Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect virus Happili and Infomash web pag


  • This topic is locked This topic is locked
26 replies to this topic

#1 frances0055

frances0055

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 23 April 2012 - 03:17 PM

I also had trojon tracker that Norton fixed. They come up at the same time are they the same thing? But I still have the redirect problem.

Here is my highjackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:47:28 PM, on 4/23/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Windows\system32\jusched.exe
C:\Program Files\SGPSA\ie3sh.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\PictureMover\Bin\PictureMover.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\hp\kbd\kbd.exe
C:\Users\owner\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.6.2.10\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: PictureMover.lnk = C:\Program Files\PictureMover\Bin\PictureMover.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9286 bytes

Edited by frances0055, 23 April 2012 - 03:26 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:15 PM

Posted 24 April 2012 - 12:05 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 frances0055

frances0055
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 24 April 2012 - 11:23 AM

Well before I download the new programs you have for me I did the Malwarebytes program and it found and removed two PUP.Fbsearch. Don’t know if it worked yet. Should I still do the new programs or give you another highjackthis log?

I still have the virus, when I am using firefox.

Edited by frances0055, 24 April 2012 - 11:32 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:15 PM

Posted 24 April 2012 - 03:18 PM

Run the new program for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 frances0055

frances0055
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 24 April 2012 - 03:30 PM

Results of screen317's Security Check version 0.99.32
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton AntiVirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 26
Java™ SE Runtime Environment 6 Update 1
Java version out of date!
Adobe Flash Player 11.2.202.233
Adobe Reader 8 Adobe Reader out of date!
Adobe Reader X KB403742.. Adobe Reader out of Date!
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````

#6 frances0055

frances0055
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 24 April 2012 - 03:33 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by owner at 16:31:12 on 2012-04-24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1416 [GMT -4:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
c:\hp\HPEZBTN\HPBtnSrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
C:\Windows\System32\mobsync.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Windows\system32\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\SGPSA\ie3sh.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\PictureMover\Bin\PictureMover.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Users\owner\Desktop\Defogger.exe
C:\Users\owner\Desktop\SecurityCheck.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://m.www.yahoo.com/
uSearch Bar = Preserve
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\19.7.0.9\ips\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Search Assistant: {f0626a63-410b-45e2-99a1-3f2475b2d695} - c:\program files\sgpsa\BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [CCUTRAYICON] FactoryMode
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [<NO NAME>]
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [FBSSA] c:\program files\sgpsa\ie3sh.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\picturemover.lnk - c:\program files\picturemover\bin\PictureMover.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: intuit.com\ttlc
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 172.16.0.1
TCP: Interfaces\{533640CA-E5EB-4D6F-8D77-643B39E2F2BA} : DhcpNameServer = 172.16.0.1
TCP: Interfaces\{6C10EA18-B7C2-45D7-A274-83D5BA89E86B} : DhcpNameServer = 172.16.0.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\9li52o16.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\9li52o16.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\owner\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\owner\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1307000.009\symds.sys [2012-4-23 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1307000.009\symefa.sys [2012-4-23 905336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\bashdefs\20120413.001\BHDrvx86.sys [2012-4-20 821880]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1307000.009\ccsetx86.sys [2012-4-23 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\ipsdefs\20120423.001\IDSvix86.sys [2012-4-23 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1307000.009\ironx86.sys [2012-4-23 149624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nav\1307000.009\symtdiv.sys [2012-4-23 345208]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-21 21504]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\hpezbtn\HPBtnSrv.exe [2007-8-14 198240]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\19.7.0.9\ccsvchst.exe [2012-4-23 138232]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.17.20\SymcPCCULaunchSvc.exe [2011-12-6 135608]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.17.20\ccSvcHst.exe [2011-12-6 126392]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-3 106104]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-7-14 1443584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 253088]
S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
S3 MobileAdapter;Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\qscnusb.sys [2011-5-21 103552]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2007-8-14 265216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-23 22:03:26 905336 ----a-w- c:\windows\system32\drivers\nav\1307000.009\symefa.sys
2012-04-23 22:03:26 345208 ----a-w- c:\windows\system32\drivers\nav\1307000.009\symtdiv.sys
2012-04-23 22:03:26 340088 ----a-r- c:\windows\system32\drivers\nav\1307000.009\symds.sys
2012-04-23 22:03:26 32888 ----a-w- c:\windows\system32\drivers\nav\1307000.009\srtspx.sys
2012-04-23 22:03:26 318584 ----a-w- c:\windows\system32\drivers\nav\1307000.009\symnets.sys
2012-04-23 22:03:25 574072 ----a-w- c:\windows\system32\drivers\nav\1307000.009\srtsp.sys
2012-04-23 22:03:25 149624 ----a-w- c:\windows\system32\drivers\nav\1307000.009\ironx86.sys
2012-04-23 22:03:25 132744 ----a-w- c:\windows\system32\drivers\nav\1307000.009\ccsetx86.sys
2012-04-23 22:02:32 4782 ----a-w- c:\windows\system32\drivers\nav\1307000.009\symvtcer.dat
2012-04-23 22:02:31 -------- d-----w- c:\windows\system32\drivers\nav\1307000.009
2012-04-23 19:27:43 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2012-04-23 19:27:31 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-23 19:27:31 -------- d-----w- c:\programdata\Malwarebytes
2012-04-23 19:27:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-10 22:37:42 -------- d-----w- c:\users\owner\appdata\local\NPE
2012-04-10 21:42:57 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-10 21:42:57 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-10 19:55:49 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-04-07 23:03:03 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-13 23:22:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-23 22:45:05 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 15:45:30 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47:57 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-02 15:16:25 2044416 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 16:32:02.91 ===============

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:15 PM

Posted 24 April 2012 - 10:26 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 frances0055

frances0055
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 25 April 2012 - 08:25 PM

