Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hapili trouble


  • This topic is locked This topic is locked
20 replies to this topic

#1 skylyre

skylyre

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:a pale blue dot.
  • Local time:11:56 AM

Posted 25 April 2012 - 06:08 PM

Hello,

My boss's computer seems to have a virus which is redirecting his google searches to Hapili. Right now it looks like it's only affecting IE, google works fine in FF. I haven't tried any fixes yet since a little research on this bug brings up somewhat complicated resolutions.

Any idea how to get rid of this thing? His comp runs AVG Free and nothing comes up in the scans.

Thanks!
with a golden heart comes a rebel fist.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:56 PM

Posted 26 April 2012 - 01:45 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 skylyre

skylyre
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:a pale blue dot.
  • Local time:11:56 AM

Posted 26 April 2012 - 07:32 AM

Hi Gringo! Thanks for helping me. Here's the Security Check results:

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 22
Java version out of date!
Adobe Flash Player 10.1.53.64 Flash Player out of Date!
Adobe Reader X (10.1.2)
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````
with a golden heart comes a rebel fist.

#4 skylyre

skylyre
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:a pale blue dot.
  • Local time:11:56 AM

Posted 26 April 2012 - 07:33 AM

Here's the DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Run by Brown at 8:32:43 on 2012-04-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3959.3031 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Brown\Downloads\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Update] rundll32.exe "C:\Users\Brown\AppData\Roaming\InstallShield\InstallShield\arroibs.dll",DllRegisterServer
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe -update plugin
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5C90CF8C-2A1A-4B86-A6D3-1F0FAD35C995} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brown\AppData\Roaming\Mozilla\Firefox\Profiles\li61cc49.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B0a2f15dd-1dc5-4a4b-b7e0-3ef0859cb35d%7D&mid=cc2be067016e251053a2476a259c6296-b6e5b04d0f61287473f4b59ee352838e554622a5&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-09-22%2009%3A05%3A40&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff10.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff9.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-6-30 1248256]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-3 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-15 1025352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-3 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-11 20:41:55 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-11 20:41:55 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-11 20:41:54 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-11 20:40:36 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 20:40:35 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 20:40:35 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 20:40:35 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 20:40:35 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 20:40:35 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 20:40:35 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-05 14:30:27 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\109C.tmp
2012-04-04 11:52:31 -------- d-----w- C:\Program Files\iPod
2012-04-04 11:52:30 -------- d-----w- C:\Program Files\iTunes
2012-04-04 11:52:30 -------- d-----w- C:\Program Files (x86)\iTunes
2012-04-02 15:51:49 -------- d-----w- C:\Users\Brown\AppData\Roaming\IrfanView
2012-04-02 15:51:49 -------- d-----w- C:\Program Files (x86)\IrfanView
.
==================== Find3M ====================
.
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 15:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 8:33:03.28 ===============
with a golden heart comes a rebel fist.

#5 skylyre

skylyre
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:a pale blue dot.
  • Local time:11:56 AM

Posted 26 April 2012 - 07:43 AM

Here's the Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/6/2010 12:00:30 PM
System Uptime: 4/26/2012 3:42:48 AM (5 hours ago)
.
Motherboard: Dell Inc. | | 033FF6
Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz | CPU 1 | 3192/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 877.321 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP138: 3/21/2012 3:00:29 AM - Windows Update
RP139: 3/28/2012 8:43:12 AM - Windows Update
RP140: 3/30/2012 3:00:30 AM - Windows Update
RP141: 4/6/2012 8:17:09 AM - Scheduled Checkpoint
RP142: 4/11/2012 4:40:18 PM - Windows Update
RP143: 4/19/2012 8:48:50 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Apple Application Support
Apple Software Update
Dell Resource CD
DW 1525 Driver Installation
eConnect
Google Chrome
Google Earth
Google Update Helper
GoToMeeting 4.5.0.457
IrfanView (remove only)
Java Auto Updater
Java™ 6 Update 22
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
QuickBooks
QuickBooks Pro 2011
QuickTime
Safari
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
.
==== End Of File ===========================
with a golden heart comes a rebel fist.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:56 PM

Posted 26 April 2012 - 12:44 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 skylyre

skylyre
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:a pale blue dot.
  • Local time:11:56 AM

Posted 26 April 2012 - 01:38 PM

Hi Gringo,

I ran Combofix with no issues and I'll post the log below. I opened up IE just now and ran a few Google searches and they all worked properly, without any rerouting. Think we're all clear?

