Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS & Google redirecting virus


  • This topic is locked This topic is locked
18 replies to this topic

#1 jav1188

jav1188

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 22 April 2012 - 02:34 AM

A few weeks ago my computer got infected with a some kind of virus that constantly redirects my searches on google. At first the redirecting was not that bad, and it only redirected my searches once in a while. But, now it redirects just about everytime I search for something on google. I believe that the virus has somehow started to slow down my computer. Below are some of the websites that I keep getting redirected to when I search of google.

http://click.get-answers-fast.com/ads-clicktrack/click/jump2.do?affiliate=46351&subid=8911_1234&terms=jump
http://click.get-answers-fast.com/ads-clicktrack/click/jump2.do?affiliate=46355&subid=8909_1233&terms=orange
http://info.digitalsherpa.com/optimize-your-facebook-timeline-for-your-business/
http://gyp.se/
http://ahomecareer1.info/
http://www.yellowpages.com/minneapolis-mn/beauty-salons?from=SEMPS_amp_nw_beauty_salons_63132092
http://www.shopautoweek.com/index.html?utm_source=admarketplace&utm_medium=cpc&utm_campaign=category%20targeting&utm_content=2037358764_ADMP

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by pvaj at 1:50:21 on 2012-04-22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.992 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\svchost.exe -k HPService
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=110014&babsrc=HP_ss&mntrId=80476e5e00000000000000210001a91e
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Update] rundll32.exe "c:\users\pvaj\appdata\roaming\cyberlink\cyberlink\dpvdx.dll",DllRegisterServer
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [NWEReboot]
mRun: [TrayServer] c:\program files\magix\movie_edit_pro_14\TrayServer.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{EE7E2B81-80C5-430D-8CB2-612B6713DB53} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pvaj\appdata\roaming\mozilla\firefox\profiles\iuhjshlp.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: keyword.URL - hxxp://serp.freecause.com/?ourmark=3&sid=100815&q=
FF - component: c:\users\pvaj\appdata\roaming\mozilla\firefox\profiles\iuhjshlp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\pvaj\appdata\roaming\mozilla\firefox\profiles\iuhjshlp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110014
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 80476e5e00000000000000210001a91e
FF - user.js: extensions.BabylonToolbar_i.hardId - 80476e5e00000000000000210001a91e
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15452
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:40:33
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
FF - user.js: extensions.autoDisableScopes - 14
.
.
============= SERVICES / DRIVERS ===============
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-3-4 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-17 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-17 337880]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [2008-1-23 501560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-17 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-17 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-17 44768]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-17 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-8 253088]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2011-6-22 1527900]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-17 136176]
S3 UPnPService;UPnPService;c:\program files\common files\magix shared\upnpservice\UPnPService.exe [2011-6-22 544768]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-04-15 23:30:18 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-15 23:30:17 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 06:39:00 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-06 06:39:00 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 16:11:24 24408 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-02-23 15:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 15:45:30 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47:57 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 16:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-02 15:16:25 2044416 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 1:51:12.19 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 AM

Posted 22 April 2012 - 09:27 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jav1188

jav1188
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 22 April 2012 - 07:38 PM

I downloaded security check and combofix, and used it to scan my computer. I did not run into any problems with security check and combofix. The notepad document of security check and combofix are posted below. My computer is still affected by the redirecting virus. Below are some of the new links that my searches are being directed to by the virus.

http://63.209.69.107/search/web/movie/a12/46355-4977_1233/v5
http://noteinvestors.com/
http://www.bizrate.com/condiments-seasoning-sauces/marinade/

Security Check:

Results of screen317's Security Check version 0.99.32
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 24
Java™ 6 Update 2
Java version out of date!
Adobe Flash Player 11.2.202.233
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox 10.0.1 Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

Combofix:

ComboFix 12-04-22.02 - pvaj 04/22/2012 18:50:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1788 [GMT -5:00]
Running from: c:\users\pvaj\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\pvaj\AppData\Roaming\CyberLink\CyberLink\dpvdx.dll
c:\users\pvaj\AppData\Roaming\Mozilla\Firefox\Profiles\iuhjshlp.default\weave\toFetch
c:\users\pvaj\Documents\~WRL0005.tmp
c:\windows\system32\KBL.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-03-22 to 2012-04-22 )))))))))))))))))))))))))))))))
.
.
2012-04-22 03:41 . 2012-04-22 03:41 -------- d-----w- c:\programdata\Uniblue
2012-04-22 02:34 . 2012-04-22 02:39 -------- d-----w- c:\program files\Advanced PC Tweaker
2012-04-22 00:42 . 2012-02-08 20:13 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-04-22 00:40 . 2012-04-22 03:47 -------- d-----w- c:\programdata\Tarma Installer
2012-04-22 00:40 . 2012-04-22 00:40 237 ----a-w- C:\user.js
2012-04-22 00:40 . 2012-04-22 00:40 -------- d-----w- c:\users\pvaj\AppData\Local\Babylon
2012-04-22 00:40 . 2012-04-22 00:40 -------- d-----w- c:\users\pvaj\AppData\Roaming\Babylon
2012-04-22 00:40 . 2012-04-22 00:40 -------- d-----w- c:\programdata\Babylon
2012-04-20 11:32 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFE00987-82CF-4EEC-8244-F980FBC57DA6}\mpengine.dll
2012-04-12 04:47 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 04:47 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 04:47 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 04:47 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 04:46 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 04:46 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 04:09 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-08 12:55 . 2012-04-15 23:30 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-02 14:56 . 2012-04-02 14:56 -------- d-----w- c:\users\Administrator
2012-03-26 03:09 . 2012-03-26 03:09 -------- d-----w- c:\programdata\Premium
2012-03-26 03:09 . 2012-04-22 04:10 -------- d-----w- c:\programdata\CodecC
2012-03-26 03:09 . 2012-03-26 03:09 -------- d-----w- C:\codec-info
2012-03-26 03:08 . 2012-03-26 03:09 -------- d-----w- c:\programdata\InstallMate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 23:30 . 2011-05-15 14:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-06 23:15 . 2011-03-17 22:14 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-03-17 22:14 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-03-17 22:15 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-03-17 22:15 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2011-03-17 22:15 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2011-03-17 22:15 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-03-17 22:15 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-03-17 22:15 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 16:11 . 2012-03-04 05:17 24408 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-02-23 15:18 . 2011-03-17 20:59 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 15:45 . 2012-03-14 00:09 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 00:09 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 00:09 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 00:09 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 00:09 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 16:02 . 2012-02-07 16:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-02 15:16 . 2012-03-14 00:09 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-08 20:13 . 2011-05-15 14:55 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-09 4702208]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472]
"TrayServer"="c:\program files\MAGIX\Movie_Edit_Pro_14\TrayServer.exe" [2007-12-04 90112]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 727592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 22:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 23:30]
.
2012-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-17 20:53]
.
2012-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-17 20:53]
.
2012-04-22 c:\windows\Tasks\One-Click Tweak.job
- c:\program files\Advanced PC Tweaker\OneClick.exe [2012-04-22 15:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=110014&babsrc=HP_ss&mntrId=80476e5e00000000000000210001a91e
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\pvaj\AppData\Roaming\Mozilla\Firefox\Profiles\iuhjshlp.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: keyword.URL - hxxp://serp.freecause.com/?ourmark=3&sid=100815&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110014
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 80476e5e00000000000000210001a91e
FF - user.js: extensions.BabylonToolbar_i.hardId - 80476e5e00000000000000210001a91e
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15452
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:40
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-NWEReboot - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-22 18:57
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-04-22 18:59:46
ComboFix-quarantined-files.txt 2012-04-22 23:59
.
Pre-Run: 124,963,876,864 bytes free
Post-Run: 124,977,356,800 bytes free
.
- - End Of File - - AA63FE1EFFA4D56B22F1E396F1B2BDFE

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 AM

Posted 22 April 2012 - 08:09 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jav1188

jav1188
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 23 April 2012 - 01:49 AM

Downloaded and ran both programs. I had no problems running the programs. The results are posted below.