ComboFix 12-04-25.02 - owner 04/25/2012 21:01:39.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1897 [GMT -4:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Fast Browser Search
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtection.xml
c:\program files\Search Guard Plus\fbsProtectionI.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe
c:\program files\Search Guard Plus\SearchGuardPlus.ico
c:\program files\Search Guard Plus\uninstalSGP.exe
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\Search Guard PlusU\Tmp\removesgp.exe
c:\program files\Search Guard PlusU\Tmp\removesgp0.exe
c:\program files\Search Guard PlusU\uninstalSGPU.exe
c:\program files\SGPSA
c:\program files\SGPSA\BHO.dll
c:\program files\SGPSA\ie3sh.exe
c:\program files\SGPSA\mtwb3sh.dll
c:\programdata\ntuser.dat
c:\users\Public\RemoveSGP.exe
c:\users\Public\RemoveSGP0.exe
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-26 to 2012-04-26 )))))))))))))))))))))))))))))))
.
.
2012-04-24 16:25 . 2012-03-13 04:39 97208 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-04-23 22:02 . 2012-04-24 00:17 -------- d-----w- c:\windows\system32\drivers\NAV\1307000.009
2012-04-23 19:27 . 2012-04-23 19:27 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes
2012-04-23 19:27 . 2012-04-23 19:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-23 19:27 . 2012-04-23 19:27 -------- d-----w- c:\programdata\Malwarebytes
2012-04-23 19:27 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-10 22:37 . 2012-04-10 22:51 -------- d-----w- c:\users\owner\AppData\Local\NPE
2012-04-10 21:42 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-10 21:42 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-10 19:55 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-07 23:03 . 2012-04-13 23:22 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 23:22 . 2011-10-30 15:20 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-23 22:45 . 2011-04-22 02:20 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-23 14:18 . 2010-03-12 21:50 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 15:45 . 2012-03-13 22:24 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-13 22:24 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-13 22:24 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-13 22:24 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-13 22:24 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-08 06:03 . 2012-03-13 22:24 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CD8756A-FB83-4B25-B546-19954A37805D}\mpengine.dll
2012-02-02 15:16 . 2012-03-13 22:24 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 04:39 . 2012-04-24 16:25 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-05-16 484904]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-15 178968]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe [2009-11-9 1036856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 23:22]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1764863474-2538746460-2983542383-1001Core.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-05 15:25]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1764863474-2538746460-2983542383-1001UA.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-05 15:25]
.
2012-04-18 c:\windows\Tasks\HPCeeScheduleForowner.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-08-14 23:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 172.16.0.1
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9li52o16.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
HKLM-Run-FBSSA - c:\program files\SGPSA\ie3sh.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-25 21:08
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
FBSSA = c:\program files\SGPSA\ie3sh.exe?wb3sh.dll??&???????C6??5D12??B62-??ce-9??1-93??1C32??72}???????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.17.20\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-04-25 21:10:42
ComboFix-quarantined-files.txt 2012-04-26 01:10
.
Pre-Run: 183,855,689,728 bytes free
Post-Run: 184,831,291,392 bytes free
.
- - End Of File - - FD67E8C4C12F36BA46F57D718C7C90A8

#9 frances0055

frances0055
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 25 April 2012 - 08:37 PM

I did a search and still have the redirect problem.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:15 PM

Posted 25 April 2012 - 10:14 PM

Greetings

I would like to know which browsers are rdirecting - check all that are installed

I would like you to go to this site to see how to manage addons - http://www.ghacks.net/2008/11/18/manage-firefox-plugins/

I want you to look for this addon and disable it - "Performance Cache 1.0"

For Chrome I want you to uninstall it and reinstall it if asked about user data or settings remove that also


I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Edited by gringo_pr, 25 April 2012 - 11:59 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 frances0055

frances0055
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 25 April 2012 - 10:50 PM

I see it in firefox the most, then chrome, and IE I can't remember I don't use that one much. I think I got this from that coupon.com printer software. I see so many people use it, Well you know I felt it was safe. Thank you so much for your help. I can't run this program until Friday night. I will let you know how it worked.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:15 PM

Posted 26 April 2012 - 06:20 AM

see edit above
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 frances0055

frances0055
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 27 April 2012 - 03:26 PM