ComboFix 12-04-26.01 - Brown 04/26/2012 14:07:07.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3959.3042 [GMT -4:00]
Running from: c:\users\Brown\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Brown\AppData\Local\Microsoft\Windows\Temporary Internet Files\2356BrownChiropracticCenterPCviewChanges.html
c:\users\Brown\AppData\Local\Microsoft\Windows\Temporary Internet Files\5224BrownChiropracticCenterPCviewChanges.html
c:\users\Brown\AppData\Roaming\InstallShield\InstallShield\arroibs.dll
c:\users\Brown\g2mdlhlpx.exe
c:\users\Brown\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-26 to 2012-04-26 )))))))))))))))))))))))))))))))
.
.
2012-04-26 18:10 . 2012-04-26 18:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-11 20:41 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 20:41 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 20:41 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 20:40 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 20:40 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 20:40 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 20:40 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 20:40 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 20:40 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 20:40 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-05 14:30 . 2012-04-05 14:30 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\109C.tmp
2012-04-04 11:52 . 2012-04-04 11:52 -------- d-----w- c:\program files\iPod
2012-04-04 11:52 . 2012-04-04 11:52 -------- d-----w- c:\program files\iTunes
2012-04-04 11:52 . 2012-04-04 11:52 -------- d-----w- c:\program files (x86)\iTunes
2012-04-02 15:51 . 2012-04-02 15:51 -------- d-----w- c:\users\Brown\AppData\Roaming\IrfanView
2012-04-02 15:51 . 2012-04-02 15:51 -------- d-----w- c:\program files (x86)\IrfanView
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 06:38 . 2012-03-14 12:49 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 12:49 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 12:49 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 12:49 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 12:49 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 12:49 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-14 12:49 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 11:44 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-12 982880]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-11-9 5911896]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-9 1156968]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2011\QBW32.EXE [2011-11-9 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 136176]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-12 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 14:21]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 14:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Brown\AppData\Roaming\Mozilla\Firefox\Profiles\li61cc49.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B0a2f15dd-1dc5-4a4b-b7e0-3ef0859cb35d%7D&mid=cc2be067016e251053a2476a259c6296-b6e5b04d0f61287473f4b59ee352838e554622a5&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-09-22%2009%3A05%3A40&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
.
**************************************************************************
.
Completion time: 2012-04-26 14:23:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-26 18:23
.
Pre-Run: 943,636,889,600 bytes free
Post-Run: 944,176,586,752 bytes free
.
- - End Of File - - 06F02637C7FC21A85F313689317CC007
with a golden heart comes a rebel fist.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:56 PM

Posted 26 April 2012 - 02:39 PM

Greetings

That is only step one - to make sure you are clean i will have to run more scans and then I will make sure everything is up-to-date

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 skylyre

skylyre
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:a pale blue dot.
  • Local time:11:56 AM

Posted 26 April 2012 - 02:57 PM

Ran TDSS, no threats detected, here's the report:

15:55:31.0700 3004 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
15:55:31.0965 3004 ============================================================
15:55:31.0965 3004 Current date / time: 2012/04/26 15:55:31.0965
15:55:31.0965 3004 SystemInfo:
15:55:31.0965 3004
15:55:31.0965 3004 OS Version: 6.1.7601 ServicePack: 1.0
15:55:31.0965 3004 Product type: Workstation
15:55:31.0965 3004 ComputerName: BROWN-PC
15:55:31.0965 3004 UserName: Brown
15:55:31.0965 3004 Windows directory: C:\Windows
15:55:31.0965 3004 System windows directory: C:\Windows
15:55:31.0965 3004 Running under WOW64
15:55:31.0965 3004 Processor architecture: Intel x64
15:55:31.0965 3004 Number of processors: 2
15:55:31.0965 3004 Page size: 0x1000
15:55:31.0965 3004 Boot type: Normal boot
15:55:31.0965 3004 ============================================================
15:55:32.0683 3004 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:55:32.0699 3004 ============================================================
15:55:32.0699 3004 \Device\Harddisk0\DR0:
15:55:32.0699 3004 MBR partitions:
15:55:32.0699 3004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:55:32.0699 3004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
15:55:32.0699 3004 ============================================================
15:55:32.0714 3004 C: <-> \Device\Harddisk0\DR0\Partition1
15:55:32.0714 3004 ============================================================
15:55:32.0714 3004 Initialize success
15:55:32.0714 3004 ============================================================
15:55:34.0243 2224 ============================================================
15:55:34.0243 2224 Scan started
15:55:34.0243 2224 Mode: Manual;
15:55:34.0243 2224 ============================================================
15:55:34.0929 2224 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:55:34.0929 2224 1394ohci - ok
15:55:34.0961 2224 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:55:34.0976 2224 ACPI - ok
15:55:34.0992 2224 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:55:34.0992 2224 AcpiPmi - ok
15:55:35.0117 2224 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:55:35.0117 2224 AdobeARMservice - ok
15:55:35.0163 2224 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:55:35.0179 2224 adp94xx - ok
15:55:35.0210 2224 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:55:35.0210 2224 adpahci - ok
15:55:35.0241 2224 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:55:35.0241 2224 adpu320 - ok
15:55:35.0257 2224 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:55:35.0257 2224 AeLookupSvc - ok
15:55:35.0366 2224 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:55:35.0366 2224 AFD - ok
15:55:35.0397 2224 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:55:35.0397 2224 agp440 - ok
15:55:35.0413 2224 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:55:35.0413 2224 ALG - ok
15:55:35.0429 2224 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:55:35.0429 2224 aliide - ok
15:55:35.0429 2224 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:55:35.0429 2224 amdide - ok
15:55:35.0460 2224 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:55:35.0460 2224 AmdK8 - ok
15:55:35.0475 2224 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:55:35.0475 2224 AmdPPM - ok
15:55:35.0507 2224 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:55:35.0507 2224 amdsata - ok
15:55:35.0522 2224 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:55:35.0522 2224 amdsbs - ok
15:55:35.0538 2224 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:55:35.0538 2224 amdxata - ok
15:55:35.0600 2224 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:55:35.0600 2224 AppID - ok
15:55:35.0616 2224 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:55:35.0616 2224 AppIDSvc - ok
15:55:35.0647 2224 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:55:35.0647 2224 Appinfo - ok
15:55:35.0709 2224 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:55:35.0725 2224 Apple Mobile Device - ok
15:55:35.0741 2224 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:55:35.0741 2224 arc - ok
15:55:35.0756 2224 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:55:35.0756 2224 arcsas - ok
15:55:35.0787 2224 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:55:35.0787 2224 AsyncMac - ok
15:55:35.0834 2224 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:55:35.0834 2224 atapi - ok
15:55:35.0943 2224 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys
15:55:35.0975 2224 athr - ok
15:55:36.0099 2224 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:55:36.0115 2224 AudioEndpointBuilder - ok
15:55:36.0115 2224 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:55:36.0115 2224 AudioSrv - ok
15:55:36.0255 2224 AVG Security Toolbar Service (3a457c2f798cad79cd30224e723e01fb) C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
15:55:36.0255 2224 AVG Security Toolbar Service - ok
15:55:36.0599 2224 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
15:55:36.0614 2224 AVGIDSAgent - ok
15:55:36.0692 2224 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
15:55:36.0692 2224 AVGIDSDriver - ok
15:55:36.0692 2224 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
