - ok
13:05:07.0581 4752 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:05:07.0581 4752 streamip - ok
13:05:07.0612 4752 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:05:07.0612 4752 swenum - ok
13:05:07.0643 4752 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:05:07.0659 4752 swmidi - ok
13:05:07.0674 4752 SwPrv - ok
13:05:07.0706 4752 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
13:05:07.0706 4752 symc810 - ok
13:05:07.0721 4752 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:05:07.0721 4752 symc8xx - ok
13:05:07.0737 4752 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:05:07.0737 4752 sym_hi - ok
13:05:07.0753 4752 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:05:07.0768 4752 sym_u3 - ok
13:05:07.0784 4752 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:05:07.0784 4752 sysaudio - ok
13:05:07.0831 4752 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:05:07.0846 4752 SysmonLog - ok
13:05:07.0893 4752 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:05:07.0909 4752 TapiSrv - ok
13:05:07.0956 4752 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:05:07.0956 4752 Tcpip - ok
13:05:07.0987 4752 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:05:08.0003 4752 TDPIPE - ok
13:05:08.0049 4752 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
13:05:08.0049 4752 tdrpman - ok
13:05:08.0065 4752 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:05:08.0081 4752 TDTCP - ok
13:05:08.0112 4752 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:05:08.0112 4752 TermDD - ok
13:05:08.0143 4752 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:05:08.0159 4752 TermService - ok
13:05:08.0206 4752 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:05:08.0221 4752 Themes - ok
13:05:08.0237 4752 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
13:05:08.0237 4752 tifsfilter - ok
13:05:08.0268 4752 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
13:05:08.0268 4752 timounter - ok
13:05:08.0346 4752 TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
13:05:08.0346 4752 TomTomHOMEService - ok
13:05:08.0378 4752 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
13:05:08.0393 4752 TosIde - ok
13:05:08.0424 4752 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:05:08.0440 4752 TrkWks - ok
13:05:08.0503 4752 TwonkyMedia - ok
13:05:08.0549 4752 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:05:08.0549 4752 Udfs - ok
13:05:08.0565 4752 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
13:05:08.0581 4752 ultra - ok
13:05:08.0628 4752 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:05:08.0643 4752 Update - ok
13:05:08.0674 4752 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:05:08.0690 4752 upnphost - ok
13:05:08.0737 4752 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
13:05:08.0737 4752 upperdev - ok
13:05:08.0768 4752 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:05:08.0784 4752 UPS - ok
13:05:08.0909 4752 UrlFilter (6a65cd6761337d339001959232233f0d) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
13:05:08.0909 4752 UrlFilter - ok
13:05:08.0940 4752 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:05:08.0956 4752 USBAAPL - ok
13:05:08.0987 4752 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:05:08.0987 4752 usbccgp - ok
13:05:09.0034 4752 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:05:09.0049 4752 usbehci - ok
13:05:09.0065 4752 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:05:09.0065 4752 usbhub - ok
13:05:09.0081 4752 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:05:09.0096 4752 usbprint - ok
13:05:09.0112 4752 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:05:09.0112 4752 usbscan - ok
13:05:09.0128 4752 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
13:05:09.0128 4752 usbser - ok
13:05:09.0159 4752 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
13:05:09.0174 4752 UsbserFilt - ok
13:05:09.0190 4752 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:05:09.0190 4752 USBSTOR - ok
13:05:09.0206 4752 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:05:09.0206 4752 usbuhci - ok
13:05:09.0221 4752 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:05:09.0237 4752 VgaSave - ok
13:05:09.0268 4752 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:05:09.0268 4752 viaagp - ok
13:05:09.0284 4752 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:05:09.0284 4752 ViaIde - ok
13:05:09.0331 4752 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:05:09.0331 4752 VolSnap - ok
13:05:09.0393 4752 Vsdatant (558cee3d9c470651f1843d51b42d761b) C:\WINDOWS\system32\vsdatant.sys
13:05:09.0424 4752 Vsdatant - ok
13:05:09.0487 4752 vsmon - ok
13:05:09.0534 4752 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:05:09.0565 4752 VSS - ok
13:05:09.0612 4752 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
13:05:09.0628 4752 w32time - ok
13:05:09.0690 4752 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:05:09.0690 4752 Wanarp - ok
13:05:09.0753 4752 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
13:05:09.0753 4752 Wdf01000 - ok
13:05:09.0768 4752 WDICA - ok
13:05:09.0799 4752 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:05:09.0799 4752 wdmaud - ok
13:05:09.0846 4752 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:05:09.0862 4752 WebClient - ok
13:05:09.0924 4752 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:05:09.0924 4752 winmgmt - ok
13:05:09.0987 4752 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
13:05:09.0987 4752 WmdmPmSN - ok
13:05:10.0034 4752 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:05:10.0034 4752 WmiApSrv - ok
13:05:10.0128 4752 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
13:05:10.0143 4752 WMPNetworkSvc - ok
13:05:10.0190 4752 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
13:05:10.0190 4752 WpdUsb - ok
13:05:10.0206 4752 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:05:10.0221 4752 WS2IFSL - ok
13:05:10.0268 4752 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
13:05:10.0284 4752 wscsvc - ok
13:05:10.0331 4752 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:05:10.0331 4752 WSTCODEC - ok
13:05:10.0346 4752 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
13:05:10.0378 4752 wuauserv - ok
13:05:10.0409 4752 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:05:10.0424 4752 WudfPf - ok
13:05:10.0440 4752 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:05:10.0440 4752 WudfRd - ok
13:05:10.0471 4752 WudfSvc (ae93084d2d236887ba56467ae42b4955) C:\WINDOWS\System32\WUDFSvc.dll
13:05:10.0487 4752 WudfSvc - ok
13:05:10.0534 4752 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:05:10.0549 4752 WZCSVC - ok
13:05:10.0596 4752 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
13:05:10.0612 4752 xmlprov - ok
13:05:10.0674 4752 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
13:05:10.0706 4752 \Device\Harddisk0\DR0 - ok
13:05:10.0737 4752 Boot (0x1200) (8b2a6e03e2b5dce43e8550fecd53a348) \Device\Harddisk0\DR0\Partition0
13:05:10.0737 4752 \Device\Harddisk0\DR0\Partition0 - ok
13:05:10.0737 4752 ============================================================
13:05:10.0737 4752 Scan finished
13:05:10.0737 4752 ============================================================
13:05:10.0753 0512 Detected object count: 0
13:05:10.0753 0512 Actual detected object count: 0
13:08:19.0503 4820 ============================================================
13:08:19.0503 4820 Scan started
13:08:19.0503 4820 Mode: Manual;
13:08:19.0503 4820 ============================================================
13:08:19.0690 4820 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
13:08:19.0690 4820 61883 - ok
13:08:19.0737 4820 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
13:08:19.0737 4820 Aavmker4 - ok
13:08:19.0753 4820 Abiosdsk - ok
13:08:19.0768 4820 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:08:19.0768 4820 abp480n5 - ok
13:08:19.0784 4820 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:08:19.0784 4820 ACPI - ok
13:08:19.0846 4820 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:08:19.0846 4820 ACPIEC - ok
13:08:19.0862 4820 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:08:19.0862 4820 adpu160m - ok
13:08:20.0003 4820 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