TDSS Killer:

01:39:34.0738 0776 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
01:39:35.0084 0776 ============================================================
01:39:35.0084 0776 Current date / time: 2012/04/23 01:39:35.0084
01:39:35.0084 0776 SystemInfo:
01:39:35.0084 0776
01:39:35.0084 0776 OS Version: 6.0.6002 ServicePack: 2.0
01:39:35.0084 0776 Product type: Workstation
01:39:35.0084 0776 ComputerName: PVAJ-PC
01:39:35.0084 0776 UserName: pvaj
01:39:35.0084 0776 Windows directory: C:\Windows
01:39:35.0084 0776 System windows directory: C:\Windows
01:39:35.0084 0776 Processor architecture: Intel x86
01:39:35.0084 0776 Number of processors: 2
01:39:35.0084 0776 Page size: 0x1000
01:39:35.0084 0776 Boot type: Normal boot
01:39:35.0084 0776 ============================================================
01:39:35.0659 0776 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
01:39:35.0662 0776 \Device\Harddisk0\DR0:
01:39:35.0662 0776 MBR partitions:
01:39:35.0662 0776 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BA341C0
01:39:35.0662 0776 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BA341FF, BlocksNum 0x1790382
01:39:35.0695 0776 C: <-> \Device\Harddisk0\DR0\Partition0
01:39:35.0757 0776 D: <-> \Device\Harddisk0\DR0\Partition1
01:39:35.0757 0776 Initialize success
01:39:35.0757 0776 ============================================================
01:39:37.0413 5280 ============================================================
01:39:37.0413 5280 Scan started
01:39:37.0413 5280 Mode: Manual;
01:39:37.0413 5280 ============================================================
01:39:38.0604 5280 acedrv11 (66dc3740111238c91b875d8a0021834d) C:\Windows\system32\drivers\acedrv11.sys
01:39:38.0608 5280 acedrv11 - ok
01:39:38.0799 5280 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
01:39:38.0801 5280 ACPI - ok
01:39:39.0022 5280 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
01:39:39.0026 5280 AdobeFlashPlayerUpdateSvc - ok
01:39:39.0231 5280 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
01:39:39.0244 5280 adp94xx - ok
01:39:39.0443 5280 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
01:39:39.0450 5280 adpahci - ok
01:39:39.0616 5280 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
01:39:39.0618 5280 adpu160m - ok
01:39:39.0782 5280 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
01:39:39.0783 5280 adpu320 - ok
01:39:39.0919 5280 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
01:39:39.0921 5280 AeLookupSvc - ok
01:39:40.0122 5280 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
01:39:40.0125 5280 AFD - ok
01:39:40.0309 5280 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
01:39:40.0310 5280 agp440 - ok
01:39:40.0440 5280 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
01:39:40.0456 5280 aic78xx - ok
01:39:40.0725 5280 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
01:39:40.0726 5280 ALG - ok
01:39:40.0869 5280 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
01:39:40.0869 5280 aliide - ok
01:39:41.0036 5280 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
01:39:41.0038 5280 amdagp - ok
01:39:41.0175 5280 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
01:39:41.0189 5280 amdide - ok
01:39:41.0336 5280 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
01:39:41.0337 5280 AmdK7 - ok
01:39:41.0463 5280 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
01:39:41.0464 5280 AmdK8 - ok
01:39:41.0624 5280 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
01:39:41.0626 5280 Appinfo - ok
01:39:41.0822 5280 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
01:39:41.0824 5280 arc - ok
01:39:41.0974 5280 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
01:39:41.0977 5280 arcsas - ok
01:39:42.0168 5280 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
01:39:42.0168 5280 aswFsBlk - ok
01:39:42.0567 5280 aswKbd (d58ac76eb4d2b478b654ebd6550965bb) C:\Windows\system32\drivers\aswKbd.sys
01:39:42.0568 5280 aswKbd - ok
01:39:42.0848 5280 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
01:39:42.0849 5280 aswMonFlt - ok
01:39:42.0976 5280 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\Windows\system32\drivers\aswRdr.sys
01:39:42.0977 5280 aswRdr - ok
01:39:43.0235 5280 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
01:39:43.0255 5280 aswSnx - ok
01:39:43.0382 5280 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
01:39:43.0389 5280 aswSP - ok
01:39:43.0511 5280 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
01:39:43.0512 5280 aswTdi - ok
01:39:43.0670 5280 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
01:39:43.0671 5280 AsyncMac - ok
01:39:43.0816 5280 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
01:39:43.0816 5280 atapi - ok
01:39:43.0969 5280 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
01:39:43.0976 5280 AudioEndpointBuilder - ok
01:39:43.0991 5280 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
01:39:43.0994 5280 Audiosrv - ok
01:39:44.0095 5280 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
01:39:44.0096 5280 avast! Antivirus - ok
01:39:44.0198 5280 avast! Firewall - ok
01:39:44.0498 5280 BCM43XV (58da4a879daedc2ef91c0694415417d9) C:\Windows\system32\DRIVERS\bcmwl6.sys
01:39:44.0506 5280 BCM43XV - ok
01:39:44.0598 5280 BCM43XX (58da4a879daedc2ef91c0694415417d9) C:\Windows\system32\DRIVERS\bcmwl6.sys
01:39:44.0607 5280 BCM43XX - ok
01:39:44.0770 5280 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
01:39:44.0770 5280 Beep - ok
01:39:44.0956 5280 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
01:39:44.0959 5280 BFE - ok
01:39:45.0128 5280 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
01:39:45.0165 5280 BITS - ok
01:39:45.0303 5280 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
01:39:45.0304 5280 blbdrive - ok
01:39:45.0433 5280 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
01:39:45.0434 5280 bowser - ok
01:39:45.0570 5280 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
01:39:45.0572 5280 BrFiltLo - ok
01:39:45.0710 5280 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
01:39:45.0711 5280 BrFiltUp - ok
01:39:45.0829 5280 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
01:39:45.0831 5280 Browser - ok
01:39:46.0008 5280 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
01:39:46.0009 5280 Brserid - ok
01:39:46.0155 5280 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
01:39:46.0157 5280 BrSerWdm - ok
01:39:46.0290 5280 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
01:39:46.0291 5280 BrUsbMdm - ok
01:39:46.0429 5280 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
01:39:46.0430 5280 BrUsbSer - ok
01:39:46.0620 5280 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
01:39:46.0621 5280 BthEnum - ok
01:39:46.0892 5280 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
01:39:46.0894 5280 BTHMODEM - ok
01:39:47.0091 5280 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
01:39:47.0093 5280 BthPan - ok
01:39:47.0276 5280 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
01:39:47.0280 5280 BTHPORT - ok
01:39:47.0411 5280 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
01:39:47.0412 5280 BthServ - ok
01:39:47.0588 5280 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
01:39:47.0589 5280 BTHUSB - ok
01:39:47.0769 5280 btwaudio (99aeea7cefdfc6e4151a8f620d682088) C:\Windows\system32\drivers\btwaudio.sys
01:39:47.0770 5280 btwaudio - ok
01:39:47.0939 5280 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
01:39:47.0940 5280 btwavdt - ok
01:39:48.0107 5280 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
01:39:48.0107 5280 btwrchid - ok
01:39:48.0236 5280 catchme - ok
01:39:48.0429 5280 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
01:39:48.0430 5280 cdfs - ok
01:39:48.0603 5280 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
01:39:48.0604 5280 cdrom - ok
01:39:48.0784 5280 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
01:39:48.0785 5280 CertPropSvc - ok
01:39:48.0924 5280 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
01:39:48.0926 5280 circlass - ok
01:39:49.0041 5280 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
01:39:49.0043 5280 CLFS - ok
01:39:49.0174 5280 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:39:49.0176 5280 clr_optimization_v2.0.50727_32 - ok
01:39:49.0470 5280 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:39:49.0473 5280 clr_optimization_v4.0.30319_32 - ok
01:39:49.0687 5280 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
01:39:49.0688 5280 CmBatt - ok
01:39:49.0851 5280 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
01:39:49.0852 5280 cmdide - ok
01:39:49.0985 5280 Com4Qlb (d8774ace03b46c9b01a49818055f9ad4) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
01:39:49.0989 5280 Com4Qlb - ok
01:39:50.0257 5280 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
01:39:50.0258 5280 Compbatt - ok
01:39:50.0325 5280 COMSysApp - ok
01:39:50.0434 5280 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
01:39:50.0434 5280 crcdisk - ok
01:39:50.0572 5280 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
01:39:50.0582 5280 Crusoe - ok
01:39:50.0724 5280 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
01:39:50.0726 5280 CryptSvc - ok
01:39:50.0886 5280 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
01:39:50.0895 5280 DcomLaunch - ok
01:39:51.0052 5280 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
01:39:51.0053 5280 DfsC - ok
01:39:51.0273 5280 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
01:39:51.0340 5280 DFSR - ok
01:39:51.0496 5280 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
01:39:51.0502 5280 Dhcp - ok
01:39:51.0677 5280 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
01:39:51.0678 5280 disk - ok
01:39:51.0817 5280 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
01:39:51.0821 5280 Dnscache - ok
01:39:51.0938 5280 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
01:39:51.0943 5280 dot3svc - ok
01:39:52.0119 5280 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
01:39:52.0120 5280 Dot4 - ok
01:39:52.0519 5280 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
01:39:52.0534 5280 Dot4Print - ok
01:39:52.0619 5280 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
01:39:52.0620 5280 dot4usb - ok
01:39:52.0682 5280 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
01:39:52.0685 5280 DPS - ok
01:39:52.0785 5280 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
01:39:52.0786 5280 drmkaud - ok
01:39:52.0856 5280 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
01:39:52.0861 5280 DXGKrnl - ok
01:39:52.0975 5280 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
01:39:52.0984 5280 E1G60 - ok
01:39:53.0050 5280 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
01:39:53.0054 5280 EapHost - ok
01:39:53.0164 5280 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
01:39:53.0165 5280 Ecache - ok
01:39:53.0208 5280 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
01:39:53.0214 5280 ehRecvr - ok
01:39:53.0225 5280 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
01:39:53.0228 5280 ehSched - ok
01:39:53.0245 5280 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
01:39:53.0247 5280 ehstart - ok
01:39:53.0414 5280 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
01:39:53.0421 5280 elxstor - ok
01:39:53.0490 5280 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
01:39:53.0510 5280 EMDMgmt - ok
01:39:53.0604 5280 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
01:39:53.0605 5280 ErrDev - ok
01:39:53.0663 5280 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