16:21:15.0552 3340 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
16:21:15.0832 3340 ============================================================
16:21:15.0832 3340 Current date / time: 2012/04/27 16:21:15.0832
16:21:15.0832 3340 SystemInfo:
16:21:15.0832 3340
16:21:15.0832 3340 OS Version: 6.0.6002 ServicePack: 2.0
16:21:15.0832 3340 Product type: Workstation
16:21:15.0832 3340 ComputerName: OWNER-PC
16:21:15.0832 3340 UserName: owner
16:21:15.0832 3340 Windows directory: C:\Windows
16:21:15.0832 3340 System windows directory: C:\Windows
16:21:15.0833 3340 Processor architecture: Intel x86
16:21:15.0833 3340 Number of processors: 4
16:21:15.0833 3340 Page size: 0x1000
16:21:15.0833 3340 Boot type: Normal boot
16:21:15.0833 3340 ============================================================
16:21:17.0588 3340 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:21:17.0613 3340 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:21:17.0635 3340 ============================================================
16:21:17.0635 3340 \Device\Harddisk0\DR0:
16:21:17.0635 3340 MBR partitions:
16:21:17.0635 3340 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x241F9EDE
16:21:17.0635 3340 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x241F9F1D, BlocksNum 0x12337A4
16:21:17.0635 3340 \Device\Harddisk1\DR1:
16:21:17.0635 3340 MBR partitions:
16:21:17.0635 3340 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
16:21:17.0635 3340 ============================================================
16:21:17.0726 3340 C: <-> \Device\Harddisk0\DR0\Partition0
16:21:17.0754 3340 E: <-> \Device\Harddisk1\DR1\Partition0
16:21:17.0793 3340 D: <-> \Device\Harddisk0\DR0\Partition1
16:21:17.0793 3340 ============================================================
16:21:17.0793 3340 Initialize success
16:21:17.0794 3340 ============================================================
16:21:24.0873 1424 ============================================================
16:21:24.0873 1424 Scan started
16:21:24.0873 1424 Mode: Manual;
16:21:24.0873 1424 ============================================================
16:21:26.0849 1424 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:21:26.0852 1424 ACPI - ok
16:21:26.0914 1424 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:21:26.0916 1424 AdobeFlashPlayerUpdateSvc - ok
16:21:26.0961 1424 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
16:21:26.0966 1424 adp94xx - ok
16:21:27.0003 1424 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
16:21:27.0007 1424 adpahci - ok
16:21:27.0030 1424 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
16:21:27.0031 1424 adpu160m - ok
16:21:27.0056 1424 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
16:21:27.0058 1424 adpu320 - ok
16:21:27.0088 1424 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
16:21:27.0089 1424 AeLookupSvc - ok
16:21:27.0133 1424 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:21:27.0136 1424 AFD - ok
16:21:27.0183 1424 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
16:21:27.0184 1424 agp440 - ok
16:21:27.0218 1424 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:21:27.0219 1424 aic78xx - ok
16:21:27.0300 1424 AlertService (c86d177967d27c80e466d4ed95c26db9) C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
16:21:27.0303 1424 AlertService - ok
16:21:27.0327 1424 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
16:21:27.0328 1424 ALG - ok
16:21:27.0334 1424 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
16:21:27.0335 1424 aliide - ok
16:21:27.0373 1424 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
16:21:27.0375 1424 amdagp - ok
16:21:27.0390 1424 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
16:21:27.0391 1424 amdide - ok
16:21:27.0421 1424 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
16:21:27.0422 1424 AmdK7 - ok
16:21:27.0444 1424 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
16:21:27.0445 1424 AmdK8 - ok
16:21:27.0522 1424 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
16:21:27.0523 1424 Appinfo - ok
16:21:27.0620 1424 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
16:21:27.0621 1424 arc - ok
16:21:27.0651 1424 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
16:21:27.0653 1424 arcsas - ok
16:21:27.0683 1424 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:21:27.0685 1424 AsyncMac - ok
16:21:27.0706 1424 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
16:21:27.0706 1424 atapi - ok
16:21:27.0793 1424 ATIAVPCI (5c82165d604269bb7cd8171a4b50288a) C:\Windows\system32\DRIVERS\atinavrr.sys
16:21:27.0802 1424 ATIAVPCI - ok
16:21:27.0882 1424 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
16:21:27.0886 1424 AudioEndpointBuilder - ok
16:21:27.0889 1424 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
16:21:27.0891 1424 Audiosrv - ok
16:21:27.0951 1424 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:21:27.0951 1424 Beep - ok
16:21:27.0985 1424 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
16:21:27.0987 1424 BFE - ok
16:21:28.0164 1424 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx86.sys
16:21:28.0174 1424 BHDrvx86 - ok
16:21:28.0261 1424 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
16:21:28.0267 1424 BITS - ok
16:21:28.0336 1424 blbdrive - ok
16:21:28.0368 1424 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:21:28.0369 1424 bowser - ok
16:21:28.0411 1424 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:21:28.0411 1424 BrFiltLo - ok
16:21:28.0427 1424 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:21:28.0428 1424 BrFiltUp - ok
16:21:28.0452 1424 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
16:21:28.0453 1424 Browser - ok
16:21:28.0488 1424 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:21:28.0489 1424 Brserid - ok
16:21:28.0509 1424 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:21:28.0509 1424 BrSerWdm - ok
16:21:28.0527 1424 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:21:28.0528 1424 BrUsbMdm - ok
16:21:28.0538 1424 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:21:28.0539 1424 BrUsbSer - ok
16:21:28.0639 1424 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:21:28.0640 1424 BTHMODEM - ok
16:21:28.0695 1424 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
16:21:28.0696 1424 BVRPMPR5 - ok
16:21:28.0767 1424 catchme - ok
16:21:28.0837 1424 ccSet_NAV (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\NAV\1307000.009\ccSetx86.sys
16:21:28.0840 1424 ccSet_NAV - ok
16:21:28.0875 1424 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:21:28.0877 1424 cdfs - ok
16:21:28.0926 1424 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:21:28.0927 1424 cdrom - ok
16:21:28.0964 1424 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
16:21:28.0965 1424 CertPropSvc - ok
16:21:28.0990 1424 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
16:21:28.0991 1424 circlass - ok
16:21:29.0025 1424 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:21:29.0027 1424 CLFS - ok
16:21:29.0097 1424 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:21:29.0099 1424 clr_optimization_v2.0.50727_32 - ok
16:21:29.0167 1424 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:21:29.0169 1424 clr_optimization_v4.0.30319_32 - ok
16:21:29.0183 1424 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
16:21:29.0184 1424 cmdide - ok
16:21:29.0195 1424 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
16:21:29.0196 1424 Compbatt - ok
16:21:29.0199 1424 COMSysApp - ok
16:21:29.0215 1424 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
16:21:29.0216 1424 crcdisk - ok
16:21:29.0232 1424 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
16:21:29.0233 1424 Crusoe - ok
16:21:29.0279 1424 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
16:21:29.0280 1424 CryptSvc - ok
16:21:29.0338 1424 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
16:21:29.0346 1424 DcomLaunch - ok
16:21:29.0372 1424 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:21:29.0374 1424 DfsC - ok
16:21:29.0485 1424 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
16:21:29.0509 1424 DFSR - ok
16:21:29.0710 1424 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
16:21:29.0711 1424 Dhcp - ok
16:21:29.0754 1424 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:21:29.0755 1424 disk - ok
16:21:29.0792 1424 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
16:21:29.0793 1424 Dnscache - ok
16:21:29.0821 1424 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
16:21:29.0824 1424 dot3svc - ok
16:21:29.0864 1424 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
16:21:29.0865 1424 Dot4 - ok
16:21:29.0891 1424 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:21:29.0891 1424 Dot4Print - ok
16:21:29.0903 1424 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
16:21:29.0904 1424 dot4usb - ok
16:21:29.0945 1424 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
16:21:29.0946 1424 DPS - ok
16:21:29.0996 1424 DQLWinService (a0b584c33f55545d56f9e71fb4e203ac) C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
16:21:29.0998 1424 DQLWinService - ok