13:08:20.0003 4820 AdvancedSystemCareService5 - ok
13:08:20.0065 4820 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:08:20.0065 4820 aec - ok
13:08:20.0112 4820 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:08:20.0112 4820 AFD - ok
13:08:20.0159 4820 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:08:20.0159 4820 agp440 - ok
13:08:20.0174 4820 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:08:20.0174 4820 agpCPQ - ok
13:08:20.0190 4820 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:08:20.0190 4820 Aha154x - ok
13:08:20.0221 4820 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:08:20.0221 4820 aic78u2 - ok
13:08:20.0237 4820 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:08:20.0237 4820 aic78xx - ok
13:08:20.0284 4820 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:08:20.0284 4820 Alerter - ok
13:08:20.0299 4820 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:08:20.0315 4820 ALG - ok
13:08:20.0315 4820 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
13:08:20.0315 4820 AliIde - ok
13:08:20.0346 4820 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:08:20.0346 4820 alim1541 - ok
13:08:20.0362 4820 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:08:20.0362 4820 amdagp - ok
13:08:20.0393 4820 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
13:08:20.0393 4820 amsint - ok
13:08:20.0503 4820 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:08:20.0503 4820 Apple Mobile Device - ok
13:08:20.0518 4820 AppMgmt - ok
13:08:20.0565 4820 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:08:20.0565 4820 Arp1394 - ok
13:08:20.0612 4820 ASAPIW2K (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\Drivers\ASAPIW2K.sys
13:08:20.0612 4820 ASAPIW2K - ok
13:08:20.0643 4820 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
13:08:20.0643 4820 asc - ok
13:08:20.0643 4820 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:08:20.0659 4820 asc3350p - ok
13:08:20.0674 4820 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:08:20.0674 4820 asc3550 - ok
13:08:20.0784 4820 asdsrv (2be4aa54c7728b7a432713961b09fa89) C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
13:08:20.0784 4820 asdsrv - ok
13:08:20.0909 4820 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:08:20.0909 4820 aspnet_state - ok
13:08:20.0956 4820 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
13:08:20.0956 4820 aswFsBlk - ok
13:08:20.0971 4820 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
13:08:20.0971 4820 aswMon2 - ok
13:08:21.0003 4820 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
13:08:21.0003 4820 aswRdr - ok
13:08:21.0049 4820 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
13:08:21.0049 4820 aswSnx - ok
13:08:21.0081 4820 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
13:08:21.0096 4820 aswSP - ok
13:08:21.0143 4820 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
13:08:21.0143 4820 aswTdi - ok
13:08:21.0190 4820 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:08:21.0190 4820 AsyncMac - ok
13:08:21.0206 4820 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:08:21.0206 4820 atapi - ok
13:08:21.0221 4820 Atdisk - ok
13:08:21.0237 4820 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:08:21.0237 4820 Atmarpc - ok
13:08:21.0284 4820 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:08:21.0284 4820 AudioSrv - ok
13:08:21.0299 4820 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:08:21.0299 4820 audstub - ok
13:08:21.0393 4820 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
13:08:21.0393 4820 avast! Antivirus - ok
13:08:21.0424 4820 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
13:08:21.0440 4820 Avc - ok
13:08:21.0471 4820 avfsmn (0dd083cf4f58bd8aae850d3931f1aa98) C:\WINDOWS\system32\DRIVERS\avfsmn.sys
13:08:21.0471 4820 avfsmn - ok
13:08:21.0503 4820 avhips (908604bc15c3aa0052c791cb31e732a3) C:\WINDOWS\system32\DRIVERS\avhips.sys
13:08:21.0503 4820 avhips - ok
13:08:21.0534 4820 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:08:21.0534 4820 Beep - ok
13:08:21.0581 4820 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:08:21.0596 4820 BITS - ok
13:08:21.0674 4820 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:08:21.0674 4820 Bonjour Service - ok
13:08:21.0706 4820 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
13:08:21.0721 4820 Browser - ok
13:08:21.0768 4820 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
13:08:21.0768 4820 BthEnum - ok
13:08:21.0784 4820 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
13:08:21.0784 4820 BthPan - ok
13:08:21.0831 4820 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
13:08:21.0846 4820 BTHPORT - ok
13:08:21.0878 4820 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
13:08:21.0878 4820 BthServ - ok
13:08:21.0893 4820 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
13:08:21.0893 4820 BTHUSB - ok
13:08:21.0909 4820 BVRPMPR5 - ok
13:08:21.0924 4820 bvrp_pci - ok
13:08:22.0034 4820 catchme - ok
13:08:22.0049 4820 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:08:22.0049 4820 cbidf - ok
13:08:22.0065 4820 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:08:22.0065 4820 cbidf2k - ok
13:08:22.0143 4820 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:08:22.0159 4820 CCDECODE - ok
13:08:22.0174 4820 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:08:22.0174 4820 cd20xrnt - ok
13:08:22.0190 4820 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:08:22.0190 4820 Cdaudio - ok
13:08:22.0253 4820 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:08:22.0253 4820 Cdfs - ok
13:08:22.0284 4820 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:08:22.0284 4820 Cdrom - ok
13:08:22.0315 4820 Changer - ok
13:08:22.0346 4820 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:08:22.0346 4820 CiSvc - ok
13:08:22.0362 4820 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:08:22.0362 4820 ClipSrv - ok
13:08:22.0487 4820 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:08:22.0487 4820 clr_optimization_v2.0.50727_32 - ok
13:08:22.0487 4820 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:08:22.0503 4820 CmdIde - ok
13:08:22.0534 4820 com0com (e3d0dc2e7250feba831e850512ef3f82) C:\WINDOWS\system32\DRIVERS\com0com.sys
13:08:22.0549 4820 com0com - ok
13:08:22.0549 4820 COMSysApp - ok
13:08:22.0596 4820 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:08:22.0596 4820 Cpqarray - ok
13:08:22.0643 4820 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.exe
13:08:22.0643 4820 Creative Service for CDROM Access - ok
13:08:22.0674 4820 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:08:22.0674 4820 CryptSvc - ok
13:08:22.0706 4820 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:08:22.0706 4820 dac2w2k - ok
13:08:22.0721 4820 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:08:22.0721 4820 dac960nt - ok
13:08:22.0784 4820 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:08:22.0799 4820 DcomLaunch - ok
13:08:22.0831 4820 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:08:22.0846 4820 Dhcp - ok
13:08:22.0878 4820 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:08:22.0878 4820 Disk - ok
13:08:22.0924 4820 dk3drv (bcd8a24f0664c7dc97b6e75467c1f7df) C:\WINDOWS\SYSTEM32\Drivers\dk3drv.sys
13:08:22.0924 4820 dk3drv - ok
13:08:22.0940 4820 dmadmin - ok
13:08:22.0971 4820 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:08:22.0971 4820 dmboot - ok
13:08:22.0987 4820 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:08:23.0003 4820 dmio - ok
13:08:23.0003 4820 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:08:23.0018 4820 dmload - ok
13:08:23.0049 4820 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:08:23.0065 4820 dmserver - ok
13:08:23.0096 4820 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:08:23.0096 4820 DMusic - ok
13:08:23.0128 4820 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
13:08:23.0128 4820 Dnscache - ok
13:08:23.0174 4820 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:08:23.0174 4820 Dot3svc - ok
13:08:23.0190 4820 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:08:23.0190 4820 dpti2o - ok
13:08:23.0206 4820 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:08:23.0206 4820 drmkaud - ok