01:39:53.0667 5280 EventSystem - ok
01:39:53.0778 5280 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
01:39:53.0782 5280 exfat - ok
01:39:53.0829 5280 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
01:39:53.0833 5280 fastfat - ok
01:39:54.0013 5280 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
01:39:54.0028 5280 fdc - ok
01:39:54.0103 5280 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
01:39:54.0105 5280 fdPHost - ok
01:39:54.0123 5280 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
01:39:54.0126 5280 FDResPub - ok
01:39:54.0299 5280 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
01:39:54.0300 5280 FileInfo - ok
01:39:54.0452 5280 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
01:39:54.0453 5280 Filetrace - ok
01:39:54.0621 5280 FirebirdServerMAGIXInstance (167d24a045499ebef438f231976158df) C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
01:39:54.0665 5280 FirebirdServerMAGIXInstance - ok
01:39:54.0816 5280 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
01:39:54.0818 5280 flpydisk - ok
01:39:54.0908 5280 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
01:39:54.0910 5280 FltMgr - ok
01:39:55.0064 5280 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
01:39:55.0099 5280 FontCache - ok
01:39:55.0216 5280 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
01:39:55.0218 5280 FontCache3.0.0.0 - ok
01:39:55.0326 5280 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
01:39:55.0327 5280 Fs_Rec - ok
01:39:55.0482 5280 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
01:39:55.0490 5280 gagp30kx - ok
01:39:55.0640 5280 GameConsoleService (44d07e5a444692e9b6a5cdd7401b4402) C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
01:39:55.0641 5280 GameConsoleService - ok
01:39:55.0777 5280 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
01:39:55.0799 5280 gpsvc - ok
01:39:55.0951 5280 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
01:39:55.0955 5280 gupdate - ok
01:39:55.0984 5280 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
01:39:55.0986 5280 gupdatem - ok
01:39:56.0079 5280 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
01:39:56.0086 5280 gusvc - ok
01:39:56.0247 5280 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
01:39:56.0252 5280 HdAudAddService - ok
01:39:56.0459 5280 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:39:56.0464 5280 HDAudBus - ok
01:39:56.0643 5280 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
01:39:56.0645 5280 HidBth - ok
01:39:56.0809 5280 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
01:39:56.0810 5280 HidIr - ok
01:39:56.0907 5280 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
01:39:56.0910 5280 hidserv - ok
01:39:56.0996 5280 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
01:39:56.0997 5280 HidUsb - ok
01:39:57.0100 5280 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
01:39:57.0105 5280 hkmsvc - ok
01:39:57.0190 5280 HP Health Check Service (0d26c438e2938a3e6bdd91173bc96ff0) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
01:39:57.0191 5280 HP Health Check Service - ok
01:39:57.0323 5280 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
01:39:57.0325 5280 HpCISSs - ok
01:39:57.0427 5280 hpqcxs08 (38d6b51f04def7fb248fa56e4c47407e) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
01:39:57.0429 5280 hpqcxs08 - ok
01:39:57.0458 5280 hpqddsvc (3ee4a63539ec04ee2d4bd293985087ab) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
01:39:57.0459 5280 hpqddsvc - ok
01:39:57.0600 5280 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
01:39:57.0601 5280 HpqKbFiltr - ok
01:39:57.0730 5280 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
01:39:57.0731 5280 HpqRemHid - ok
01:39:57.0854 5280 hpqwmiex (04c1dcbb226c6ae647b794833ce3ceb6) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
01:39:57.0856 5280 hpqwmiex - ok
01:39:57.0999 5280 HPSLPSVC (50aed60ea813124d6daee41814e4aaac) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
01:39:58.0021 5280 HPSLPSVC - ok
01:39:58.0202 5280 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
01:39:58.0207 5280 HSFHWAZL - ok
01:39:58.0396 5280 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
01:39:58.0427 5280 HSF_DPV - ok
01:39:58.0623 5280 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
01:39:58.0626 5280 HTTP - ok
01:39:58.0671 5280 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
01:39:58.0673 5280 i2omp - ok
01:39:58.0782 5280 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
01:39:58.0783 5280 i8042prt - ok
01:39:58.0907 5280 IAANTMON (681ef6e0cc7bbaa0c09acabeb91f669e) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
01:39:58.0910 5280 IAANTMON - ok
01:39:59.0031 5280 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
01:39:59.0034 5280 iaStor - ok
01:39:59.0107 5280 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
01:39:59.0112 5280 iaStorV - ok
01:39:59.0196 5280 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
01:39:59.0197 5280 IDriverT - ok
01:39:59.0362 5280 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:39:59.0386 5280 idsvc - ok
01:39:59.0552 5280 igfx (038815297078d236d8cc064c295a74c6) C:\Windows\system32\DRIVERS\igdkmd32.sys
01:39:59.0568 5280 igfx - ok
01:39:59.0627 5280 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
01:39:59.0629 5280 iirsp - ok
01:39:59.0727 5280 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
01:39:59.0746 5280 IKEEXT - ok
01:39:59.0910 5280 IntcAzAudAddService (2967e9c168cb5e0108a8a243ae179bad) C:\Windows\system32\drivers\RTKVHDA.sys
01:39:59.0926 5280 IntcAzAudAddService - ok
01:40:00.0044 5280 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
01:40:00.0045 5280 intelide - ok
01:40:00.0115 5280 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
01:40:00.0117 5280 intelppm - ok
01:40:00.0159 5280 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
01:40:00.0165 5280 IPBusEnum - ok
01:40:00.0216 5280 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:40:00.0217 5280 IpFilterDriver - ok
01:40:00.0263 5280 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
01:40:00.0271 5280 iphlpsvc - ok
01:40:00.0312 5280 IpInIp - ok
01:40:00.0361 5280 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
01:40:00.0363 5280 IPMIDRV - ok
01:40:00.0391 5280 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
01:40:00.0394 5280 IPNAT - ok
01:40:00.0432 5280 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
01:40:00.0447 5280 IRENUM - ok
01:40:00.0497 5280 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
01:40:00.0499 5280 isapnp - ok
01:40:00.0564 5280 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
01:40:00.0566 5280 iScsiPrt - ok
01:40:00.0613 5280 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
01:40:00.0615 5280 iteatapi - ok
01:40:00.0698 5280 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
01:40:00.0699 5280 iteraid - ok
01:40:00.0730 5280 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
01:40:00.0731 5280 kbdclass - ok
01:40:00.0766 5280 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
01:40:00.0767 5280 kbdhid - ok
01:40:00.0800 5280 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
01:40:00.0804 5280 KeyIso - ok
01:40:00.0844 5280 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
01:40:00.0847 5280 KSecDD - ok
01:40:00.0913 5280 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
01:40:00.0919 5280 KtmRm - ok
01:40:00.0966 5280 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
01:40:00.0973 5280 LanmanServer - ok
01:40:01.0097 5280 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
01:40:01.0106 5280 LanmanWorkstation - ok
01:40:01.0228 5280 LightScribeService (53710476495886d9961be46983a6a33f) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
01:40:01.0229 5280 LightScribeService - ok
01:40:01.0339 5280 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
01:40:01.0340 5280 lltdio - ok
01:40:01.0404 5280 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
01:40:01.0411 5280 lltdsvc - ok
01:40:01.0442 5280 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
01:40:01.0445 5280 lmhosts - ok
01:40:01.0510 5280 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
01:40:01.0513 5280 LSI_FC - ok
01:40:01.0596 5280 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
01:40:01.0598 5280 LSI_SAS - ok
01:40:01.0642 5280 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
01:40:01.0645 5280 LSI_SCSI - ok
01:40:01.0669 5280 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
01:40:01.0671 5280 luafv - ok
01:40:01.0713 5280 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
01:40:01.0718 5280 Mcx2Svc - ok
01:40:01.0830 5280 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
01:40:01.0839 5280 megasas - ok
01:40:01.0962 5280 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
01:40:01.0970 5280 MegaSR - ok
01:40:02.0091 5280 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
01:40:02.0093 5280 Microsoft Office Groove Audit Service - ok
01:40:02.0193 5280 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
01:40:02.0209 5280 MMCSS - ok
01:40:02.0277 5280 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
01:40:02.0278 5280 Modem - ok
01:40:02.0366 5280 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
01:40:02.0367 5280 monitor - ok
01:40:02.0406 5280 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
01:40:02.0407 5280 mouclass - ok
01:40:02.0427 5280 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
01:40:02.0429 5280 mouhid - ok
01:40:02.0462 5280 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
01:40:02.0463 5280 MountMgr - ok
01:40:02.0588 5280 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
01:40:02.0589 5280 mpio - ok
01:40:02.0676 5280 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
01:40:02.0677 5280 mpsdrv - ok
01:40:02.0736 5280 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
01:40:02.0756 5280 MpsSvc - ok
01:40:02.0929 5280 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
01:40:02.0930 5280 Mraid35x - ok
01:40:03.0028 5280 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
01:40:03.0030 5280 MRxDAV - ok
01:40:03.0058 5280 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:40:03.0060 5280 mrxsmb - ok
01:40:03.0162 5280 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:40:03.0164 5280 mrxsmb10 - ok
01:40:03.0239 5280 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:40:03.0240 5280 mrxsmb20 - ok
01:40:03.0385 5280 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
01:40:03.0387 5280 msahci - ok
01:40:03.0474 5280 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
01:40:03.0477 5280 msdsm - ok
01:40:03.0584 5280 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
01:40:03.0590 5280 MSDTC - ok
01:40:03.0666 5280 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
01:40:03.0667 5280 Msfs - ok
01:40:03.0822 5280 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
01:40:03.0823 5280 msisadrv - ok
01:40:03.0875 5280 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
01:40:03.0880 5280 MSiSCSI - ok
01:40:03.0915 5280 msiserver - ok
01:40:04.0015 5280 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
01:40:04.0017 5280 MSKSSRV - ok
01:40:04.0128 5280 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
01:40:04.0130 5280 MSPCLOCK - ok
01:40:04.0203 5280 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
01:40:04.0205 5280 MSPQM - ok
01:40:04.0359 5280 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
01:40:04.0360 5280 MsRPC - ok
01:40:04.0402 5280 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
01:40:04.0403 5280 mssmbios - ok