15:55:36.0692 2224 AVGIDSEH - ok
15:55:36.0723 2224 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
15:55:36.0723 2224 AVGIDSFilter - ok
15:55:36.0770 2224 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
15:55:36.0770 2224 Avgldx64 - ok
15:55:36.0833 2224 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
15:55:36.0833 2224 Avgmfx64 - ok
15:55:36.0864 2224 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
15:55:36.0864 2224 Avgrkx64 - ok
15:55:36.0911 2224 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
15:55:36.0911 2224 Avgtdia - ok
15:55:36.0942 2224 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
15:55:36.0942 2224 avgwd - ok
15:55:36.0989 2224 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:55:36.0989 2224 AxInstSV - ok
15:55:37.0098 2224 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:55:37.0098 2224 b06bdrv - ok
15:55:37.0145 2224 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:55:37.0160 2224 b57nd60a - ok
15:55:37.0192 2224 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:55:37.0192 2224 BDESVC - ok
15:55:37.0207 2224 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:55:37.0207 2224 Beep - ok
15:55:37.0270 2224 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:55:37.0285 2224 BFE - ok
15:55:37.0363 2224 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:55:37.0363 2224 BITS - ok
15:55:37.0410 2224 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:55:37.0410 2224 blbdrive - ok
15:55:37.0472 2224 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:55:37.0472 2224 Bonjour Service - ok
15:55:37.0488 2224 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:55:37.0488 2224 bowser - ok
15:55:37.0504 2224 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:55:37.0504 2224 BrFiltLo - ok
15:55:37.0504 2224 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:55:37.0504 2224 BrFiltUp - ok
15:55:37.0566 2224 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:55:37.0566 2224 BridgeMP - ok
15:55:37.0597 2224 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:55:37.0597 2224 Browser - ok
15:55:37.0628 2224 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:55:37.0628 2224 Brserid - ok
15:55:37.0628 2224 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:55:37.0628 2224 BrSerWdm - ok
15:55:37.0644 2224 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:55:37.0644 2224 BrUsbMdm - ok
15:55:37.0644 2224 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:55:37.0644 2224 BrUsbSer - ok
15:55:37.0675 2224 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:55:37.0675 2224 BTHMODEM - ok
15:55:37.0691 2224 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:55:37.0706 2224 bthserv - ok
15:55:37.0706 2224 catchme - ok
15:55:37.0738 2224 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:55:37.0738 2224 cdfs - ok
15:55:37.0753 2224 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:55:37.0753 2224 cdrom - ok
15:55:37.0816 2224 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:55:37.0816 2224 CertPropSvc - ok
15:55:37.0831 2224 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:55:37.0831 2224 circlass - ok
15:55:37.0862 2224 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:55:37.0862 2224 CLFS - ok
15:55:37.0909 2224 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:55:37.0909 2224 clr_optimization_v2.0.50727_32 - ok
15:55:37.0925 2224 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:55:37.0925 2224 clr_optimization_v2.0.50727_64 - ok
15:55:37.0987 2224 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:55:37.0987 2224 clr_optimization_v4.0.30319_32 - ok
15:55:38.0050 2224 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:55:38.0050 2224 clr_optimization_v4.0.30319_64 - ok
15:55:38.0065 2224 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:55:38.0065 2224 CmBatt - ok
15:55:38.0081 2224 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:55:38.0081 2224 cmdide - ok
15:55:38.0128 2224 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:55:38.0128 2224 CNG - ok
15:55:38.0143 2224 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:55:38.0143 2224 Compbatt - ok
15:55:38.0174 2224 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:55:38.0174 2224 CompositeBus - ok
15:55:38.0174 2224 COMSysApp - ok
15:55:38.0174 2224 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:55:38.0174 2224 crcdisk - ok
15:55:38.0206 2224 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:55:38.0206 2224 CryptSvc - ok
15:55:38.0268 2224 dc3d (b9f03c09f577d64900f15502a036ea77) C:\Windows\system32\DRIVERS\dc3d.sys
15:55:38.0268 2224 dc3d - ok
15:55:38.0315 2224 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:55:38.0330 2224 DcomLaunch - ok
15:55:38.0362 2224 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:55:38.0362 2224 defragsvc - ok
15:55:38.0393 2224 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:55:38.0393 2224 DfsC - ok
15:55:38.0440 2224 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:55:38.0440 2224 Dhcp - ok
15:55:38.0455 2224 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:55:38.0455 2224 discache - ok
15:55:38.0502 2224 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:55:38.0502 2224 Disk - ok