13:08:23.0299 4820 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:08:23.0299 4820 E100B - ok
13:08:23.0331 4820 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:08:23.0331 4820 EapHost - ok
13:08:23.0393 4820 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:08:23.0393 4820 ERSvc - ok
13:08:23.0456 4820 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:08:23.0471 4820 Eventlog - ok
13:08:23.0518 4820 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
13:08:23.0534 4820 EventSystem - ok
13:08:23.0565 4820 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:08:23.0565 4820 Fastfat - ok
13:08:23.0612 4820 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:08:23.0628 4820 FastUserSwitchingCompatibility - ok
13:08:23.0643 4820 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
13:08:23.0659 4820 Fax - ok
13:08:23.0674 4820 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:08:23.0674 4820 Fdc - ok
13:08:23.0815 4820 FileMonitor (c21fc36d3cd28c2726fee10d397216c7) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
13:08:23.0815 4820 FileMonitor - ok
13:08:23.0846 4820 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:08:23.0846 4820 Fips - ok
13:08:23.0893 4820 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:08:23.0893 4820 Flpydisk - ok
13:08:23.0909 4820 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:08:23.0909 4820 FltMgr - ok
13:08:24.0034 4820 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:08:24.0034 4820 FontCache3.0.0.0 - ok
13:08:24.0065 4820 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:08:24.0065 4820 Fs_Rec - ok
13:08:24.0112 4820 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:08:24.0112 4820 Ftdisk - ok
13:08:24.0174 4820 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:08:24.0190 4820 GEARAspiWDM - ok
13:08:24.0268 4820 getPlusHelper (0879dc7444a201df84e69c5dd5083d61) C:\Program Files\NOS\bin\getPlus_Helper.dll
13:08:24.0268 4820 getPlusHelper - ok
13:08:24.0299 4820 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:08:24.0299 4820 Gpc - ok
13:08:24.0378 4820 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
13:08:24.0378 4820 gupdate - ok
13:08:24.0378 4820 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
13:08:24.0378 4820 gupdatem - ok
13:08:24.0424 4820 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:08:24.0424 4820 gusvc - ok
13:08:24.0471 4820 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:08:24.0487 4820 HDAudBus - ok
13:08:24.0549 4820 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:08:24.0549 4820 helpsvc - ok
13:08:24.0581 4820 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
13:08:24.0596 4820 HidServ - ok
13:08:24.0643 4820 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:08:24.0643 4820 HidUsb - ok
13:08:24.0674 4820 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:08:24.0674 4820 hkmsvc - ok
13:08:24.0706 4820 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
13:08:24.0721 4820 hpn - ok
13:08:24.0737 4820 HPNUCMP (7cd1be2631f98cabda8254154e913835) C:\WINDOWS\system32\DRIVERS\hpnucmp.sys
13:08:24.0737 4820 HPNUCMP - ok
13:08:24.0784 4820 hpnuhst (ac6abca57a9ca35dca94f9d0c60758bf) C:\WINDOWS\system32\DRIVERS\hpnuhst.sys
13:08:24.0784 4820 hpnuhst - ok
13:08:24.0799 4820 HPNUHUB (b5195883028b927cf05bfeddd6e80265) C:\WINDOWS\system32\DRIVERS\hpnuhub.sys
13:08:24.0815 4820 HPNUHUB - ok
13:08:24.0909 4820 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:08:24.0909 4820 hpqcxs08 - ok
13:08:24.0956 4820 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:08:24.0956 4820 hpqddsvc - ok
13:08:24.0971 4820 HPSLPSVC (79737e0f7d25de8405cb34d4c9882253) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
13:08:24.0987 4820 HPSLPSVC - ok
13:08:25.0018 4820 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:08:25.0034 4820 HPZid412 - ok
13:08:25.0034 4820 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:08:25.0049 4820 HPZipr12 - ok
13:08:25.0065 4820 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:08:25.0065 4820 HPZius12 - ok
13:08:25.0112 4820 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:08:25.0112 4820 HTTP - ok
13:08:25.0143 4820 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:08:25.0159 4820 HTTPFilter - ok
13:08:25.0206 4820 hwdatacard (53f1160666435151b6fcf89d015fe620) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
13:08:25.0206 4820 hwdatacard - ok
13:08:25.0253 4820 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:08:25.0268 4820 i2omgmt - ok
13:08:25.0284 4820 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:08:25.0284 4820 i2omp - ok
13:08:25.0299 4820 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:08:25.0299 4820 i8042prt - ok
13:08:25.0378 4820 IAANTMon (5400c14134e7d6a0069c46febcb2dddf) C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
13:08:25.0393 4820 IAANTMon - ok
13:08:25.0456 4820 iastor (d593517879e65167df35f6015814ac59) C:\WINDOWS\system32\drivers\iastor.sys
13:08:25.0456 4820 iastor - ok
13:08:25.0549 4820 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
13:08:25.0549 4820 IDriverT - ok
13:08:25.0643 4820 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:08:25.0659 4820 idsvc - ok
13:08:25.0706 4820 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:08:25.0706 4820 Imapi - ok
13:08:25.0753 4820 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
13:08:25.0753 4820 ImapiService - ok
13:08:25.0878 4820 IMFservice (1f0aedcbd294a0a3b479896b278ad343) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
13:08:25.0878 4820 IMFservice - ok
13:08:25.0924 4820 InCDfs (d8a77fc386f9297ce4b692fc83b4ba02) C:\WINDOWS\system32\drivers\InCDfs.sys
13:08:25.0924 4820 InCDfs - ok
13:08:25.0940 4820 InCDPass (433bb499bcea1c88b55aa67d1b3ef1dc) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
13:08:25.0940 4820 InCDPass - ok
13:08:25.0987 4820 InCDrec (12dbb035cd2ed0313fab864470f31c23) C:\WINDOWS\system32\drivers\InCDrec.sys
13:08:25.0987 4820 InCDrec - ok
13:08:26.0018 4820 incdrm (9d1adfe6ce5c2e2a42f3b8aa57821d87) C:\WINDOWS\system32\drivers\incdrm.sys
13:08:26.0018 4820 incdrm - ok
13:08:26.0065 4820 InCDsrv (394bf2329ac168f253c74e1eead15fac) C:\Program Files\Ahead\InCD\InCDsrv.exe
13:08:26.0081 4820 InCDsrv - ok
13:08:26.0096 4820 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:08:26.0096 4820 ini910u - ok
13:08:26.0190 4820 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
13:08:26.0206 4820 IntelC51 - ok
13:08:26.0221 4820 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
13:08:26.0237 4820 IntelC52 - ok
13:08:26.0253 4820 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
13:08:26.0253 4820 IntelC53 - ok
13:08:26.0299 4820 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:08:26.0299 4820 IntelIde - ok
13:08:26.0331 4820 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:08:26.0331 4820 intelppm - ok
13:08:26.0346 4820 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:08:26.0346 4820 Ip6Fw - ok
13:08:26.0362 4820 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:08:26.0362 4820 IpFilterDriver - ok
13:08:26.0424 4820 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:08:26.0440 4820 IpInIp - ok
13:08:26.0487 4820 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:08:26.0503 4820 IpNat - ok
13:08:26.0596 4820 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
13:08:26.0596 4820 iPod Service - ok
13:08:26.0612 4820 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:08:26.0628 4820 IPSec - ok
13:08:26.0659 4820 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:08:26.0659 4820 IRENUM - ok
13:08:26.0690 4820 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:08:26.0690 4820 isapnp - ok
13:08:26.0799 4820 ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
13:08:26.0799 4820 ISWKL - ok
13:08:26.0815 4820 IswSvc (5b2ccef06f96dfb22893ab8f0b3f891d) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
13:08:26.0831 4820 IswSvc - ok
13:08:26.0878 4820 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
13:08:26.0878 4820 JavaQuickStarterService - ok
13:08:26.0924 4820 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:08:26.0940 4820 Kbdclass - ok
13:08:26.0987 4820 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:08:26.0987 4820 kbdhid - ok
13:08:27.0049 4820 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:08:27.0049 4820 kmixer - ok