16:21:30.0040 1424 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:21:30.0041 1424 drmkaud - ok
16:21:30.0088 1424 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:21:30.0096 1424 DXGKrnl - ok
16:21:30.0135 1424 e1express (88b16142b40cc080a2d86ae769a30396) C:\Windows\system32\DRIVERS\e1e6032.sys
16:21:30.0138 1424 e1express - ok
16:21:30.0175 1424 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:21:30.0176 1424 E1G60 - ok
16:21:30.0214 1424 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
16:21:30.0215 1424 EapHost - ok
16:21:30.0257 1424 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:21:30.0259 1424 Ecache - ok
16:21:30.0366 1424 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:21:30.0371 1424 eeCtrl - ok
16:21:30.0421 1424 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
16:21:30.0424 1424 ehRecvr - ok
16:21:30.0453 1424 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
16:21:30.0454 1424 ehSched - ok
16:21:30.0494 1424 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
16:21:30.0495 1424 ehstart - ok
16:21:30.0541 1424 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
16:21:30.0545 1424 elxstor - ok
16:21:30.0629 1424 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
16:21:30.0633 1424 EMDMgmt - ok
16:21:30.0723 1424 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:21:30.0724 1424 EraserUtilRebootDrv - ok
16:21:30.0765 1424 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
16:21:30.0768 1424 EventSystem - ok
16:21:30.0839 1424 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:21:30.0840 1424 exfat - ok
16:21:30.0882 1424 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:21:30.0885 1424 fastfat - ok
16:21:30.0924 1424 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
16:21:30.0925 1424 fdc - ok
16:21:30.0947 1424 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
16:21:30.0948 1424 fdPHost - ok
16:21:30.0961 1424 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
16:21:30.0962 1424 FDResPub - ok
16:21:30.0998 1424 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:21:30.0999 1424 FileInfo - ok
16:21:31.0023 1424 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:21:31.0024 1424 Filetrace - ok
16:21:31.0039 1424 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
16:21:31.0040 1424 flpydisk - ok
16:21:31.0067 1424 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:21:31.0069 1424 FltMgr - ok
16:21:31.0149 1424 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
16:21:31.0159 1424 FontCache - ok
16:21:31.0230 1424 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:21:31.0231 1424 FontCache3.0.0.0 - ok
16:21:31.0251 1424 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
16:21:31.0252 1424 Fs_Rec - ok
16:21:31.0279 1424 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
16:21:31.0279 1424 gagp30kx - ok
16:21:31.0372 1424 GameConsoleService (3eafdd637416393722aa98e940dfd0a0) C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
16:21:31.0375 1424 GameConsoleService - ok
16:21:31.0419 1424 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
16:21:31.0426 1424 gpsvc - ok
16:21:31.0553 1424 HCW85BDA (ac33be07397814a442dc305223de3524) C:\Windows\system32\drivers\HCW85BDA.sys
16:21:31.0562 1424 HCW85BDA - ok
16:21:31.0715 1424 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:21:31.0719 1424 HdAudAddService - ok
16:21:31.0773 1424 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:21:31.0777 1424 HDAudBus - ok
16:21:31.0787 1424 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:21:31.0788 1424 HidBth - ok
16:21:31.0817 1424 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
16:21:31.0818 1424 HidIr - ok
16:21:31.0840 1424 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
16:21:31.0841 1424 hidserv - ok
16:21:31.0862 1424 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:21:31.0863 1424 HidUsb - ok
16:21:31.0887 1424 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
16:21:31.0889 1424 hkmsvc - ok
16:21:31.0960 1424 HP Health Check Service (e48b80f6614d4befa7768b960ffef514) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
16:21:31.0961 1424 HP Health Check Service - ok
16:21:31.0997 1424 HPBtnSrv (deb82af183f1cd06813d91ed104c645c) c:\hp\HPEZBTN\HPBtnSrv.exe
16:21:31.0998 1424 HPBtnSrv - ok
16:21:32.0027 1424 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
16:21:32.0028 1424 HpCISSs - ok
16:21:32.0098 1424 HSF_DP (729ff797a69cd3e96bbaea1e35e56738) C:\Windows\system32\DRIVERS\HSX_DP.sys
16:21:32.0104 1424 HSF_DP - ok
16:21:32.0120 1424 HSXHWBS2 (e8eb7746002e2038345e6839503e3c4a) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
16:21:32.0123 1424 HSXHWBS2 - ok
16:21:32.0161 1424 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
16:21:32.0164 1424 HTTP - ok
16:21:32.0205 1424 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
16:21:32.0206 1424 i2omp - ok
16:21:32.0255 1424 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:21:32.0256 1424 i8042prt - ok
16:21:32.0356 1424 IAANTMON (9a4dc97e912c5ea375e2c69917946265) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
16:21:32.0360 1424 IAANTMON - ok
16:21:32.0401 1424 iaStor (2d8143c90f246d0f1735af7d05d515f3) C:\Windows\system32\drivers\iastor.sys
16:21:32.0403 1424 iaStor - ok
16:21:32.0435 1424 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
16:21:32.0439 1424 iaStorV - ok
16:21:32.0528 1424 IDriverT (6f95324909b502e2651442c1548ab12f) c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:21:32.0530 1424 IDriverT - ok
16:21:32.0819 1424 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:21:32.0828 1424 idsvc - ok
16:21:33.0020 1424 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120425.001\IDSvix86.sys
16:21:33.0024 1424 IDSVix86 - ok
16:21:33.0125 1424 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:21:33.0127 1424 iirsp - ok
16:21:33.0179 1424 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
16:21:33.0185 1424 IKEEXT - ok
16:21:33.0281 1424 IntcAzAudAddService (2bc9a7dc40936ca9856e34948701233a) C:\Windows\system32\drivers\RTKVHDA.sys
16:21:33.0302 1424 IntcAzAudAddService - ok
16:21:33.0351 1424 IntelDHSvcConf (ce5af42679dd85947d2d287594f22ce0) C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
16:21:33.0352 1424 IntelDHSvcConf - ok
16:21:33.0466 1424 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
16:21:33.0466 1424 intelide - ok
16:21:33.0484 1424 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:21:33.0485 1424 intelppm - ok
16:21:33.0609 1424 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
16:21:33.0609 1424 IntuitUpdateService - ok
16:21:33.0636 1424 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
16:21:33.0637 1424 IPBusEnum - ok
16:21:33.0728 1424 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:21:33.0730 1424 IpFilterDriver - ok
16:21:33.0757 1424 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
16:21:33.0759 1424 iphlpsvc - ok
16:21:33.0762 1424 IpInIp - ok
16:21:33.0783 1424 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
16:21:33.0785 1424 IPMIDRV - ok
16:21:33.0809 1424 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:21:33.0810 1424 IPNAT - ok
16:21:33.0832 1424 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:21:33.0833 1424 IRENUM - ok
16:21:33.0850 1424 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
16:21:33.0852 1424 isapnp - ok
16:21:33.0905 1424 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:21:33.0906 1424 iScsiPrt - ok
16:21:33.0962 1424 ISSM (e29ba28f76c5a703e7f30f74cf36df22) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
16:21:33.0964 1424 ISSM - ok
16:21:33.0983 1424 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:21:33.0984 1424 iteatapi - ok
16:21:34.0005 1424 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:21:34.0006 1424 iteraid - ok
16:21:34.0035 1424 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:21:34.0037 1424 kbdclass - ok
16:21:34.0065 1424 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:21:34.0066 1424 kbdhid - ok
16:21:34.0097 1424 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:21:34.0098 1424 KeyIso - ok
16:21:34.0123 1424 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:21:34.0130 1424 KSecDD - ok
16:21:34.0178 1424 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
16:21:34.0182 1424 KtmRm - ok
16:21:34.0211 1424 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
16:21:34.0214 1424 LanmanServer - ok
16:21:34.0261 1424 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
16:21:34.0264 1424 LanmanWorkstation - ok
16:21:34.0676 1424 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
16:21:34.0805 1424 LeapFrog Connect Device Service - ok
16:21:34.0863 1424 LightScribeService (683a07b982832426128b684b7366710f) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:21:34.0864 1424 LightScribeService - ok
16:21:34.0974 1424 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:21:34.0974 1424 lltdio - ok
16:21:35.0005 1424 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
16:21:35.0009 1424 lltdsvc - ok
16:21:35.0036 1424 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