15:55:38.0533 2224 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:55:38.0533 2224 Dnscache - ok
15:55:38.0564 2224 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:55:38.0580 2224 dot3svc - ok
15:55:38.0611 2224 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:55:38.0611 2224 DPS - ok
15:55:38.0642 2224 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:55:38.0642 2224 drmkaud - ok
15:55:38.0705 2224 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:55:38.0705 2224 DXGKrnl - ok
15:55:38.0736 2224 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:55:38.0752 2224 EapHost - ok
15:55:39.0048 2224 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:55:39.0048 2224 ebdrv - ok
15:55:39.0126 2224 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:55:39.0142 2224 EFS - ok
15:55:39.0204 2224 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:55:39.0204 2224 ehRecvr - ok
15:55:39.0235 2224 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:55:39.0235 2224 ehSched - ok
15:55:39.0298 2224 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:55:39.0298 2224 elxstor - ok
15:55:39.0313 2224 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:55:39.0313 2224 ErrDev - ok
15:55:39.0360 2224 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:55:39.0376 2224 EventSystem - ok
15:55:39.0391 2224 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:55:39.0391 2224 exfat - ok
15:55:39.0438 2224 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:55:39.0438 2224 fastfat - ok
15:55:39.0485 2224 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:55:39.0500 2224 Fax - ok
15:55:39.0500 2224 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:55:39.0500 2224 fdc - ok
15:55:39.0532 2224 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:55:39.0532 2224 fdPHost - ok
15:55:39.0547 2224 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:55:39.0547 2224 FDResPub - ok
15:55:39.0547 2224 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:55:39.0547 2224 FileInfo - ok
15:55:39.0563 2224 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:55:39.0563 2224 Filetrace - ok
15:55:39.0578 2224 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:55:39.0578 2224 flpydisk - ok
15:55:39.0594 2224 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:55:39.0594 2224 FltMgr - ok
15:55:39.0703 2224 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:55:39.0719 2224 FontCache - ok
15:55:39.0766 2224 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:55:39.0766 2224 FontCache3.0.0.0 - ok
15:55:39.0781 2224 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:55:39.0781 2224 FsDepends - ok
15:55:39.0797 2224 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:55:39.0797 2224 Fs_Rec - ok
15:55:39.0828 2224 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:55:39.0828 2224 fvevol - ok
15:55:39.0875 2224 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:55:39.0875 2224 gagp30kx - ok
15:55:39.0906 2224 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:55:39.0906 2224 GEARAspiWDM - ok
15:55:39.0953 2224 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:55:39.0968 2224 gpsvc - ok
15:55:40.0046 2224 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:55:40.0046 2224 gupdate - ok
15:55:40.0062 2224 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:55:40.0062 2224 gupdatem - ok
15:55:40.0093 2224 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:55:40.0093 2224 hcw85cir - ok
15:55:40.0140 2224 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:55:40.0140 2224 HdAudAddService - ok
15:55:40.0171 2224 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:55:40.0171 2224 HDAudBus - ok
15:55:40.0171 2224 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:55:40.0171 2224 HidBatt - ok
15:55:40.0187 2224 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:55:40.0187 2224 HidBth - ok
15:55:40.0202 2224 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:55:40.0202 2224 HidIr - ok
15:55:40.0218 2224 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:55:40.0218 2224 hidserv - ok
15:55:40.0234 2224 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
15:55:40.0234 2224 HidUsb - ok
15:55:40.0265 2224 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:55:40.0280 2224 hkmsvc - ok
15:55:40.0343 2224 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:55:40.0343 2224 HomeGroupListener - ok
15:55:40.0374 2224 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:55:40.0374 2224 HomeGroupProvider - ok
15:55:40.0390 2224 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:55:40.0390 2224 HpSAMD - ok
15:55:40.0452 2224 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:55:40.0468 2224 HTTP - ok
15:55:40.0483 2224 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:55:40.0483 2224 hwpolicy - ok
15:55:40.0514 2224 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:55:40.0514 2224 i8042prt - ok
15:55:40.0592 2224 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:55:40.0592 2224 iaStorV - ok
15:55:40.0655 2224 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:55:40.0655 2224 idsvc - ok
15:55:40.0670 2224 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:55:40.0670 2224 iirsp - ok