13:08:27.0096 4820 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:08:27.0096 4820 KSecDD - ok
13:08:27.0143 4820 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
13:08:27.0143 4820 lanmanserver - ok
13:08:27.0190 4820 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
13:08:27.0206 4820 lanmanworkstation - ok
13:08:27.0378 4820 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
13:08:27.0393 4820 Lavasoft Ad-Aware Service - ok
13:08:27.0487 4820 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
13:08:27.0503 4820 Lavasoft Kernexplorer - ok
13:08:27.0565 4820 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
13:08:27.0565 4820 Lbd - ok
13:08:27.0581 4820 lbrtfdc - ok
13:08:27.0628 4820 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:08:27.0628 4820 LmHosts - ok
13:08:27.0753 4820 lredbooo - ok
13:08:27.0799 4820 MarvinBus (269c14d512b74cc28d2812ff7d1eb066) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
13:08:27.0815 4820 MarvinBus - ok
13:08:27.0846 4820 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
13:08:27.0846 4820 MBAMProtector - ok
13:08:27.0909 4820 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:08:27.0909 4820 MBAMService - ok
13:08:27.0987 4820 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
13:08:27.0987 4820 MDM - ok
13:08:28.0049 4820 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
13:08:28.0065 4820 Messenger - ok
13:08:28.0096 4820 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:08:28.0096 4820 mnmdd - ok
13:08:28.0143 4820 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
13:08:28.0143 4820 mnmsrvc - ok
13:08:28.0221 4820 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:08:28.0237 4820 Modem - ok
13:08:28.0237 4820 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
13:08:28.0253 4820 MODEMCSA - ok
13:08:28.0268 4820 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
13:08:28.0268 4820 mohfilt - ok
13:08:28.0331 4820 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:08:28.0346 4820 Mouclass - ok
13:08:28.0378 4820 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:08:28.0393 4820 mouhid - ok
13:08:28.0409 4820 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:08:28.0409 4820 MountMgr - ok
13:08:28.0456 4820 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:08:28.0471 4820 mraid35x - ok
13:08:28.0518 4820 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:08:28.0518 4820 MRxDAV - ok
13:08:28.0549 4820 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:08:28.0565 4820 MRxSmb - ok
13:08:28.0596 4820 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
13:08:28.0612 4820 MSDTC - ok
13:08:28.0628 4820 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
13:08:28.0628 4820 MSDV - ok
13:08:28.0659 4820 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:08:28.0659 4820 Msfs - ok
13:08:28.0674 4820 MSIServer - ok
13:08:28.0721 4820 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:08:28.0721 4820 MSKSSRV - ok
13:08:28.0737 4820 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:08:28.0737 4820 MSPCLOCK - ok
13:08:28.0768 4820 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:08:28.0784 4820 MSPQM - ok
13:08:28.0846 4820 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:08:28.0846 4820 mssmbios - ok
13:08:28.0862 4820 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:08:28.0878 4820 MSTEE - ok
13:08:28.0893 4820 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:08:28.0909 4820 Mup - ok
13:08:28.0924 4820 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:08:28.0940 4820 NABTSFEC - ok
13:08:28.0987 4820 NAL (9121d8ffff773c66bbf4955e4f7aac23) C:\WINDOWS\system32\Drivers\iqvw32.sys
13:08:28.0987 4820 NAL - ok
13:08:29.0034 4820 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:08:29.0049 4820 napagent - ok
13:08:29.0081 4820 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:08:29.0081 4820 NDIS - ok
13:08:29.0112 4820 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
13:08:29.0112 4820 ndiscm - ok
13:08:29.0159 4820 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:08:29.0174 4820 NdisIP - ok
13:08:29.0253 4820 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:08:29.0253 4820 NdisTapi - ok
13:08:29.0268 4820 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:08:29.0268 4820 Ndisuio - ok
13:08:29.0284 4820 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:08:29.0284 4820 NdisWan - ok
13:08:29.0346 4820 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:08:29.0346 4820 NDProxy - ok
13:08:29.0393 4820 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\WINDOWS\system32\HPZinw12.dll
13:08:29.0393 4820 Net Driver HPZ12 - ok
13:08:29.0440 4820 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:08:29.0440 4820 NetBIOS - ok
13:08:29.0487 4820 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:08:29.0487 4820 NetBT - ok
13:08:29.0518 4820 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:08:29.0534 4820 NetDDE - ok
13:08:29.0534 4820 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:08:29.0549 4820 NetDDEdsdm - ok
13:08:29.0581 4820 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:08:29.0596 4820 Netlogon - ok
13:08:29.0612 4820 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:08:29.0628 4820 Netman - ok
13:08:29.0721 4820 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:08:29.0737 4820 NetTcpPortSharing - ok
13:08:29.0768 4820 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:08:29.0768 4820 NIC1394 - ok
13:08:29.0815 4820 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
13:08:29.0815 4820 Nla - ok
13:08:29.0862 4820 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
13:08:29.0862 4820 nmwcd - ok
13:08:29.0893 4820 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
13:08:29.0893 4820 nmwcdc - ok
13:08:29.0940 4820 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
13:08:29.0940 4820 nmwcdnsu - ok
13:08:29.0987 4820 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
13:08:29.0987 4820 nmwcdnsuc - ok
13:08:30.0065 4820 nosGetPlusHelper (f44addbf29905cb19f52fc9fe6a0efa1) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
13:08:30.0065 4820 nosGetPlusHelper - ok
13:08:30.0112 4820 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:08:30.0112 4820 Npfs - ok
13:08:30.0143 4820 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:08:30.0143 4820 Ntfs - ok
13:08:30.0190 4820 NTIDrvr (3c25d8a23c366fbe1511b4a250a1a2ad) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
13:08:30.0190 4820 NTIDrvr - ok
13:08:30.0221 4820 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:08:30.0221 4820 NtLmSsp - ok
13:08:30.0268 4820 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:08:30.0284 4820 NtmsSvc - ok
13:08:30.0315 4820 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:08:30.0315 4820 Null - ok
13:08:30.0471 4820 nv (29b9163a6d9c486dcaefed190130acb0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:08:30.0503 4820 nv - ok
13:08:30.0549 4820 NVSvc (aa78c4677e06cfd4fe048718ee7f6332) C:\WINDOWS\system32\nvsvc32.exe
13:08:30.0565 4820 NVSvc - ok
13:08:30.0596 4820 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:08:30.0596 4820 NwlnkFlt - ok
13:08:30.0612 4820 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:08:30.0612 4820 NwlnkFwd - ok
13:08:30.0690 4820 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:08:30.0690 4820 ohci1394 - ok
13:08:30.0753 4820 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
13:08:30.0753 4820 omci - ok
13:08:30.0784 4820 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:08:30.0784 4820 Parport - ok
13:08:30.0799 4820 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:08:30.0799 4820 PartMgr - ok
13:08:30.0831 4820 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:08:30.0846 4820 ParVdm - ok
13:08:30.0909 4820 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
13:08:30.0909 4820 pccsmcfd - ok
13:08:30.0924 4820 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:08:30.0924 4820 PCI - ok
13:08:30.0940 4820 PCIDump - ok
13:08:30.0956 4820 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:08:30.0956 4820 PCIIde - ok
13:08:31.0018 4820 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
13:08:31.0034 4820 PCLEPCI - ok