01:40:04.0484 5280 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
01:40:04.0491 5280 MSTEE - ok
01:40:04.0644 5280 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
01:40:04.0645 5280 Mup - ok
01:40:04.0776 5280 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
01:40:04.0787 5280 napagent - ok
01:40:04.0912 5280 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
01:40:04.0914 5280 NativeWifiP - ok
01:40:05.0064 5280 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
01:40:05.0069 5280 NDIS - ok
01:40:05.0152 5280 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
01:40:05.0154 5280 NdisTapi - ok
01:40:05.0296 5280 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
01:40:05.0297 5280 Ndisuio - ok
01:40:05.0342 5280 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
01:40:05.0344 5280 NdisWan - ok
01:40:05.0465 5280 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
01:40:05.0466 5280 NDProxy - ok
01:40:05.0612 5280 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll
01:40:05.0615 5280 Net Driver HPZ12 - ok
01:40:05.0715 5280 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
01:40:05.0716 5280 NetBIOS - ok
01:40:05.0849 5280 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
01:40:05.0851 5280 netbt - ok
01:40:05.0969 5280 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
01:40:05.0973 5280 Netlogon - ok
01:40:06.0076 5280 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
01:40:06.0082 5280 Netman - ok
01:40:06.0200 5280 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
01:40:06.0208 5280 netprofm - ok
01:40:06.0289 5280 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:40:06.0292 5280 NetTcpPortSharing - ok
01:40:06.0385 5280 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
01:40:06.0400 5280 nfrd960 - ok
01:40:06.0529 5280 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
01:40:06.0536 5280 NlaSvc - ok
01:40:06.0630 5280 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
01:40:06.0631 5280 Npfs - ok
01:40:06.0717 5280 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
01:40:06.0721 5280 nsi - ok
01:40:06.0864 5280 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
01:40:06.0865 5280 nsiproxy - ok
01:40:07.0074 5280 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
01:40:07.0083 5280 Ntfs - ok
01:40:07.0216 5280 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
01:40:07.0217 5280 ntrigdigi - ok
01:40:07.0478 5280 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
01:40:07.0479 5280 Null - ok
01:40:07.0701 5280 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
01:40:07.0710 5280 NVENETFD - ok
01:40:08.0096 5280 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
01:40:08.0099 5280 nvraid - ok
01:40:08.0249 5280 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
01:40:08.0250 5280 nvstor - ok
01:40:08.0390 5280 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
01:40:08.0393 5280 nv_agp - ok
01:40:08.0501 5280 NwlnkFlt - ok
01:40:08.0612 5280 NwlnkFwd - ok
01:40:08.0725 5280 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:40:08.0734 5280 odserv - ok
01:40:08.0908 5280 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
01:40:08.0909 5280 ohci1394 - ok
01:40:09.0011 5280 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:40:09.0012 5280 ose - ok
01:40:09.0155 5280 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
01:40:09.0186 5280 p2pimsvc - ok
01:40:09.0233 5280 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
01:40:09.0242 5280 p2psvc - ok
01:40:09.0375 5280 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
01:40:09.0394 5280 Parport - ok
01:40:09.0507 5280 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
01:40:09.0508 5280 partmgr - ok
01:40:09.0742 5280 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
01:40:09.0757 5280 Parvdm - ok
01:40:09.0850 5280 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
01:40:09.0856 5280 PcaSvc - ok
01:40:10.0022 5280 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
01:40:10.0024 5280 pci - ok
01:40:10.0157 5280 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
01:40:10.0159 5280 pciide - ok
01:40:10.0302 5280 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
01:40:10.0306 5280 pcmcia - ok
01:40:10.0520 5280 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
01:40:10.0551 5280 PEAUTH - ok
01:40:11.0046 5280 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
01:40:11.0099 5280 pla - ok
01:40:11.0282 5280 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
01:40:11.0292 5280 PlugPlay - ok
01:40:11.0385 5280 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll
01:40:11.0388 5280 Pml Driver HPZ12 - ok
01:40:11.0447 5280 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
01:40:11.0457 5280 PNRPAutoReg - ok
01:40:11.0547 5280 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
01:40:11.0556 5280 PNRPsvc - ok
01:40:11.0667 5280 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
01:40:11.0677 5280 PolicyAgent - ok
01:40:11.0748 5280 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
01:40:11.0749 5280 PptpMiniport - ok
01:40:11.0789 5280 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
01:40:11.0791 5280 Processor - ok
01:40:11.0826 5280 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
01:40:11.0834 5280 ProfSvc - ok
01:40:11.0882 5280 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
01:40:11.0887 5280 ProtectedStorage - ok
01:40:11.0963 5280 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
01:40:11.0966 5280 PSched - ok
01:40:12.0092 5280 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
01:40:12.0125 5280 ql2300 - ok
01:40:12.0175 5280 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
01:40:12.0187 5280 ql40xx - ok
01:40:12.0439 5280 QPCapSvc (ba396d1c71934e22679d3f4dac17e7ab) C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
01:40:12.0442 5280 QPCapSvc - ok
01:40:12.0455 5280 QPSched (4b455e8c41cad3219ccf53024dcad604) C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
01:40:12.0458 5280 QPSched - ok
01:40:12.0676 5280 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
01:40:12.0696 5280 QWAVE - ok
01:40:12.0876 5280 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
01:40:12.0877 5280 QWAVEdrv - ok
01:40:12.0901 5280 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
01:40:12.0902 5280 RasAcd - ok
01:40:13.0028 5280 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
01:40:13.0035 5280 RasAuto - ok
01:40:13.0195 5280 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:40:13.0196 5280 Rasl2tp - ok
01:40:13.0246 5280 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
01:40:13.0272 5280 RasMan - ok
01:40:13.0405 5280 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
01:40:13.0406 5280 RasPppoe - ok
01:40:13.0451 5280 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
01:40:13.0452 5280 RasSstp - ok
01:40:13.0643 5280 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
01:40:13.0646 5280 rdbss - ok
01:40:13.0687 5280 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:40:13.0688 5280 RDPCDD - ok
01:40:13.0725 5280 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
01:40:13.0727 5280 rdpdr - ok
01:40:13.0754 5280 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
01:40:13.0755 5280 RDPENCDD - ok
01:40:13.0804 5280 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
01:40:13.0822 5280 RDPWD - ok
01:40:13.0897 5280 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
01:40:13.0903 5280 RemoteAccess - ok
01:40:13.0950 5280 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
01:40:13.0967 5280 RemoteRegistry - ok
01:40:14.0056 5280 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
01:40:14.0058 5280 RFCOMM - ok
01:40:14.0145 5280 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
01:40:14.0147 5280 rimmptsk - ok
01:40:14.0198 5280 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
01:40:14.0199 5280 rimsptsk - ok
01:40:14.0220 5280 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
01:40:14.0222 5280 rismxdp - ok
01:40:14.0253 5280 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
01:40:14.0257 5280 RpcLocator - ok
01:40:14.0340 5280 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
01:40:14.0349 5280 RpcSs - ok
01:40:14.0427 5280 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
01:40:14.0429 5280 rspndr - ok
01:40:14.0521 5280 RTL8169 (9a929308a64183d3d9dccbb6df4badae) C:\Windows\system32\DRIVERS\Rtlh86.sys
01:40:14.0523 5280 RTL8169 - ok
01:40:14.0566 5280 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
01:40:14.0570 5280 SamSs - ok
01:40:14.0614 5280 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
01:40:14.0642 5280 sbp2port - ok
01:40:14.0714 5280 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
01:40:14.0722 5280 SCardSvr - ok
01:40:14.0799 5280 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
01:40:14.0808 5280 Schedule - ok
01:40:14.0853 5280 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
01:40:14.0854 5280 SCPolicySvc - ok
01:40:14.0982 5280 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
01:40:14.0983 5280 sdbus - ok
01:40:15.0078 5280 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
01:40:15.0086 5280 SDRSVC - ok
01:40:15.0289 5280 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
01:40:15.0290 5280 secdrv - ok
01:40:15.0380 5280 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
01:40:15.0385 5280 seclogon - ok
01:40:15.0424 5280 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
01:40:15.0437 5280 SENS - ok
01:40:15.0499 5280 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
01:40:15.0501 5280 Serenum - ok
01:40:15.0588 5280 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
01:40:15.0590 5280 Serial - ok
01:40:15.0625 5280 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
01:40:15.0637 5280 sermouse - ok
01:40:15.0720 5280 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
01:40:15.0728 5280 SessionEnv - ok
01:40:15.0833 5280 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
01:40:15.0834 5280 sffdisk - ok
01:40:15.0913 5280 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
01:40:15.0915 5280 sffp_mmc - ok
01:40:16.0011 5280 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
01:40:16.0013 5280 sffp_sd - ok
01:40:16.0065 5280 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
01:40:16.0085 5280 sfloppy - ok
01:40:16.0130 5280 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
01:40:16.0139 5280 SharedAccess - ok
01:40:16.0196 5280 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
01:40:16.0203 5280 ShellHWDetection - ok
01:40:16.0272 5280 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
01:40:16.0274 5280 sisagp - ok
01:40:16.0318 5280 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
01:40:16.0320 5280 SiSRaid2 - ok
01:40:16.0369 5280 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
01:40:16.0391 5280 SiSRaid4 - ok
01:40:16.0515 5280 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
01:40:16.0547 5280 slsvc - ok
01:40:16.0633 5280 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
01:40:16.0639 5280 SLUINotify - ok
01:40:16.0740 5280 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
01:40:16.0742 5280 Smb - ok
01:40:16.0832 5280 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
01:40:16.0865 5280 smserial - ok
01:40:16.0947 5280 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
01:40:16.0953 5280 SNMPTRAP - ok
01:40:17.0107 5280 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
01:40:17.0109 5280 spldr - ok
01:40:17.0142 5280 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