15:55:40.0733 2224 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:55:40.0748 2224 IKEEXT - ok
15:55:40.0764 2224 IntcAzAudAddService - ok
15:55:40.0795 2224 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:55:40.0795 2224 intelide - ok
15:55:40.0811 2224 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:55:40.0811 2224 intelppm - ok
15:55:40.0826 2224 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:55:40.0826 2224 IPBusEnum - ok
15:55:40.0858 2224 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:55:40.0858 2224 IpFilterDriver - ok
15:55:40.0904 2224 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:55:40.0920 2224 iphlpsvc - ok
15:55:40.0936 2224 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:55:40.0936 2224 IPMIDRV - ok
15:55:40.0951 2224 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:55:40.0951 2224 IPNAT - ok
15:55:41.0154 2224 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
15:55:41.0154 2224 iPod Service - ok
15:55:41.0170 2224 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:55:41.0170 2224 IRENUM - ok
15:55:41.0185 2224 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:55:41.0185 2224 isapnp - ok
15:55:41.0216 2224 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:55:41.0216 2224 iScsiPrt - ok
15:55:41.0263 2224 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
15:55:41.0263 2224 k57nd60a - ok
15:55:41.0279 2224 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:55:41.0279 2224 kbdclass - ok
15:55:41.0326 2224 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:55:41.0326 2224 kbdhid - ok
15:55:41.0388 2224 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:55:41.0388 2224 KeyIso - ok
15:55:41.0404 2224 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:55:41.0419 2224 KSecDD - ok
15:55:41.0450 2224 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:55:41.0450 2224 KSecPkg - ok
15:55:41.0450 2224 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:55:41.0450 2224 ksthunk - ok
15:55:41.0482 2224 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:55:41.0497 2224 KtmRm - ok
15:55:41.0528 2224 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:55:41.0528 2224 LanmanServer - ok
15:55:41.0560 2224 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:55:41.0560 2224 LanmanWorkstation - ok
15:55:41.0591 2224 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:55:41.0591 2224 lltdio - ok
15:55:41.0622 2224 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:55:41.0622 2224 lltdsvc - ok
15:55:41.0638 2224 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:55:41.0638 2224 lmhosts - ok
15:55:41.0669 2224 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:55:41.0669 2224 LSI_FC - ok
15:55:41.0669 2224 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:55:41.0684 2224 LSI_SAS - ok
15:55:41.0684 2224 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:55:41.0700 2224 LSI_SAS2 - ok
15:55:41.0716 2224 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:55:41.0716 2224 LSI_SCSI - ok
15:55:41.0731 2224 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:55:41.0731 2224 luafv - ok
15:55:41.0762 2224 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:55:41.0762 2224 Mcx2Svc - ok
15:55:41.0778 2224 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:55:41.0778 2224 megasas - ok
15:55:41.0825 2224 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:55:41.0825 2224 MegaSR - ok
15:55:41.0903 2224 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:55:41.0903 2224 Microsoft Office Groove Audit Service - ok
15:55:41.0918 2224 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:55:41.0918 2224 MMCSS - ok
15:55:41.0934 2224 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:55:41.0934 2224 Modem - ok
15:55:41.0934 2224 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:55:41.0934 2224 monitor - ok
15:55:41.0950 2224 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:55:41.0965 2224 mouclass - ok
15:55:41.0981 2224 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:55:41.0981 2224 mouhid - ok
15:55:42.0043 2224 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:55:42.0043 2224 mountmgr - ok
15:55:42.0074 2224 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:55:42.0090 2224 MozillaMaintenance - ok
15:55:42.0106 2224 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:55:42.0106 2224 mpio - ok
15:55:42.0121 2224 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:55:42.0121 2224 mpsdrv - ok
15:55:42.0184 2224 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:55:42.0199 2224 MpsSvc - ok
15:55:42.0215 2224 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:55:42.0215 2224 MRxDAV - ok
15:55:42.0246 2224 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:55:42.0246 2224 mrxsmb - ok
15:55:42.0293 2224 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:55:42.0293 2224 mrxsmb10 - ok
15:55:42.0308 2224 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:55:42.0308 2224 mrxsmb20 - ok
15:55:42.0324 2224 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:55:42.0324 2224 msahci - ok
15:55:42.0355 2224 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:55:42.0355 2224 msdsm - ok
15:55:42.0386 2224 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:55:42.0386 2224 MSDTC - ok