16:21:35.0038 1424 lmhosts - ok
16:21:35.0059 1424 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
16:21:35.0061 1424 LSI_FC - ok
16:21:35.0079 1424 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
16:21:35.0080 1424 LSI_SAS - ok
16:21:35.0113 1424 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
16:21:35.0114 1424 LSI_SCSI - ok
16:21:35.0146 1424 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:21:35.0147 1424 luafv - ok
16:21:35.0191 1424 M1 Server (7b073fd0133346d0e555353f164057d7) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
16:21:35.0192 1424 M1 Server - ok
16:21:35.0217 1424 MCLServiceATL (7bba15ca5a2aa4e50c7cbfb78d11db25) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
16:21:35.0220 1424 MCLServiceATL - ok
16:21:35.0253 1424 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
16:21:35.0254 1424 Mcx2Svc - ok
16:21:35.0277 1424 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:21:35.0277 1424 mdmxsdk - ok
16:21:35.0302 1424 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
16:21:35.0303 1424 megasas - ok
16:21:35.0338 1424 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:21:35.0339 1424 MMCSS - ok
16:21:35.0379 1424 MobileAdapter (62dafa4351872db7e2b74801bb9f9ebd) C:\Windows\system32\DRIVERS\qscnusb.sys
16:21:35.0381 1424 MobileAdapter - ok
16:21:35.0411 1424 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:21:35.0412 1424 Modem - ok
16:21:35.0451 1424 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:21:35.0452 1424 monitor - ok
16:21:35.0480 1424 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:21:35.0482 1424 mouclass - ok
16:21:35.0506 1424 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:21:35.0506 1424 mouhid - ok
16:21:35.0545 1424 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:21:35.0546 1424 MountMgr - ok
16:21:35.0625 1424 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
16:21:35.0626 1424 mpio - ok
16:21:35.0649 1424 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:21:35.0650 1424 mpsdrv - ok
16:21:35.0689 1424 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
16:21:35.0693 1424 MpsSvc - ok
16:21:35.0715 1424 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:21:35.0716 1424 Mraid35x - ok
16:21:35.0745 1424 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:21:35.0746 1424 MRxDAV - ok
16:21:35.0771 1424 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:21:35.0772 1424 mrxsmb - ok
16:21:35.0803 1424 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:21:35.0805 1424 mrxsmb10 - ok
16:21:35.0813 1424 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:21:35.0814 1424 mrxsmb20 - ok
16:21:35.0834 1424 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
16:21:35.0835 1424 msahci - ok
16:21:35.0845 1424 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
16:21:35.0846 1424 msdsm - ok
16:21:35.0876 1424 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
16:21:35.0879 1424 MSDTC - ok
16:21:35.0901 1424 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:21:35.0902 1424 Msfs - ok
16:21:35.0932 1424 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:21:35.0933 1424 msisadrv - ok
16:21:35.0959 1424 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
16:21:35.0962 1424 MSiSCSI - ok
16:21:35.0965 1424 msiserver - ok
16:21:36.0002 1424 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:21:36.0003 1424 MSKSSRV - ok
16:21:36.0024 1424 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:21:36.0025 1424 MSPCLOCK - ok
16:21:36.0043 1424 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:21:36.0043 1424 MSPQM - ok
16:21:36.0073 1424 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:21:36.0075 1424 MsRPC - ok
16:21:36.0084 1424 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:21:36.0085 1424 mssmbios - ok
16:21:36.0090 1424 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:21:36.0091 1424 MSTEE - ok
16:21:36.0115 1424 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:21:36.0116 1424 Mup - ok
16:21:36.0147 1424 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
16:21:36.0152 1424 napagent - ok
16:21:36.0198 1424 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:21:36.0199 1424 NativeWifiP - ok
16:21:36.0277 1424 NAV (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe
16:21:36.0278 1424 NAV - ok
16:21:36.0385 1424 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120425.019\NAVENG.SYS
16:21:36.0387 1424 NAVENG - ok
16:21:36.0496 1424 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120425.019\NAVEX15.SYS
16:21:36.0515 1424 NAVEX15 - ok
16:21:36.0715 1424 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:21:36.0721 1424 NDIS - ok
16:21:36.0749 1424 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:21:36.0750 1424 NdisTapi - ok
16:21:36.0775 1424 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:21:36.0776 1424 Ndisuio - ok
16:21:36.0804 1424 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:21:36.0806 1424 NdisWan - ok
16:21:36.0828 1424 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:21:36.0829 1424 NDProxy - ok
16:21:36.0841 1424 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:21:36.0841 1424 NetBIOS - ok
16:21:36.0878 1424 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:21:36.0881 1424 netbt - ok
16:21:36.0931 1424 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:21:36.0932 1424 Netlogon - ok
16:21:36.0971 1424 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
16:21:36.0974 1424 Netman - ok
16:21:37.0012 1424 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
16:21:37.0015 1424 netprofm - ok
16:21:37.0067 1424 netr73 (987549e56f122ae7a70a4717c1572b5b) C:\Windows\system32\DRIVERS\netr73.sys
16:21:37.0068 1424 netr73 - ok
16:21:37.0177 1424 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:21:37.0178 1424 NetTcpPortSharing - ok
16:21:37.0204 1424 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:21:37.0205 1424 nfrd960 - ok
16:21:37.0238 1424 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
16:21:37.0241 1424 NlaSvc - ok
16:21:37.0285 1424 Norton PC Checkup Application Launcher - ok
16:21:37.0294 1424 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:21:37.0295 1424 Npfs - ok
16:21:37.0320 1424 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
16:21:37.0322 1424 nsi - ok
16:21:37.0348 1424 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:21:37.0349 1424 nsiproxy - ok
16:21:37.0411 1424 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:21:37.0419 1424 Ntfs - ok
16:21:37.0437 1424 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:21:37.0438 1424 ntrigdigi - ok
16:21:37.0448 1424 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:21:37.0449 1424 Null - ok
16:21:38.0041 1424 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:21:38.0251 1424 nvlddmkm - ok
16:21:38.0357 1424 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
16:21:38.0358 1424 nvraid - ok
16:21:38.0379 1424 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
16:21:38.0380 1424 nvstor - ok
16:21:38.0428 1424 nvsvc (4ed813efd77a9b7e57e341cdc1c5cbc4) C:\Windows\system32\nvvsvc.exe
16:21:38.0430 1424 nvsvc - ok
16:21:38.0447 1424 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
16:21:38.0448 1424 nv_agp - ok
16:21:38.0451 1424 NwlnkFlt - ok
16:21:38.0456 1424 NwlnkFwd - ok
16:21:38.0501 1424 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
16:21:38.0502 1424 ohci1394 - ok
16:21:38.0621 1424 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:21:38.0630 1424 p2pimsvc - ok
16:21:38.0636 1424 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:21:38.0641 1424 p2psvc - ok
16:21:38.0705 1424 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:21:38.0707 1424 Parport - ok
16:21:38.0732 1424 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:21:38.0734 1424 partmgr - ok
16:21:38.0747 1424 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:21:38.0748 1424 Parvdm - ok
16:21:38.0774 1424 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
16:21:38.0776 1424 PcaSvc - ok
16:21:38.0849 1424 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
16:21:38.0850 1424 PCCUJobMgr - ok
16:21:38.0878 1424 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:21:38.0880 1424 pci - ok
16:21:38.0890 1424 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
16:21:38.0891 1424 pciide - ok
16:21:38.0905 1424 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:21:38.0907 1424 pcmcia - ok
16:21:38.0959 1424 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:21:38.0969 1424 PEAUTH - ok
16:21:39.0046 1424 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
16:21:39.0064 1424 pla - ok
16:21:39.0175 1424 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
16:21:39.0178 1424 PlugPlay - ok
16:21:39.0221 1424 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:21:39.0226 1424 PNRPAutoReg - ok
16:21:39.0231 1424 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:21:39.0237 1424 PNRPsvc - ok
16:21:39.0270 1424 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
16:21:39.0275 1424 PolicyAgent - ok
16:21:39.0329 1424 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:21:39.0331 1424 PptpMiniport - ok