01:40:17.0149 5280 Spooler - ok
01:40:17.0241 5280 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
01:40:17.0247 5280 srv - ok
01:40:17.0291 5280 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
01:40:17.0295 5280 srv2 - ok
01:40:17.0333 5280 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
01:40:17.0335 5280 srvnet - ok
01:40:17.0371 5280 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
01:40:17.0377 5280 SSDPSRV - ok
01:40:17.0450 5280 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
01:40:17.0458 5280 SstpSvc - ok
01:40:17.0560 5280 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
01:40:17.0569 5280 stisvc - ok
01:40:17.0663 5280 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
01:40:17.0664 5280 swenum - ok
01:40:17.0713 5280 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
01:40:17.0724 5280 swprv - ok
01:40:17.0771 5280 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
01:40:17.0780 5280 Symc8xx - ok
01:40:17.0795 5280 SymIM - ok
01:40:17.0812 5280 SymIMMP - ok
01:40:17.0855 5280 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
01:40:17.0857 5280 Sym_hi - ok
01:40:17.0884 5280 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
01:40:17.0886 5280 Sym_u3 - ok
01:40:17.0958 5280 SynTP (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys
01:40:17.0961 5280 SynTP - ok
01:40:18.0041 5280 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
01:40:18.0063 5280 SysMain - ok
01:40:18.0128 5280 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
01:40:18.0135 5280 TabletInputService - ok
01:40:18.0222 5280 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
01:40:18.0229 5280 TapiSrv - ok
01:40:18.0274 5280 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
01:40:18.0280 5280 TBS - ok
01:40:18.0376 5280 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
01:40:18.0385 5280 Tcpip - ok
01:40:18.0487 5280 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
01:40:18.0495 5280 Tcpip6 - ok
01:40:18.0561 5280 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
01:40:18.0563 5280 tcpipreg - ok
01:40:18.0601 5280 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
01:40:18.0611 5280 TDPIPE - ok
01:40:18.0664 5280 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
01:40:18.0666 5280 TDTCP - ok
01:40:18.0696 5280 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
01:40:18.0698 5280 tdx - ok
01:40:18.0785 5280 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
01:40:18.0787 5280 TermDD - ok
01:40:18.0873 5280 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
01:40:18.0906 5280 TermService - ok
01:40:18.0948 5280 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
01:40:18.0954 5280 Themes - ok
01:40:19.0005 5280 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
01:40:19.0008 5280 THREADORDER - ok
01:40:19.0060 5280 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
01:40:19.0066 5280 TrkWks - ok
01:40:19.0113 5280 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
01:40:19.0115 5280 TrustedInstaller - ok
01:40:19.0233 5280 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:40:19.0235 5280 tssecsrv - ok
01:40:19.0250 5280 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
01:40:19.0252 5280 tunmp - ok
01:40:19.0318 5280 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
01:40:19.0319 5280 tunnel - ok
01:40:19.0350 5280 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
01:40:19.0361 5280 uagp35 - ok
01:40:19.0399 5280 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
01:40:19.0404 5280 udfs - ok
01:40:19.0479 5280 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
01:40:19.0486 5280 UI0Detect - ok
01:40:19.0541 5280 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
01:40:19.0544 5280 uliagpkx - ok
01:40:19.0592 5280 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
01:40:19.0598 5280 uliahci - ok
01:40:19.0637 5280 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
01:40:19.0640 5280 UlSata - ok
01:40:19.0677 5280 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
01:40:19.0680 5280 ulsata2 - ok
01:40:19.0750 5280 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
01:40:19.0752 5280 umbus - ok
01:40:19.0788 5280 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
01:40:19.0798 5280 upnphost - ok
01:40:20.0051 5280 UPnPService (7ce0fe34fd8fb7f52d1e503b0c1e4fa9) C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
01:40:20.0062 5280 UPnPService - ok
01:40:20.0249 5280 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
01:40:20.0250 5280 usbccgp - ok
01:40:20.0314 5280 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
01:40:20.0317 5280 usbcir - ok
01:40:20.0374 5280 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
01:40:20.0376 5280 usbehci - ok
01:40:20.0443 5280 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
01:40:20.0445 5280 usbhub - ok
01:40:20.0487 5280 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
01:40:20.0489 5280 usbohci - ok
01:40:20.0556 5280 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
01:40:20.0558 5280 usbprint - ok
01:40:20.0638 5280 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
01:40:20.0660 5280 usbscan - ok
01:40:20.0744 5280 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:40:20.0747 5280 USBSTOR - ok
01:40:20.0810 5280 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
01:40:20.0811 5280 usbuhci - ok
01:40:20.0876 5280 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
01:40:20.0878 5280 usbvideo - ok
01:40:20.0917 5280 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
01:40:20.0923 5280 UxSms - ok
01:40:21.0022 5280 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
01:40:21.0034 5280 vds - ok
01:40:21.0094 5280 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
01:40:21.0109 5280 vga - ok
01:40:21.0144 5280 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
01:40:21.0145 5280 VgaSave - ok
01:40:21.0176 5280 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
01:40:21.0179 5280 viaagp - ok
01:40:21.0219 5280 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
01:40:21.0221 5280 ViaC7 - ok
01:40:21.0253 5280 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
01:40:21.0255 5280 viaide - ok
01:40:21.0289 5280 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
01:40:21.0291 5280 volmgr - ok
01:40:21.0339 5280 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
01:40:21.0342 5280 volmgrx - ok
01:40:21.0375 5280 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
01:40:21.0377 5280 volsnap - ok
01:40:21.0431 5280 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
01:40:21.0434 5280 vsmraid - ok
01:40:21.0532 5280 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
01:40:21.0575 5280 VSS - ok
01:40:21.0660 5280 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
01:40:21.0671 5280 W32Time - ok
01:40:21.0788 5280 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
01:40:21.0790 5280 WacomPen - ok
01:40:21.0860 5280 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
01:40:21.0862 5280 Wanarp - ok
01:40:21.0875 5280 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
01:40:21.0877 5280 Wanarpv6 - ok
01:40:21.0982 5280 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
01:40:22.0003 5280 wcncsvc - ok
01:40:22.0159 5280 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
01:40:22.0165 5280 WcsPlugInService - ok
01:40:22.0256 5280 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
01:40:22.0258 5280 Wd - ok
01:40:22.0307 5280 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
01:40:22.0311 5280 Wdf01000 - ok
01:40:22.0341 5280 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
01:40:22.0348 5280 WdiServiceHost - ok
01:40:22.0353 5280 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
01:40:22.0360 5280 WdiSystemHost - ok
01:40:22.0446 5280 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
01:40:22.0455 5280 WebClient - ok
01:40:22.0529 5280 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
01:40:22.0538 5280 Wecsvc - ok
01:40:22.0589 5280 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
01:40:22.0615 5280 wercplsupport - ok
01:40:22.0649 5280 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
01:40:22.0657 5280 WerSvc - ok
01:40:22.0934 5280 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
01:40:22.0948 5280 winachsf - ok
01:40:23.0052 5280 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
01:40:23.0058 5280 WinDefend - ok
01:40:23.0065 5280 WinHttpAutoProxySvc - ok
01:40:23.0245 5280 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
01:40:23.0250 5280 Winmgmt - ok
01:40:23.0334 5280 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
01:40:23.0378 5280 WinRM - ok
01:40:23.0538 5280 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
01:40:23.0546 5280 WinUSB - ok
01:40:23.0614 5280 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
01:40:23.0637 5280 Wlansvc - ok
01:40:23.0891 5280 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:40:23.0925 5280 wlidsvc - ok
01:40:24.0066 5280 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
01:40:24.0067 5280 WmiAcpi - ok
01:40:24.0170 5280 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
01:40:24.0173 5280 wmiApSrv - ok
01:40:24.0304 5280 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
01:40:24.0326 5280 WMPNetworkSvc - ok
01:40:24.0453 5280 WMZuneComm (a3ba4712ebf768edfbccec09fa120b6f) C:\Program Files\Zune\WMZuneComm.exe
01:40:24.0459 5280 WMZuneComm - ok
01:40:24.0518 5280 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
01:40:24.0527 5280 WPCSvc - ok
01:40:24.0574 5280 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
01:40:24.0582 5280 WPDBusEnum - ok
01:40:24.0695 5280 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
01:40:24.0697 5280 WpdUsb - ok
01:40:24.0970 5280 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:40:24.0993 5280 WPFFontCache_v0400 - ok
01:40:25.0309 5280 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
01:40:25.0311 5280 ws2ifsl - ok
01:40:25.0445 5280 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
01:40:25.0452 5280 wscsvc - ok
01:40:25.0466 5280 WSearch - ok
01:40:25.0673 5280 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
01:40:25.0729 5280 wuauserv - ok
01:40:25.0917 5280 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
01:40:25.0919 5280 WudfPf - ok
01:40:25.0997 5280 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:40:26.0001 5280 WUDFRd - ok
01:40:26.0060 5280 wudfsvc (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll
01:40:26.0089 5280 wudfsvc - ok
01:40:26.0577 5280 ZuneNetworkSvc (5bdcacd5b2b0fb972bc570e70f616acf) C:\Program Files\Zune\ZuneNss.exe
01:40:26.0798 5280 ZuneNetworkSvc - ok
01:40:26.0936 5280 ZuneWlanCfgSvc (e22e48654a66aa3e24f4646c6bc1756c) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
01:40:26.0944 5280 ZuneWlanCfgSvc - ok
01:40:26.0974 5280 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
01:40:27.0075 5280 \Device\Harddisk0\DR0 - ok
01:40:27.0112 5280 Boot (0x1200) (8153cf210d8c19dc52af0d3708f25a29) \Device\Harddisk0\DR0\Partition0
01:40:27.0114 5280 \Device\Harddisk0\DR0\Partition0 - ok
01:40:27.0118 5280 Boot (0x1200) (6cbcd68c96587045018bbb7f651cb99b) \Device\Harddisk0\DR0\Partition1
01:40:27.0119 5280 \Device\Harddisk0\DR0\Partition1 - ok
01:40:27.0121 5280 ============================================================
01:40:27.0121 5280 Scan finished
01:40:27.0121 5280 ============================================================
01:40:27.0136 4768 Detected object count: 0
01:40:27.0136 4768 Actual detected object count: 0