13:08:31.0034 4820 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:08:31.0049 4820 Pcmcia - ok
13:08:31.0096 4820 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
13:08:31.0096 4820 pcouffin - ok
13:08:31.0112 4820 PDCOMP - ok
13:08:31.0128 4820 PDFRAME - ok
13:08:31.0159 4820 PDRELI - ok
13:08:31.0190 4820 PDRFRAME - ok
13:08:31.0206 4820 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
13:08:31.0206 4820 perc2 - ok
13:08:31.0253 4820 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:08:31.0253 4820 perc2hib - ok
13:08:31.0315 4820 PIEUsb (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\Drivers\usbscan.sys
13:08:31.0315 4820 PIEUsb - ok
13:08:31.0378 4820 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:08:31.0393 4820 PlugPlay - ok
13:08:31.0503 4820 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\WINDOWS\system32\HPZipm12.dll
13:08:31.0503 4820 Pml Driver HPZ12 - ok
13:08:31.0534 4820 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:08:31.0549 4820 PolicyAgent - ok
13:08:31.0581 4820 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:08:31.0581 4820 PptpMiniport - ok
13:08:31.0612 4820 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:08:31.0612 4820 ProtectedStorage - ok
13:08:31.0628 4820 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:08:31.0643 4820 PSched - ok
13:08:31.0690 4820 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:08:31.0690 4820 Ptilink - ok
13:08:31.0737 4820 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:08:31.0737 4820 PxHelp20 - ok
13:08:31.0768 4820 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:08:31.0768 4820 ql1080 - ok
13:08:31.0784 4820 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:08:31.0784 4820 Ql10wnt - ok
13:08:31.0831 4820 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:08:31.0846 4820 ql12160 - ok
13:08:31.0862 4820 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:08:31.0862 4820 ql1240 - ok
13:08:31.0893 4820 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:08:31.0909 4820 ql1280 - ok
13:08:31.0940 4820 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:08:31.0940 4820 RasAcd - ok
13:08:31.0987 4820 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:08:32.0003 4820 RasAuto - ok
13:08:32.0049 4820 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:08:32.0049 4820 Rasl2tp - ok
13:08:32.0096 4820 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:08:32.0112 4820 RasMan - ok
13:08:32.0128 4820 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:08:32.0128 4820 RasPppoe - ok
13:08:32.0143 4820 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:08:32.0143 4820 Raspti - ok
13:08:32.0221 4820 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:08:32.0221 4820 Rdbss - ok
13:08:32.0237 4820 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:08:32.0237 4820 RDPCDD - ok
13:08:32.0299 4820 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:08:32.0299 4820 rdpdr - ok
13:08:32.0362 4820 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
13:08:32.0362 4820 RDPWD - ok
13:08:32.0393 4820 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:08:32.0409 4820 RDSessMgr - ok
13:08:32.0456 4820 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:08:32.0456 4820 redbook - ok
13:08:32.0581 4820 RegFilter (3bc05ec17f0a2bf4f141cb3d3390515e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
13:08:32.0596 4820 RegFilter - ok
13:08:32.0628 4820 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:08:32.0643 4820 RemoteAccess - ok
13:08:32.0690 4820 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
13:08:32.0690 4820 RFCOMM - ok
13:08:32.0721 4820 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
13:08:32.0737 4820 RpcLocator - ok
13:08:32.0784 4820 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
13:08:32.0799 4820 RpcSs - ok
13:08:32.0831 4820 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:08:32.0846 4820 RSVP - ok
13:08:32.0940 4820 Sage SData Service (daf4d47e625670f3952687210100d2cb) C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
13:08:32.0940 4820 Sage SData Service - ok
13:08:32.0971 4820 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:08:32.0987 4820 SamSs - ok
13:08:33.0018 4820 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:08:33.0034 4820 SCardSvr - ok
13:08:33.0081 4820 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:08:33.0096 4820 Schedule - ok
13:08:33.0143 4820 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:08:33.0143 4820 Secdrv - ok
13:08:33.0159 4820 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:08:33.0174 4820 seclogon - ok
13:08:33.0206 4820 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
13:08:33.0221 4820 SENS - ok
13:08:33.0253 4820 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:08:33.0253 4820 serenum - ok
13:08:33.0299 4820 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:08:33.0299 4820 Serial - ok
13:08:33.0409 4820 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
13:08:33.0424 4820 ServiceLayer - ok
13:08:33.0487 4820 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
13:08:33.0518 4820 Sfloppy - ok
13:08:33.0565 4820 SgtSch2Svc (c240035fb95c2faef99cfc2403edcd46) C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
13:08:33.0565 4820 SgtSch2Svc - ok
13:08:33.0612 4820 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
13:08:33.0628 4820 SharedAccess - ok
13:08:33.0659 4820 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:08:33.0674 4820 ShellHWDetection - ok
13:08:33.0690 4820 Simbad - ok
13:08:33.0737 4820 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:08:33.0737 4820 sisagp - ok
13:08:33.0768 4820 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:08:33.0768 4820 SLIP - ok
13:08:33.0815 4820 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
13:08:33.0815 4820 SmartDefragDriver - ok
13:08:33.0862 4820 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\WINDOWS\system32\DRIVERS\snapman.sys
13:08:33.0862 4820 snapman - ok
13:08:33.0940 4820 SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
13:08:33.0940 4820 SolidWorks Licensing Service - ok
13:08:33.0971 4820 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:08:33.0971 4820 Sparrow - ok
13:08:34.0003 4820 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:08:34.0003 4820 splitter - ok
13:08:34.0034 4820 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:08:34.0049 4820 Spooler - ok
13:08:34.0065 4820 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:08:34.0065 4820 sr - ok
13:08:34.0081 4820 srescan - ok
13:08:34.0143 4820 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
13:08:34.0159 4820 srservice - ok
13:08:34.0190 4820 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:08:34.0206 4820 Srv - ok
13:08:34.0221 4820 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:08:34.0237 4820 SSDPSRV - ok
13:08:34.0284 4820 STHDA (352b663a81402be7cd7bd4ea27c9998c) C:\WINDOWS\system32\drivers\sthda.sys
13:08:34.0299 4820 STHDA - ok
13:08:34.0331 4820 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:08:34.0346 4820 stisvc - ok
13:08:34.0424 4820 stllssvr (e5ff667e416dac99bff16b626234a379) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
13:08:34.0440 4820 stllssvr - ok
13:08:34.0471 4820 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:08:34.0471 4820 streamip - ok
13:08:34.0487 4820 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:08:34.0503 4820 swenum - ok
13:08:34.0534 4820 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:08:34.0534 4820 swmidi - ok
13:08:34.0549 4820 SwPrv - ok
13:08:34.0612 4820 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
13:08:34.0612 4820 symc810 - ok
13:08:34.0628 4820 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:08:34.0628 4820 symc8xx - ok
13:08:34.0690 4820 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:08:34.0690 4820 sym_hi - ok
13:08:34.0706 4820 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:08:34.0721 4820 sym_u3 - ok
13:08:34.0768 4820 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:08:34.0768 4820 sysaudio - ok
13:08:34.0815 4820 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:08:34.0831 4820 SysmonLog - ok
13:08:34.0878 4820 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:08:34.0893 4820 TapiSrv - ok