15:55:42.0402 2224 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:55:42.0402 2224 Msfs - ok
15:55:42.0418 2224 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:55:42.0418 2224 mshidkmdf - ok
15:55:42.0433 2224 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:55:42.0433 2224 msisadrv - ok
15:55:42.0464 2224 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:55:42.0464 2224 MSiSCSI - ok
15:55:42.0464 2224 msiserver - ok
15:55:42.0496 2224 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:55:42.0511 2224 MSKSSRV - ok
15:55:42.0511 2224 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:55:42.0511 2224 MSPCLOCK - ok
15:55:42.0527 2224 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:55:42.0527 2224 MSPQM - ok
15:55:42.0558 2224 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:55:42.0574 2224 MsRPC - ok
15:55:42.0589 2224 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:55:42.0589 2224 mssmbios - ok
15:55:42.0605 2224 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:55:42.0605 2224 MSTEE - ok
15:55:42.0605 2224 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:55:42.0605 2224 MTConfig - ok
15:55:42.0620 2224 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:55:42.0620 2224 Mup - ok
15:55:42.0667 2224 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:55:42.0683 2224 napagent - ok
15:55:42.0730 2224 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:55:42.0745 2224 NativeWifiP - ok
15:55:42.0808 2224 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:55:42.0808 2224 NDIS - ok
15:55:42.0823 2224 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:55:42.0823 2224 NdisCap - ok
15:55:42.0839 2224 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:55:42.0839 2224 NdisTapi - ok
15:55:42.0870 2224 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:55:42.0870 2224 Ndisuio - ok
15:55:42.0901 2224 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:55:42.0901 2224 NdisWan - ok
15:55:42.0917 2224 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:55:42.0917 2224 NDProxy - ok
15:55:42.0964 2224 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:55:42.0964 2224 NetBIOS - ok
15:55:42.0995 2224 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:55:42.0995 2224 NetBT - ok
15:55:43.0026 2224 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:55:43.0026 2224 Netlogon - ok
15:55:43.0073 2224 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:55:43.0073 2224 Netman - ok
15:55:43.0120 2224 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:55:43.0120 2224 netprofm - ok
15:55:43.0213 2224 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:55:43.0213 2224 NetTcpPortSharing - ok
15:55:43.0244 2224 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:55:43.0244 2224 nfrd960 - ok
15:55:43.0291 2224 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:55:43.0291 2224 NlaSvc - ok
15:55:43.0291 2224 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:55:43.0291 2224 Npfs - ok
15:55:43.0307 2224 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:55:43.0307 2224 nsi - ok
15:55:43.0322 2224 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:55:43.0322 2224 nsiproxy - ok
15:55:43.0432 2224 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:55:43.0447 2224 Ntfs - ok
15:55:43.0541 2224 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
15:55:43.0541 2224 NuidFltr - ok
15:55:43.0541 2224 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:55:43.0541 2224 Null - ok
15:55:44.0430 2224 nvlddmkm (aaf5559039e99d0cc22e25255f3dc06e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:55:44.0477 2224 nvlddmkm - ok
15:55:44.0570 2224 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:55:44.0570 2224 nvraid - ok
15:55:44.0617 2224 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:55:44.0617 2224 nvstor - ok
15:55:44.0633 2224 nvsvc (c20f9e2deec656c67f7986dd3a50ec62) C:\Windows\system32\nvvsvc.exe
15:55:44.0633 2224 nvsvc - ok
15:55:44.0664 2224 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:55:44.0664 2224 nv_agp - ok
15:55:44.0742 2224 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:55:44.0742 2224 odserv - ok
15:55:44.0758 2224 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:55:44.0758 2224 ohci1394 - ok
15:55:44.0804 2224 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:55:44.0820 2224 ose - ok
15:55:44.0851 2224 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:55:44.0851 2224 p2pimsvc - ok
15:55:44.0882 2224 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:55:44.0898 2224 p2psvc - ok
15:55:44.0929 2224 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:55:44.0929 2224 Parport - ok
15:55:44.0945 2224 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:55:44.0945 2224 partmgr - ok
15:55:44.0976 2224 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:55:44.0976 2224 PcaSvc - ok
15:55:45.0054 2224 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:55:45.0054 2224 pci - ok
15:55:45.0070 2224 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:55:45.0070 2224 pciide - ok
15:55:45.0101 2224 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:55:45.0101 2224 pcmcia - ok