16:21:39.0352 1424 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
16:21:39.0353 1424 Processor - ok
16:21:39.0384 1424 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
16:21:39.0386 1424 ProfSvc - ok
16:21:39.0412 1424 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:21:39.0414 1424 ProtectedStorage - ok
16:21:39.0440 1424 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
16:21:39.0441 1424 Ps2 - ok
16:21:39.0473 1424 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:21:39.0474 1424 PSched - ok
16:21:39.0495 1424 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
16:21:39.0496 1424 PxHelp20 - ok
16:21:39.0625 1424 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
16:21:39.0631 1424 ql2300 - ok
16:21:39.0661 1424 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:21:39.0663 1424 ql40xx - ok
16:21:39.0710 1424 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
16:21:39.0714 1424 QWAVE - ok
16:21:39.0738 1424 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:21:39.0739 1424 QWAVEdrv - ok
16:21:39.0767 1424 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:21:39.0767 1424 RasAcd - ok
16:21:39.0794 1424 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
16:21:39.0797 1424 RasAuto - ok
16:21:39.0824 1424 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:21:39.0825 1424 Rasl2tp - ok
16:21:39.0864 1424 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
16:21:39.0868 1424 RasMan - ok
16:21:39.0896 1424 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:21:39.0897 1424 RasPppoe - ok
16:21:39.0925 1424 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:21:39.0927 1424 RasSstp - ok
16:21:39.0960 1424 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:21:39.0962 1424 rdbss - ok
16:21:39.0991 1424 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:21:39.0991 1424 RDPCDD - ok
16:21:40.0022 1424 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
16:21:40.0023 1424 rdpdr - ok
16:21:40.0027 1424 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:21:40.0028 1424 RDPENCDD - ok
16:21:40.0062 1424 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
16:21:40.0064 1424 RDPWD - ok
16:21:40.0155 1424 Remote UI Service (752402f6bd5fa012805813c329f88dd3) C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
16:21:40.0162 1424 Remote UI Service - ok
16:21:40.0204 1424 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
16:21:40.0206 1424 RemoteAccess - ok
16:21:40.0239 1424 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
16:21:40.0242 1424 RemoteRegistry - ok
16:21:40.0346 1424 RoxMediaDB9 (2dac86f10c42b55f2511f14cbcee7284) c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
16:21:40.0351 1424 RoxMediaDB9 - ok
16:21:40.0378 1424 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
16:21:40.0379 1424 RpcLocator - ok
16:21:40.0419 1424 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
16:21:40.0424 1424 RpcSs - ok
16:21:40.0470 1424 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:21:40.0471 1424 rspndr - ok
16:21:40.0484 1424 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:21:40.0486 1424 SamSs - ok
16:21:40.0642 1424 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:21:40.0643 1424 sbp2port - ok
16:21:40.0687 1424 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
16:21:40.0690 1424 SCardSvr - ok
16:21:40.0735 1424 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
16:21:40.0740 1424 Schedule - ok
16:21:40.0754 1424 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
16:21:40.0755 1424 SCPolicySvc - ok
16:21:40.0786 1424 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
16:21:40.0789 1424 SDRSVC - ok
16:21:40.0799 1424 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:21:40.0801 1424 secdrv - ok
16:21:40.0822 1424 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
16:21:40.0824 1424 seclogon - ok
16:21:40.0834 1424 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
16:21:40.0837 1424 SENS - ok
16:21:40.0850 1424 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:21:40.0852 1424 Serenum - ok
16:21:40.0882 1424 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:21:40.0884 1424 Serial - ok
16:21:40.0913 1424 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:21:40.0915 1424 sermouse - ok
16:21:40.0947 1424 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
16:21:40.0949 1424 SessionEnv - ok
16:21:40.0959 1424 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
16:21:40.0961 1424 sffdisk - ok
16:21:40.0975 1424 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
16:21:40.0976 1424 sffp_mmc - ok
16:21:40.0986 1424 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
16:21:40.0987 1424 sffp_sd - ok
16:21:41.0003 1424 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:21:41.0004 1424 sfloppy - ok
16:21:41.0041 1424 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
16:21:41.0044 1424 SharedAccess - ok
16:21:41.0076 1424 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
16:21:41.0079 1424 ShellHWDetection - ok
16:21:41.0109 1424 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
16:21:41.0111 1424 sisagp - ok
16:21:41.0126 1424 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
16:21:41.0128 1424 SiSRaid2 - ok
16:21:41.0147 1424 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
16:21:41.0148 1424 SiSRaid4 - ok
16:21:41.0294 1424 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
16:21:41.0319 1424 slsvc - ok
16:21:41.0428 1424 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
16:21:41.0430 1424 SLUINotify - ok
16:21:41.0463 1424 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:21:41.0464 1424 Smb - ok
16:21:41.0492 1424 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
16:21:41.0494 1424 SNMPTRAP - ok
16:21:41.0521 1424 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:21:41.0522 1424 spldr - ok
16:21:41.0550 1424 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
16:21:41.0553 1424 Spooler - ok
16:21:41.0676 1424 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\Windows\System32\Drivers\NAV\1307000.009\SRTSP.SYS
16:21:41.0682 1424 SRTSP - ok
16:21:41.0696 1424 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\Windows\system32\drivers\NAV\1307000.009\SRTSPX.SYS
16:21:41.0698 1424 SRTSPX - ok
16:21:41.0734 1424 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:21:41.0735 1424 srv - ok
16:21:41.0764 1424 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:21:41.0765 1424 srv2 - ok
16:21:41.0771 1424 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:21:41.0773 1424 srvnet - ok
16:21:41.0811 1424 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
16:21:41.0813 1424 SSDPSRV - ok
16:21:41.0848 1424 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
16:21:41.0851 1424 SstpSvc - ok
16:21:41.0948 1424 Stereo Service (29662881a46db66730c62a4f1bfa3dc2) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:21:41.0950 1424 Stereo Service - ok
16:21:41.0974 1424 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
16:21:41.0975 1424 StillCam - ok
16:21:42.0020 1424 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
16:21:42.0025 1424 stisvc - ok
16:21:42.0083 1424 stllssvr (e5ff667e416dac99bff16b626234a379) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
16:21:42.0084 1424 stllssvr - ok
16:21:42.0097 1424 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:21:42.0098 1424 swenum - ok
16:21:42.0131 1424 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
16:21:42.0136 1424 swprv - ok
16:21:42.0168 1424 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:21:42.0169 1424 Symc8xx - ok
16:21:42.0237 1424 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\NAV\1307000.009\SYMDS.SYS
16:21:42.0242 1424 SymDS - ok
16:21:42.0279 1424 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\NAV\1307000.009\SYMEFA.SYS
16:21:42.0290 1424 SymEFA - ok
16:21:42.0322 1424 SymEvent (555fb450fe6908600310e990738b41d6) C:\Windows\system32\Drivers\SYMEVENT.SYS
16:21:42.0324 1424 SymEvent - ok
16:21:42.0354 1424 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\NAV\1307000.009\Ironx86.SYS
16:21:42.0357 1424 SymIRON - ok
16:21:42.0380 1424 SYMTDIv (40c6e6417c8b7d7fcf82cfbe71525795) C:\Windows\System32\Drivers\NAV\1307000.009\SYMTDIV.SYS
16:21:42.0384 1424 SYMTDIv - ok
16:21:42.0409 1424 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:21:42.0410 1424 Sym_hi - ok
16:21:42.0430 1424 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:21:42.0432 1424 Sym_u3 - ok
16:21:42.0479 1424 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
16:21:42.0486 1424 SysMain - ok
16:21:42.0546 1424 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
16:21:42.0549 1424 TabletInputService - ok
16:21:42.0631 1424 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
16:21:42.0634 1424 TapiSrv - ok
16:21:42.0658 1424 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
16:21:42.0660 1424 TBS - ok
16:21:42.0734 1424 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:21:42.0745 1424 Tcpip - ok
16:21:42.0753 1424 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:21:42.0758 1424 Tcpip6 - ok