13:08:34.0956 4820 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:08:34.0956 4820 Tcpip - ok
13:08:34.0987 4820 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:08:34.0987 4820 TDPIPE - ok
13:08:35.0034 4820 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
13:08:35.0049 4820 tdrpman - ok
13:08:35.0065 4820 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:08:35.0065 4820 TDTCP - ok
13:08:35.0128 4820 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:08:35.0143 4820 TermDD - ok
13:08:35.0174 4820 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:08:35.0190 4820 TermService - ok
13:08:35.0221 4820 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:08:35.0237 4820 Themes - ok
13:08:35.0284 4820 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
13:08:35.0299 4820 tifsfilter - ok
13:08:35.0331 4820 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
13:08:35.0346 4820 timounter - ok
13:08:35.0440 4820 TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
13:08:35.0440 4820 TomTomHOMEService - ok
13:08:35.0503 4820 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
13:08:35.0503 4820 TosIde - ok
13:08:35.0565 4820 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:08:35.0565 4820 TrkWks - ok
13:08:35.0643 4820 TwonkyMedia - ok
13:08:35.0674 4820 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:08:35.0690 4820 Udfs - ok
13:08:35.0706 4820 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
13:08:35.0706 4820 ultra - ok
13:08:35.0753 4820 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:08:35.0753 4820 Update - ok
13:08:35.0784 4820 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:08:35.0799 4820 upnphost - ok
13:08:35.0846 4820 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
13:08:35.0846 4820 upperdev - ok
13:08:35.0862 4820 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:08:35.0878 4820 UPS - ok
13:08:36.0003 4820 UrlFilter (6a65cd6761337d339001959232233f0d) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
13:08:36.0018 4820 UrlFilter - ok
13:08:36.0049 4820 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:08:36.0049 4820 USBAAPL - ok
13:08:36.0128 4820 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:08:36.0143 4820 usbccgp - ok
13:08:36.0190 4820 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:08:36.0190 4820 usbehci - ok
13:08:36.0206 4820 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:08:36.0206 4820 usbhub - ok
13:08:36.0237 4820 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:08:36.0237 4820 usbprint - ok
13:08:36.0268 4820 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:08:36.0268 4820 usbscan - ok
13:08:36.0331 4820 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
13:08:36.0346 4820 usbser - ok
13:08:36.0378 4820 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
13:08:36.0378 4820 UsbserFilt - ok
13:08:36.0424 4820 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:08:36.0424 4820 USBSTOR - ok
13:08:36.0440 4820 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:08:36.0440 4820 usbuhci - ok
13:08:36.0456 4820 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:08:36.0471 4820 VgaSave - ok
13:08:36.0503 4820 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:08:36.0503 4820 viaagp - ok
13:08:36.0518 4820 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:08:36.0518 4820 ViaIde - ok
13:08:36.0596 4820 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:08:36.0596 4820 VolSnap - ok
13:08:36.0659 4820 Vsdatant (558cee3d9c470651f1843d51b42d761b) C:\WINDOWS\system32\vsdatant.sys
13:08:36.0674 4820 Vsdatant - ok
13:08:36.0753 4820 vsmon - ok
13:08:36.0799 4820 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:08:36.0815 4820 VSS - ok
13:08:36.0862 4820 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
13:08:36.0878 4820 w32time - ok
13:08:36.0893 4820 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:08:36.0893 4820 Wanarp - ok
13:08:36.0971 4820 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
13:08:36.0971 4820 Wdf01000 - ok
13:08:36.0987 4820 WDICA - ok
13:08:37.0034 4820 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:08:37.0034 4820 wdmaud - ok
13:08:37.0096 4820 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:08:37.0112 4820 WebClient - ok
13:08:37.0174 4820 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:08:37.0174 4820 winmgmt - ok
13:08:37.0237 4820 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
13:08:37.0237 4820 WmdmPmSN - ok
13:08:37.0284 4820 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:08:37.0284 4820 WmiApSrv - ok
13:08:37.0362 4820 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
13:08:37.0378 4820 WMPNetworkSvc - ok
13:08:37.0456 4820 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
13:08:37.0456 4820 WpdUsb - ok
13:08:37.0487 4820 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:08:37.0503 4820 WS2IFSL - ok
13:08:37.0534 4820 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
13:08:37.0565 4820 wscsvc - ok
13:08:37.0596 4820 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:08:37.0612 4820 WSTCODEC - ok
13:08:37.0628 4820 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
13:08:37.0643 4820 wuauserv - ok
13:08:37.0690 4820 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:08:37.0690 4820 WudfPf - ok
13:08:37.0706 4820 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:08:37.0721 4820 WudfRd - ok
13:08:37.0737 4820 WudfSvc (ae93084d2d236887ba56467ae42b4955) C:\WINDOWS\System32\WUDFSvc.dll
13:08:37.0753 4820 WudfSvc - ok
13:08:37.0799 4820 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:08:37.0815 4820 WZCSVC - ok
13:08:37.0846 4820 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
13:08:37.0862 4820 xmlprov - ok
13:08:37.0924 4820 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
13:08:37.0956 4820 \Device\Harddisk0\DR0 - ok
13:08:37.0987 4820 Boot (0x1200) (8b2a6e03e2b5dce43e8550fecd53a348) \Device\Harddisk0\DR0\Partition0
13:08:37.0987 4820 \Device\Harddisk0\DR0\Partition0 - ok
13:08:37.0987 4820 ============================================================
13:08:37.0987 4820 Scan finished
13:08:37.0987 4820 ============================================================
13:08:38.0003 3616 Detected object count: 0
13:08:38.0003 3616 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-19 13:12:01
-----------------------------
13:12:01.128 OS Version: Windows 5.1.2600 Service Pack 3
13:12:01.128 Number of processors: 2 586 0x401
13:12:01.128 ComputerName: STEVEN UserName:
13:12:02.753 Initialize success
13:12:07.159 AVAST engine defs: 12041900
13:12:32.471 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:12:32.471 Disk 0 Vendor: ST350041 CC46 Size: 476940MB BusType: 3
13:12:32.487 Disk 0 MBR read successfully
13:12:32.503 Disk 0 MBR scan
13:12:32.565 Disk 0 unknown MBR code
13:12:32.581 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 172 MB offset 63
13:12:32.628 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 467171 MB offset 353430
13:12:32.659 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 9593 MB offset 957120570
13:12:32.674 Disk 0 scanning sectors +976768065
13:12:32.768 Disk 0 scanning C:\WINDOWS\system32\drivers
13:12:48.581 Service scanning
13:12:52.487 Service BVRPMPR5 D:\INSTAL~E\Core\BVRPMPR5.SYS **LOCKED** 21
13:13:07.409 Modules scanning
13:13:13.174 Disk 0 trace - called modules:
13:13:13.221 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
13:13:13.221 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87174840]
13:13:13.237 3 CLASSPNP.SYS[f7612fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x87168030]
13:13:18.440 AVAST engine scan C:\WINDOWS
13:13:33.299 AVAST engine scan C:\WINDOWS\system32
13:16:44.065 AVAST engine scan C:\WINDOWS\system32\drivers
13:17:17.721 AVAST engine scan C:\Documents and Settings\Steven Carr
13:38:59.424 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Steven Carr\Desktop\MBR.dat"
13:38:59.440 The log file has been saved successfully to "C:\Documents and Settings\Steven Carr\Desktop\aswMBR.txt"
13:46:35.643 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Steven Carr\Desktop\MBR.dat"
13:46:35.674 The log file has been saved successfully to "C:\Documents and Settings\Steven Carr\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:56 PM