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-23 01:43:03
-----------------------------
01:43:03.309 OS Version: Windows 6.0.6002 Service Pack 2
01:43:03.309 Number of processors: 2 586 0xF0D
01:43:03.310 ComputerName: PVAJ-PC UserName: pvaj
01:43:04.631 Initialize success
01:43:04.707 AVAST engine defs: 12042201
01:43:25.653 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
01:43:25.656 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
01:43:25.695 Disk 0 MBR read successfully
01:43:25.698 Disk 0 MBR scan
01:43:25.702 Disk 0 unknown MBR code
01:43:25.705 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226408 MB offset 63
01:43:25.739 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12064 MB offset 463684095
01:43:25.772 Disk 0 scanning sectors +488392065
01:43:25.873 Disk 0 scanning C:\Windows\system32\drivers
01:43:36.271 Service scanning
01:43:55.664 Modules scanning
01:44:06.550 Disk 0 trace - called modules:
01:44:06.583 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
01:44:06.927 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87165ac8]
01:44:06.933 3 CLASSPNP.SYS[8b5a18b3] -> nt!IofCallDriver -> [0x861066c8]
01:44:06.938 5 acpi.sys[806936bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8610f028]
01:44:07.816 AVAST engine scan C:\Windows
01:44:11.244 AVAST engine scan C:\Windows\system32
01:46:50.260 AVAST engine scan C:\Windows\system32\drivers
01:47:06.482 AVAST engine scan C:\Users\pvaj
01:48:41.819 Disk 0 MBR has been saved successfully to "C:\Users\pvaj\Desktop\MBR.dat"
01:48:41.828 The log file has been saved successfully to "C:\Users\pvaj\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 AM