16:21:42.0789 1424 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:21:42.0790 1424 tcpipreg - ok
16:21:42.0809 1424 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:21:42.0810 1424 TDPIPE - ok
16:21:42.0827 1424 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:21:42.0827 1424 TDTCP - ok
16:21:42.0850 1424 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:21:42.0852 1424 tdx - ok
16:21:42.0874 1424 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:21:42.0875 1424 TermDD - ok
16:21:42.0927 1424 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
16:21:42.0932 1424 TermService - ok
16:21:42.0967 1424 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
16:21:42.0970 1424 Themes - ok
16:21:42.0986 1424 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:21:42.0987 1424 THREADORDER - ok
16:21:43.0002 1424 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
16:21:43.0005 1424 TrkWks - ok
16:21:43.0050 1424 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
16:21:43.0050 1424 TrustedInstaller - ok
16:21:43.0082 1424 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:21:43.0083 1424 tssecsrv - ok
16:21:43.0115 1424 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:21:43.0115 1424 tunmp - ok
16:21:43.0121 1424 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:21:43.0123 1424 tunnel - ok
16:21:43.0152 1424 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
16:21:43.0154 1424 uagp35 - ok
16:21:43.0182 1424 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:21:43.0184 1424 udfs - ok
16:21:43.0212 1424 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
16:21:43.0215 1424 UI0Detect - ok
16:21:43.0239 1424 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
16:21:43.0241 1424 uliagpkx - ok
16:21:43.0270 1424 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
16:21:43.0273 1424 uliahci - ok
16:21:43.0288 1424 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:21:43.0289 1424 UlSata - ok
16:21:43.0316 1424 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:21:43.0319 1424 ulsata2 - ok
16:21:43.0348 1424 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:21:43.0349 1424 umbus - ok
16:21:43.0389 1424 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
16:21:43.0393 1424 upnphost - ok
16:21:43.0419 1424 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:21:43.0420 1424 usbccgp - ok
16:21:43.0435 1424 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
16:21:43.0435 1424 usbcir - ok
16:21:43.0466 1424 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:21:43.0467 1424 usbehci - ok
16:21:43.0499 1424 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:21:43.0501 1424 usbhub - ok
16:21:43.0535 1424 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:21:43.0536 1424 usbohci - ok
16:21:43.0582 1424 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
16:21:43.0583 1424 usbprint - ok
16:21:43.0600 1424 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:21:43.0601 1424 USBSTOR - ok
16:21:43.0629 1424 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:21:43.0630 1424 usbuhci - ok
16:21:43.0655 1424 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
16:21:43.0657 1424 UxSms - ok
16:21:43.0740 1424 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
16:21:43.0746 1424 vds - ok
16:21:43.0763 1424 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:21:43.0764 1424 vga - ok
16:21:43.0787 1424 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:21:43.0788 1424 VgaSave - ok
16:21:43.0810 1424 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
16:21:43.0811 1424 viaagp - ok
16:21:43.0826 1424 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
16:21:43.0827 1424 ViaC7 - ok
16:21:43.0848 1424 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
16:21:43.0849 1424 viaide - ok
16:21:43.0879 1424 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:21:43.0881 1424 volmgr - ok
16:21:43.0917 1424 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:21:43.0919 1424 volmgrx - ok
16:21:43.0955 1424 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:21:43.0958 1424 volsnap - ok
16:21:43.0972 1424 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
16:21:43.0974 1424 vsmraid - ok
16:21:44.0032 1424 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
16:21:44.0045 1424 VSS - ok
16:21:44.0080 1424 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
16:21:44.0084 1424 W32Time - ok
16:21:44.0125 1424 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:21:44.0126 1424 WacomPen - ok
16:21:44.0155 1424 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:21:44.0156 1424 Wanarp - ok
16:21:44.0158 1424 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:21:44.0159 1424 Wanarpv6 - ok
16:21:44.0184 1424 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
16:21:44.0191 1424 wcncsvc - ok
16:21:44.0216 1424 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
16:21:44.0218 1424 WcsPlugInService - ok
16:21:44.0234 1424 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
16:21:44.0235 1424 Wd - ok
16:21:44.0274 1424 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:21:44.0279 1424 Wdf01000 - ok
16:21:44.0300 1424 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:21:44.0303 1424 WdiServiceHost - ok
16:21:44.0305 1424 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:21:44.0308 1424 WdiSystemHost - ok
16:21:44.0340 1424 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
16:21:44.0344 1424 WebClient - ok
16:21:44.0374 1424 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
16:21:44.0378 1424 Wecsvc - ok
16:21:44.0403 1424 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
16:21:44.0405 1424 wercplsupport - ok
16:21:44.0430 1424 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
16:21:44.0432 1424 WerSvc - ok
16:21:44.0504 1424 winachsf (3b4522d0e750bac8fe7ae61622a57014) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:21:44.0508 1424 winachsf - ok
16:21:44.0647 1424 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
16:21:44.0651 1424 WinDefend - ok
16:21:44.0654 1424 WinHttpAutoProxySvc - ok
16:21:44.0706 1424 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
16:21:44.0707 1424 Winmgmt - ok
16:21:44.0812 1424 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
16:21:44.0856 1424 WinRM - ok
16:21:44.0913 1424 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\winusb.sys
16:21:44.0914 1424 WinUSB - ok
16:21:44.0960 1424 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
16:21:44.0967 1424 Wlansvc - ok
16:21:44.0994 1424 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
16:21:44.0996 1424 WmiAcpi - ok
16:21:45.0051 1424 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
16:21:45.0052 1424 wmiApSrv - ok
16:21:45.0142 1424 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:21:45.0153 1424 WMPNetworkSvc - ok
16:21:45.0172 1424 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
16:21:45.0176 1424 WPCSvc - ok
16:21:45.0204 1424 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
16:21:45.0207 1424 WPDBusEnum - ok
16:21:45.0254 1424 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:21:45.0254 1424 WpdUsb - ok
16:21:45.0354 1424 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:21:45.0363 1424 WPFFontCache_v0400 - ok
16:21:45.0389 1424 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:21:45.0390 1424 ws2ifsl - ok
16:21:45.0418 1424 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
16:21:45.0421 1424 wscsvc - ok
16:21:45.0423 1424 WSearch - ok
16:21:45.0554 1424 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
16:21:45.0577 1424 wuauserv - ok
16:21:45.0862 1424 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:21:45.0863 1424 WUDFRd - ok
16:21:45.0887 1424 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
16:21:45.0890 1424 wudfsvc - ok
16:21:45.0915 1424 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
16:21:45.0916 1424 XAudio - ok
16:21:45.0939 1424 XAudioService (15a317674a08df26be65164d959e9203) C:\Windows\system32\DRIVERS\xaudio.exe
16:21:45.0941 1424 XAudioService - ok
16:21:45.0967 1424 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
16:21:46.0008 1424 \Device\Harddisk0\DR0 - ok
16:21:46.0010 1424 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
16:21:46.0012 1424 \Device\Harddisk1\DR1 - ok
16:21:46.0014 1424 Boot (0x1200) (e51ebf55551648a73f52686e6d2c5106) \Device\Harddisk0\DR0\Partition0
16:21:46.0015 1424 \Device\Harddisk0\DR0\Partition0 - ok
16:21:46.0018 1424 Boot (0x1200) (e317e25421b63d289e099e194d4d477c) \Device\Harddisk0\DR0\Partition1
16:21:46.0019 1424 \Device\Harddisk0\DR0\Partition1 - ok
16:21:46.0021 1424 Boot (0x1200) (c27d86533d223aece6bc046049e2a7b9) \Device\Harddisk1\DR1\Partition0
16:21:46.0022 1424 \Device\Harddisk1\DR1\Partition0 - ok
16:21:46.0022 1424 ============================================================
16:21:46.0022 1424 Scan finished
16:21:46.0022 1424 ============================================================
16:21:46.0029 6068 Detected object count: 0
16:21:46.0029 6068 Actual detected object count: 0