Posted 19 April 2012 - 08:31 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 cazshie

cazshie
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 19 April 2012 - 09:35 AM

Combofix log below.

Am I alright to start using the computer as normal to see if Google re-direct problem has been rectified?

I had actually noticed, prior to google problem, that the computer was running very very slow. Is anything we've done likely to improve speed?

Also, how am I for virus protection? I've got avast and zonealarm running normally with Advanced System Care 5 for disc scan/optimisation. Occassionally run Ad-Aware and installed Malwarebytes and Anvi Smart Defender in the last couple of days.


ComboFix 12-04-19.01 - Steven Carr 19/04/2012 14:45:37.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.298 [GMT 1:00]
Running from: c:\documents and settings\Steven Carr\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Steven Carr\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Free Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-19 to 2012-04-19 )))))))))))))))))))))))))))))))
.
.
2012-04-18 22:14 . 2012-01-09 08:26 23848 ----a-w- c:\windows\system32\drivers\avhips.sys
2012-04-18 22:14 . 2012-01-09 08:26 17704 ----a-w- c:\windows\system32\drivers\avfsmn.sys
2012-04-18 21:59 . 2012-04-18 21:59 -------- d-----w- c:\documents and settings\Steven Carr\Local Settings\Application Data\Deployment
2012-04-18 14:01 . 2012-04-18 22:12 -------- d-----w- c:\program files\Anvisoft
2012-04-18 13:40 . 2012-04-18 13:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-18 13:33 . 2012-04-18 13:33 -------- d-----w- c:\documents and settings\Steven Carr\Application Data\Malwarebytes
2012-04-18 13:33 . 2012-04-18 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-18 13:33 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-18 13:33 . 2012-04-18 13:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-17 13:02 . 2012-04-17 13:02 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-26 15:41 . 2012-01-03 08:22 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-03-26 15:41 . 2012-01-03 08:22 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-08 20:24 . 2004-08-10 11:51 26112 ----a-w- c:\windows\system32\userinit.exe
2012-03-06 23:15 . 2010-11-09 17:56 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2010-11-09 17:56 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-06-13 07:45 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2010-11-09 17:56 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2010-11-09 17:56 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2010-11-09 17:56 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2010-11-09 17:56 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2010-11-09 17:56 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2010-11-09 17:56 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2010-11-09 17:56 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-01 11:01 . 2004-08-10 11:51 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-10 11:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-10 11:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-10 11:51 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-10 11:51 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-10 11:51 385024 ----a-w- c:\windows\system32\html.iec
2012-02-24 21:57 . 2011-06-07 07:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2004-08-10 11:51 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-19_08.45.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-19 11:24 . 2012-04-19 11:24 16384 c:\windows\Temp\Perflib_Perfdata_e3c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 2048000]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-18 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"iKeyWorks"="c:\progra~1\A4Tech\Keyboard\Ikeymain.exe" [2004-08-31 61440]
"nwiz"="nwiz.exe" [2006-03-09 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-03-23 1398272]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-16 1325936]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-16 904840]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-16 136544]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-30 273528]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Anvi Smart Defender"="c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-02-03 715048]
"ISW"="" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Microsoft Outlook.lnk - c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe [2009-7-24 114688]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-1-24 118784]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9438:TCP"= 9438:TCP:BitComet 9438 TCP
"9438:UDP"= 9438:UDP:BitComet 9438 UDP
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [20/01/2012 11:13 64512]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [26/08/2011 20:15 13496]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [13/06/2011 08:45 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [09/11/2010 18:56 337880]
R1 avfsmn;avfsmn;c:\windows\system32\drivers\avfsmn.sys [18/04/2012 23:14 17704]
R1 dk3drv;DK3 Windows NT Driver;c:\windows\system32\drivers\dk3drv.sys [30/08/2007 09:03 20792]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [29/11/2011 13:58 913752]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [03/02/2012 08:55 296232]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09/11/2010 18:56 20696]
R2 avhips;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\drivers\avhips.sys [18/04/2012 23:14 23848]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [26/08/2011 20:16 820568]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [03/11/2011 15:44 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [03/11/2011 15:44 497280]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18/04/2012 14:33 654408]
R2 Sage SData Service;Sage SData Service;c:\program files\Common Files\Sage SData\Sage.SData.Service.exe [21/08/2009 16:52 49152]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [16/10/2009 19:39 431456]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [23/01/2012 05:43 92592]
R3 hpnuhst;HP NUSB Host;c:\windows\system32\drivers\hpnuhst.sys [13/03/2010 18:40 12032]
R3 HPNUHUB;HP NUSB Hub;c:\windows\system32\drivers\hpnuhub.sys [13/03/2010 18:40 39424]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18/04/2012 14:33 22344]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [07/08/2009 19:40 47360]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18/04/2012 22:59 116648]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [23/12/2011 08:12 2152152]
S2 PIEUsb;Single Frame Film Scanner;c:\windows\system32\drivers\usbscan.sys [19/02/2008 23:26 15104]
S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [18/04/2012 22:59 116648]
S3 HPNUCMP;HP NUSB Composite;c:\windows\system32\drivers\hpnucmp.sys [13/03/2010 18:40 11648]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [23/12/2011 08:12 15232]
S3 lredbooo;lredbooo;\??\c:\docume~1\STEVEN~1\LOCALS~1\Temp\lredbooo.sys --> c:\docume~1\STEVEN~1\LOCALS~1\Temp\lredbooo.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [12/08/2010 00:34 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [12/08/2010 00:34 8320]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [10/08/2004 12:51 14336]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [26/08/2011 20:16 30368]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [26/08/2011 20:16 16080]
S4 Bt042nl;Bt042nl; [x]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [26/08/2011 20:16 239600]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 08002775
*NewlyCreated* - ASWMBR
*Deregistered* - 08002775
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
HPService REG_MULTI_SZ HPSLPSVC
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 10:16]
.
2012-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:57]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-18 21:59]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-18 21:59]
.
2012-04-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 13:40]
.
2012-04-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2722381666-273064381-2530740262-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 13:40]
.
2012-04-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2722381666-273064381-2530740262-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 13:40]
.
2012-04-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 13:40]
.
2012-04-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2722381666-273064381-2530740262-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 13:40]
.
2012-04-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2722381666-273064381-2530740262-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 13:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hibs.net/forumdisplay.php?2-hibs.net-Main-Forum
uInternet Connection Wizard,ShellNext = hxxp://www.blueyonder.co.uk/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: emcs-netport.com\www
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1096842F-FEE8-11D2-965E-0010E3622565} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_RYD.cab
DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
DPF: {1E89A357-CF86-11D1-8CAE-00805F93E2D7} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Wz01.cab
DPF: {219CF65A-B13C-11D2-8D4A-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb04.cab
DPF: {29166FB6-2AD6-11D2-8DB7-0001FAF8D270} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Wz06.cab
DPF: {498439C0-0921-11D3-9484-0001FAF8503C} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb10.cab
DPF: {4DE7E614-E69B-11D2-947C-0001FAF8503C} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb07.cab
DPF: {5915C16A-F555-11D1-8E31-08005AAA630C} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Wz05.cab
DPF: {5B2FD039-D08C-11D2-9FFD-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb08.cab
DPF: {5DD1BBF5-E4B2-11D1-9211-0004ACF75CFC} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Wz02.cab
DPF: {6A863F66-CA4A-11D2-9FF9-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb05.cab
DPF: {6CAE02B8-EB30-11D1-8CE5-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_List.cab
DPF: {74545298-2152-11D2-8D16-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Wz03.cab
DPF: {8F78C964-B20B-11D2-8D4A-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb01.cab
DPF: {9D24756B-CBFC-11D2-9FFB-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb13.cab
DPF: {9E2D89BB-D888-11D2-A002-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb12.cab
DPF: {B37DB118-5623-11D3-8769-0010E36241AE} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Wz09.cab
DPF: {BBAE9E7E-3F7D-11D3-94B7-0001FAF8503C} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb16.cab
DPF: {C0E10B5C-DA42-11D3-9FED-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb02.cab
DPF: {C1BA9623-F27F-11D2-947D-0001FAF8503C} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb11.cab
DPF: {C6726AD0-E1E0-11D2-929E-0004ACF75CFC} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb03.cab
DPF: {C6C07D4E-3911-11D2-8708-0001FAF8D5C4} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Wz07.cab
DPF: {D71A2028-D578-11D2-9FFF-0004ACF74B57} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb14.cab
DPF: {DF3AA904-233E-11D3-9495-0001FAF8503C} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb17.cab
DPF: {F0FB4064-2940-11D3-92B1-0004ACF75CFC} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Lb06.cab
DPF: {F3DAE1EA-01DA-11D2-8E33-08005AAA630C} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Wz04.cab
DPF: {F49159DA-E0C6-11D1-8E28-08005AAA630C} - hxxp://roylinedirect.rbs.co.uk/dbpc2/controls/2.7.16.0/IFS_Serv.cab
FF - ProfilePath - c:\documents and settings\Steven Carr\Application Data\Mozilla\Firefox\Profiles\3gm0yefg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hibs.net/message/forumdisplay.php?f=2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-19 15:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,a4,f4,7b,e5,3b,15,45,9a,8b,c0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,a4,f4,7b,e5,3b,15,45,9a,8b,c0,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1220)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(1280)
c:\windows\system32\relog_ap.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(19496)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-19 15:12:26
ComboFix-quarantined-files.txt 2012-04-19 14:12
ComboFix2.txt 2012-04-19 08:51
.
Pre-Run: 225,624,137,728 bytes free
Post-Run: 225,626,009,600 bytes free
.
- - End Of File - - 3F7592D4BCE8CDFDE8F3F87B39375AD1

Edited by cazshie, 19 April 2012 - 09:50 AM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:56 PM

Posted 19 April 2012 - 10:07 AM

Hello

Please do check the computer out now

I've got avast and zonealarm running normally with Advanced System Care 5 for disc scan/optimisation. Occassionally run Ad-Aware and installed Malwarebytes and Anvi Smart Defender in the last couple of days.

avast
zonealarm
Advanced System Care 5
Ad-Aware
Malwarebytes
Anvi Smart Defender


this is to much - remove the ones in red but we will add one later but not now (winpatrol)

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 cazshie

cazshie
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 19 April 2012 - 11:14 AM

I am unable to post the report .. I think maybe it is too long so I will post in 2 parts.