Posted 23 April 2012 - 02:08 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\users\pvaj\AppData\Local\Babylon
c:\users\pvaj\AppData\Roaming\Babylon
c:\programdata\Babylon
c:\programdata\Premium
c:\programdata\CodecC
C:\codec-info

DDS::
uStart Page = hxxp://search.babylon.com/?affID=110014&babsrc=HP_ss&mntrId=80476e5e00000000000000210001a91e

FireFox::
FF - ProfilePath - c:\users\pvaj\AppData\Roaming\Mozilla\Firefox\Profiles\iuhjshlp.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: keyword.URL - hxxp://serp.freecause.com/?ourmark=3&sid=100815&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110014
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 80476e5e00000000000000210001a91e
FF - user.js: extensions.BabylonToolbar_i.hardId - 80476e5e00000000000000210001a91e
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15452
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:40
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.autoDisableScopes - 14

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jav1188

jav1188
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 23 April 2012 - 09:01 PM

I ran the script, and had no problems with the script and combofix. Nothing has changed to my laptop since running the script. My computer is still affected by the redirecting virus, and below is some of the recurring links caused by the virus.

http://www.happili.com/bc_rus/innerxy.php?q=mic&xy=10539
http://63.209.69.107/search/web/singer/a12/46355-4977_1233/v5
http://www.consumerincentiverewards.com/rd_p?p=310510&t=16950&c=51083-ciriphone4ipad2_728_hibrand&a=33503

Combofix:

ComboFix 12-04-22.02 - pvaj 04/23/2012 11:47:17.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1855 [GMT -5:00]
Running from: c:\users\pvaj\Desktop\ComboFix.exe
Command switches used :: c:\users\pvaj\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\codec-info
c:\codec-info\codec_info.html
c:\programdata\Babylon
c:\programdata\CodecC
c:\programdata\CodecC\background.html
c:\programdata\CodecC\bhoclass.dll
c:\programdata\CodecC\content.js
c:\programdata\CodecC\data\content.js
c:\programdata\CodecC\data\jsondb.js
c:\programdata\CodecC\hjakmojkcnhgipgkkbiempkfdndcnlah.crx
c:\programdata\CodecC\settings.ini
c:\programdata\Premium
c:\users\pvaj\AppData\Local\Babylon
c:\users\pvaj\AppData\Local\Babylon\Setup\bab033.tbinst.dat
c:\users\pvaj\AppData\Local\Babylon\Setup\bab091.norecovericon.dat
c:\users\pvaj\AppData\Local\Babylon\Setup\Babylon.dat
c:\users\pvaj\AppData\Local\Babylon\Setup\BExternal.dll
c:\users\pvaj\AppData\Local\Babylon\Setup\HtmlScreens\blueStar.png
c:\users\pvaj\AppData\Local\Babylon\Setup\HtmlScreens\eula.html
c:\users\pvaj\AppData\Local\Babylon\Setup\HtmlScreens\globe.png
c:\users\pvaj\AppData\Local\Babylon\Setup\HtmlScreens\options.js
c:\users\pvaj\AppData\Local\Babylon\Setup\HtmlScreens\page0.html
c:\users\pvaj\AppData\Local\Babylon\Setup\HtmlScreens\page2.css
c:\users\pvaj\AppData\Local\Babylon\Setup\HtmlScreens\page2.html
c:\users\pvaj\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css
c:\users\pvaj\AppData\Local\Babylon\Setup\HtmlScreens\page3.css
c:\users\pvaj\AppData\Local\Babylon\Setup\HtmlScreens\page3.html
c:\users\pvaj\AppData\Local\Babylon\Setup\HtmlScreens\page3Lrg.css
c:\users\pvaj\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif
c:\users\pvaj\AppData\Local\Babylon\Setup\HtmlScreens\progress.png
c:\users\pvaj\AppData\Local\Babylon\Setup\HtmlScreens\setup.js
c:\users\pvaj\AppData\Local\Babylon\Setup\HtmlScreens\title.png
c:\users\pvaj\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg
c:\users\pvaj\AppData\Local\Babylon\Setup\IECookieLow.dll
c:\users\pvaj\AppData\Local\Babylon\Setup\Setup-latest-30b.zpb
c:\users\pvaj\AppData\Local\Babylon\Setup\Setup-tbmntr903.zpb
c:\users\pvaj\AppData\Local\Babylon\Setup\Setup.exe
c:\users\pvaj\AppData\Local\Babylon\Setup\SetupStrings.dat
c:\users\pvaj\AppData\Local\Babylon\Setup\sign
c:\users\pvaj\AppData\Local\Babylon\Setup\sqlite3.dll
c:\users\pvaj\AppData\Roaming\Babylon
c:\users\pvaj\AppData\Roaming\Babylon\log_file.txt
c:\windows\system32\AutoRun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))
.
.
2012-04-23 16:56 . 2012-04-23 17:06 -------- d-----w- c:\users\pvaj\AppData\Local\temp
2012-04-23 16:56 . 2012-04-23 16:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-23 16:56 . 2012-04-23 16:56 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp
2012-04-23 05:11 . 2012-04-23 05:11 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-04-23 05:11 . 2012-04-23 05:11 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-04-22 03:41 . 2012-04-22 03:41 -------- d-----w- c:\programdata\Uniblue
2012-04-22 02:34 . 2012-04-22 02:39 -------- d-----w- c:\program files\Advanced PC Tweaker
2012-04-22 00:40 . 2012-04-22 03:47 -------- d-----w- c:\programdata\Tarma Installer
2012-04-22 00:40 . 2012-04-22 00:40 237 ----a-w- C:\user.js
2012-04-20 11:32 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFE00987-82CF-4EEC-8244-F980FBC57DA6}\mpengine.dll
2012-04-12 04:47 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 04:47 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 04:47 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 04:47 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 04:46 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 04:46 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 04:09 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-08 12:55 . 2012-04-15 23:30 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-02 14:56 . 2012-04-02 14:56 -------- d-----w- c:\users\Administrator
2012-03-26 03:08 . 2012-03-26 03:09 -------- d-----w- c:\programdata\InstallMate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 23:30 . 2011-05-15 14:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-06 23:15 . 2011-03-17 22:14 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-03-17 22:14 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-03-17 22:15 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-03-17 22:15 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2011-03-17 22:15 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2011-03-17 22:15 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-03-17 22:15 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-03-17 22:15 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 16:11 . 2012-03-04 05:17 24408 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-02-23 15:18 . 2011-03-17 20:59 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 15:45 . 2012-03-14 00:09 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 00:09 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 00:09 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 00:09 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 00:09 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 16:02 . 2012-02-07 16:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-02 15:16 . 2012-03-14 00:09 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-04-23 05:11 . 2011-05-15 14:55 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-09 4702208]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472]
"TrayServer"="c:\program files\MAGIX\Movie_Edit_Pro_14\TrayServer.exe" [2007-12-04 90112]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 727592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 22:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 23:30]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-17 20:53]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-17 20:53]
.
2012-04-22 c:\windows\Tasks\One-Click Tweak.job
- c:\program files\Advanced PC Tweaker\OneClick.exe [2012-04-22 15:02]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\pvaj\AppData\Roaming\Mozilla\Firefox\Profiles\iuhjshlp.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-23 12:06
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1384)
c:\program files\HP\QuickPlay\Kernel\Video\CLMedia.dll
c:\program files\Common Files\MAGIX Shared\MPEG2 Decoder\magixspmpeg.ax
c:\program files\Common Files\MAGIX Shared\MPEG2 Decoder\magixmpegin.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Completion time: 2012-04-23 12:11:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-23 17:11
ComboFix2.txt 2012-04-22 23:59
.
Pre-Run: 125,876,240,384 bytes free
Post-Run: 125,654,618,112 bytes free
.
- - End Of File - - 6D881250607D7D580CDDBA30C0B16AB2

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 AM

Posted 23 April 2012 - 09:13 PM

Good Evening

I would like to know which browsers are redirecting

FireFox
Chrome
Internet Explorer
check any that are installed


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jav1188

jav1188
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 23 April 2012 - 10:16 PM

The only browser that is affected by the redirecting virus is FireFox. Internet Explore seems to be working fine now, and is not affected by the virus.

jav1188

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 AM

Posted 23 April 2012 - 10:32 PM

Hello


Lets uninstall FireFox and if asked about user data or settings lets remove that also.

reinstall FireFox and check if it is still being redirected



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jav1188

jav1188
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 24 April 2012 - 09:06 AM

Gringo,

I followed the instructions, and I think that did the trick. FireFox seems to be working normally. I am not experiencing any issues with my searches being redirected to another link.

Thank You,

jav1188

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 AM

Posted 24 April 2012 - 12:52 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 8.1.0
Java™ 6 Update 2
Java™ 6 Update 24
Viewpoint Media Player
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 jav1188

jav1188
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 24 April 2012 - 11:48 PM

Gringo,

I followed the instructions and completed the scans, but I did run into some problems with the program Hijackthis. When I right clicked on the Hijackthis icon, there was not an option that would allow me to run as admin. I tried to run Hijackthis normally by double-clicking the icon, then clicked on the Do a system scan and save a logfile but everytime I did this message would show up:

"For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, Hijackthis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click Start, Run and type:
notepad C:\Windows\System32\drivers\etc\hosts

and press Enter. Find the line(s) Hijackthis reports and delete them. Save the file as 'hosts.' (with quotes), and reboot.

For Vista: simply, exit Hijackthis, right click on the Hijackthis icon, choose 'Run as administrator'."

Everytime I tried to bypass this message to perform the scan, the results in notepad would come out blank. I think the reason I'm having this problem is because I tried to fix the redirecting virus on my own before I signed up for help on bleepingcomputer.com. Before getting help from bleepingcomputer.com, I followed the directions from this clip and link.....


http://windows7themes.net/windows-7-hosts-file-access-denied.html

Because I followed the instructions on the link, I created a separate admin/host user account. But, when I logged on to the admin account, I was able to run the Hijackthis program without the message popping up and get the results. I'm not completely sure if this is the cause of the problem, but that's my guess. As of right now, I do not have any problems with my searches being redirected to another site. FireFox is working fine. My computer seems to be running fine, but for the last few days my computer has been running at a pretty high performance which doesn't seem to be normal. The CPU Usage has be running at round 50-80%, even with only a few programs running. Any thoughts or suggestions about this?

jav1188

MBAM:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.25.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
pvaj :: PVAJ-PC [administrator]

4/24/2012 10:00:50 PM
mbam-log-2012-04-24 (22-00-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224020
Time elapsed: 7 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\pvaj\Downloads\Mozilla_FireFox_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

(end)

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:32:14 PM, on 4/24/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_14\TrayServer.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 10319 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:27 AM

Posted 24 April 2012 - 11:54 PM

Hello

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator




These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
      O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
      O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_14\TrayServer.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
      O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
      O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 jav1188

jav1188
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 26 April 2012 - 03:23 AM

ESET Online:

C:\Users\pvaj\Downloads\Anti-virus program\Not work\AdvancedPCTweaker_Setup.exe a variant of Win32/Adware.AdvPCTweak application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users