#14 frances0055

frances0055
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 27 April 2012 - 03:43 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-27 16:28:45
-----------------------------
16:28:45.324 OS Version: Windows 6.0.6002 Service Pack 2
16:28:45.324 Number of processors: 4 586 0xF0B
16:28:45.325 ComputerName: OWNER-PC UserName: owner
16:29:11.986 Initialize success
16:30:13.603 AVAST engine defs: 12042701
16:32:13.612 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:32:13.615 Disk 0 Vendor: Hitachi_HDT725032VLA380 V54OA7BA Size: 305245MB BusType: 3
16:32:13.617 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2
16:32:13.620 Disk 1 Vendor: Hitachi_HDT725032VLA380 V54OA7BA Size: 305245MB BusType: 3
16:32:13.643 Disk 0 MBR read successfully
16:32:13.646 Disk 0 MBR scan
16:32:13.651 Disk 0 unknown MBR code
16:32:13.666 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 295923 MB offset 63
16:32:13.707 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9318 MB offset 606052125
16:32:13.758 Disk 0 scanning sectors +625137345
16:32:13.883 Disk 0 scanning C:\Windows\system32\drivers
16:32:45.191 Service scanning
16:33:20.232 Modules scanning
16:33:38.604 Disk 0 trace - called modules:
16:33:38.633 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
16:33:38.639 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c5a0d0]
16:33:38.645 3 CLASSPNP.SYS[8b3aa8b3] -> nt!IofCallDriver -> [0x85da0a28]
16:33:38.650 5 acpi.sys[82e906bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85dc6b98]
16:33:39.928 AVAST engine scan C:\Windows
16:33:42.852 AVAST engine scan C:\Windows\system32
16:34:22.618 File: C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj]
16:36:50.293 AVAST engine scan C:\Windows\system32\drivers
16:37:02.657 AVAST engine scan C:\Users\owner
16:40:57.000 Disk 0 MBR has been saved successfully to "C:\Users\owner\Documents\MBR.dat"
16:40:57.008 The log file has been saved successfully to "C:\Users\owner\Documents\aswMBRlog.txt"

Oh no this was still scanning sorry

Edited by frances0055, 27 April 2012 - 03:48 PM.


#15 frances0055

frances0055
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 27 April 2012 - 03:52 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-27 16:28:45
-----------------------------
16:28:45.324 OS Version: Windows 6.0.6002 Service Pack 2
16:28:45.324 Number of processors: 4 586 0xF0B
16:28:45.325 ComputerName: OWNER-PC UserName: owner
16:29:11.986 Initialize success
16:30:13.603 AVAST engine defs: 12042701
16:32:13.612 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:32:13.615 Disk 0 Vendor: Hitachi_HDT725032VLA380 V54OA7BA Size: 305245MB BusType: 3
16:32:13.617 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2
16:32:13.620 Disk 1 Vendor: Hitachi_HDT725032VLA380 V54OA7BA Size: 305245MB BusType: 3
16:32:13.643 Disk 0 MBR read successfully
16:32:13.646 Disk 0 MBR scan
16:32:13.651 Disk 0 unknown MBR code
16:32:13.666 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 295923 MB offset 63
16:32:13.707 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9318 MB offset 606052125
16:32:13.758 Disk 0 scanning sectors +625137345
16:32:13.883 Disk 0 scanning C:\Windows\system32\drivers
16:32:45.191 Service scanning
16:33:20.232 Modules scanning
16:33:38.604 Disk 0 trace - called modules:
16:33:38.633 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
16:33:38.639 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c5a0d0]
16:33:38.645 3 CLASSPNP.SYS[8b3aa8b3] -> nt!IofCallDriver -> [0x85da0a28]
16:33:38.650 5 acpi.sys[82e906bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85dc6b98]
16:33:39.928 AVAST engine scan C:\Windows
16:33:42.852 AVAST engine scan C:\Windows\system32
16:34:22.618 File: C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj]
16:36:50.293 AVAST engine scan C:\Windows\system32\drivers
16:37:02.657 AVAST engine scan C:\Users\owner
16:40:57.000 Disk 0 MBR has been saved successfully to "C:\Users\owner\Documents\MBR.dat"
16:40:57.008 The log file has been saved successfully to "C:\Users\owner\Documents\aswMBRlog.txt"
16:45:38.039 AVAST engine scan C:\ProgramData
16:49:18.211 Scan finished successfully
16:50:13.743 Disk 0 MBR has been saved successfully to "C:\Users\owner\Documents\MBR.dat"
16:50:13.749 The log file has been saved successfully to "C:\Users\owner\Documents\aswMBRlog2.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users