Image Resizer Powertoy for Windows XP
InCD
Insite 2006 UK v5.20
Insite UK
Intel Matrix Storage Manager
Intel® 537EP V9x DFV PCI Modem
Intel® PRO Network Connections Software v9.2.4.11
Intel® PROSafe for Wired Connections
IObit Malware Fighter
iPhoneBrowser
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 3
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java™ 6 Update 24
Lingua Match rus-eng-usa
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 7.0
Microsoft XML Parser
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (3.0.6)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
Nero 6
Nero Digital
Nero Media Player
Network
Nokia Connectivity Cable Driver
Nokia Home Media Server
Nokia Map Loader
Nokia Maps Updater 1.0.12
Nokia Ovi Application Installer
Nokia Ovi Application Installer 6.85.3011
Nokia Ovi Content Copier
Nokia Ovi Content Copier 6.85.3011
Nokia Ovi One Touch Access
Nokia Ovi One Touch Access 6.85.3011
Nokia Ovi Suite
Nokia Ovi System Utilities
Nokia Ovi System Utilities 6.85.3016
Nokia PC Suite
Nokia Software Updater
Null-modem emulator (com0com)
NVIDIA Drivers
PanoStandAlone
PC Connectivity Solution
Peck's Power Join
PIF DESIGNER2.1
Pinnacle Hollywood FX for Studio
Pinnacle Instant DVD Recorder
PrimoPDF
PrimoPDF Redistribution Package
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_min
PS_AIO_06_C309g-m_SW_Min
PSSWCORE
QuickTime
RAPID (Studio 10)
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Express Labeler 3
Russian In Action 2
Sage 50 Accounts 2010
Sage e-Banking Core Components
Sage Protx VSP
Scan
ScanToWeb
Seagate DiscWizard
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Shop for HP Supplies
Smart Defrag 2
SmartSMS
SmartSound Quicktracks Plugin
SmartWebPrinting
SolidWorks eDrawings 2010
SolutionCenter
SopCast 3.2.9
Status
Studio 10
Studio 10.5 Patch
Studio 10.5.2 Patch
SupportSoft Assisted Service
TomTom HOME 2.8.3.2499
TomTom HOME Visual Studio Merge Modules
Toolbox
Transparent Language System
TrayApp
TwonkyMedia
UDL IP Interface
Ultra Video Joiner 6.1.0119
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
WinAce Archiver
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Driver Package - PIE Image 10/22/2002 1.1.1
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip
Yahoo! Extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool 1v7
Yahoo! Toolbar
ZENcast Organizer
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
ZoneAlarm Spy Blocker
ZoneAlarm Toolbar

Edited by cazshie, 19 April 2012 - 11:18 AM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:56 PM

Posted 19 April 2012 - 11:21 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 24
ZoneAlarm Spy Blocker
ZoneAlarm Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 cazshie

cazshie
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 19 April 2012 - 11:24 AM

32 Bit HP CIO Components Installer
A4Tech iKeyWorks 7.64
Accounts
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.0
Advanced SystemCare 5
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AudibleManager
AutoUpdate
avast! Free Antivirus
AVG 2011
Basic PAYE Tools
Basic PAYE Tools 2012
Before You Know It 3.5 Lite
BitComet 1.28
BitLord 1.1
blueyonder Instant Support Tool
Bonjour
BufferChm
Byki
Byki Deluxe
C309g-m
C5200
C5200_doccd
c5200_Help
Camel's MPEGJoin
Cobian Backup 9
Compatibility Pack for the 2007 Office system
Copy
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN V Series (R2)
Critical Update for Windows Media Player 11 (KB959772)
CyberView X - SF v1.18c
Dell Driver Reset Tool
Dell Picture Studio v3.0
Dell System Restore
Destinations
DeviceDiscovery
DeviceManagementQFolder
DiscAPI (Studio 10)
DivX
DK3 Drivers v2.0.0.0
DocProc
DocProcQFolder
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.5.0
DVDFab 6.0.4.0 (28/07/2009)
ESPR200 Reference Guide
ESPR200 Software Guide
eSupportQFolder
Fax
FileZilla Client 3.1.5.1
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HandBrake 0.9.3
High Definition Audio Driver Package - KB835221
HMRC Employer CD-ROM 2009
HMRC Employer CD-ROM 2010 - Updated Edition 2.1.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Photosmart Premium C309g-m All-in-One Driver Software 13.0 Rel. 6
HP Print Projects 1.0
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller

Edited by cazshie, 19 April 2012 - 11:25 AM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:56 PM

Posted 19 April 2012 - 11:39 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 24
ZoneAlarm Spy Blocker
ZoneAlarm Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 cazshie

cazshie
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 19 April 2012 - 12:33 PM

Will I need to uninstall any of the following programs that were not on the first list I gave?

32 Bit HP CIO Components Installer
A4Tech iKeyWorks 7.64
Accounts
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.0
Advanced SystemCare 5
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AudibleManager
AutoUpdate
avast! Free Antivirus
AVG 2011
Basic PAYE Tools
Basic PAYE Tools 2012
Before You Know It 3.5 Lite
BitComet 1.28
BitLord 1.1
blueyonder Instant Support Tool
Bonjour
BufferChm
Byki
Byki Deluxe
C309g-m
C5200
C5200_doccd
c5200_Help
Camel's MPEGJoin
Cobian Backup 9
Compatibility Pack for the 2007 Office system
Copy
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN V Series (R2)
Critical Update for Windows Media Player 11 (KB959772)
CyberView X - SF v1.18c
Dell Driver Reset Tool
Dell Picture Studio v3.0
Dell System Restore
Destinations
DeviceDiscovery
DeviceManagementQFolder
DiscAPI (Studio 10)
DivX
DK3 Drivers v2.0.0.0
DocProc
DocProcQFolder
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.5.0
DVDFab 6.0.4.0 (28/07/2009)
ESPR200 Reference Guide
ESPR200 Software Guide
eSupportQFolder
Fax
FileZilla Client 3.1.5.1
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HandBrake 0.9.3
High Definition Audio Driver Package - KB835221
HMRC Employer CD-ROM 2009
HMRC Employer CD-ROM 2010 - Updated Edition 2.1.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Photosmart Premium C309g-m All-in-One Driver Software 13.0 Rel. 6
HP Print Projects 1.0
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:56 PM

Posted 19 April 2012 - 12:46 PM

Adobe Reader 9.5.0



Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 cazshie

cazshie
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 19 April 2012 - 01:04 PM

Thanks Gringo.

Just to clarify .. I can completely uninstall Adobe Reader and install Foxit and it will serve the same function but use less resources?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users