15:55:45.0116 2224 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:55:45.0116 2224 pcw - ok
15:55:45.0148 2224 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:55:45.0163 2224 PEAUTH - ok
15:55:45.0226 2224 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:55:45.0226 2224 PerfHost - ok
15:55:45.0366 2224 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:55:45.0397 2224 pla - ok
15:55:45.0444 2224 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:55:45.0460 2224 PlugPlay - ok
15:55:45.0460 2224 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:55:45.0460 2224 PNRPAutoReg - ok
15:55:45.0522 2224 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:55:45.0522 2224 PNRPsvc - ok
15:55:45.0569 2224 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:55:45.0584 2224 PolicyAgent - ok
15:55:45.0616 2224 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:55:45.0616 2224 Power - ok
15:55:45.0662 2224 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:55:45.0662 2224 PptpMiniport - ok
15:55:45.0694 2224 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:55:45.0694 2224 Processor - ok
15:55:45.0772 2224 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:55:45.0772 2224 ProfSvc - ok
15:55:45.0803 2224 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:55:45.0803 2224 ProtectedStorage - ok
15:55:45.0834 2224 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:55:45.0850 2224 Psched - ok
15:55:45.0928 2224 QBCFMonitorService (91195091f449699b176fe1305dad40da) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
15:55:45.0928 2224 QBCFMonitorService - ok
15:55:45.0959 2224 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
15:55:45.0974 2224 QBFCService - ok
15:55:46.0099 2224 QBVSS (78afb70dbe365bd6140e6740792ac3ea) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
15:55:46.0099 2224 QBVSS - ok
15:55:46.0271 2224 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:55:46.0271 2224 ql2300 - ok
15:55:46.0318 2224 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:55:46.0318 2224 ql40xx - ok
15:55:46.0349 2224 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:55:46.0349 2224 QWAVE - ok
15:55:46.0364 2224 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:55:46.0364 2224 QWAVEdrv - ok
15:55:46.0364 2224 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:55:46.0364 2224 RasAcd - ok
15:55:46.0411 2224 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:55:46.0411 2224 RasAgileVpn - ok
15:55:46.0427 2224 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:55:46.0427 2224 RasAuto - ok
15:55:46.0489 2224 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:55:46.0489 2224 Rasl2tp - ok
15:55:46.0520 2224 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:55:46.0536 2224 RasMan - ok
15:55:46.0536 2224 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:55:46.0552 2224 RasPppoe - ok
15:55:46.0552 2224 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:55:46.0552 2224 RasSstp - ok
15:55:46.0583 2224 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:55:46.0583 2224 rdbss - ok
15:55:46.0598 2224 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:55:46.0598 2224 rdpbus - ok
15:55:46.0614 2224 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:55:46.0614 2224 RDPCDD - ok
15:55:46.0614 2224 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:55:46.0614 2224 RDPENCDD - ok
15:55:46.0630 2224 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:55:46.0630 2224 RDPREFMP - ok
15:55:46.0645 2224 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:55:46.0645 2224 RDPWD - ok
15:55:46.0723 2224 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:55:46.0723 2224 rdyboost - ok
15:55:46.0739 2224 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:55:46.0739 2224 RemoteAccess - ok
15:55:46.0754 2224 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:55:46.0770 2224 RemoteRegistry - ok
15:55:46.0786 2224 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
15:55:46.0801 2224 RimUsb - ok
15:55:46.0801 2224 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:55:46.0801 2224 RpcEptMapper - ok
15:55:46.0817 2224 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:55:46.0817 2224 RpcLocator - ok
15:55:46.0864 2224 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:55:46.0864 2224 RpcSs - ok
15:55:46.0879 2224 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:55:46.0879 2224 rspndr - ok
15:55:46.0942 2224 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:55:46.0942 2224 SamSs - ok
15:55:46.0973 2224 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:55:46.0973 2224 sbp2port - ok
15:55:47.0004 2224 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:55:47.0004 2224 SCardSvr - ok
15:55:47.0020 2224 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:55:47.0035 2224 scfilter - ok
15:55:47.0098 2224 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:55:47.0113 2224 Schedule - ok
15:55:47.0144 2224 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:55:47.0144 2224 SCPolicySvc - ok
15:55:47.0207 2224 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:55:47.0207 2224 SDRSVC - ok
15:55:47.0238 2224 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:55:47.0238 2224 secdrv - ok
15:55:47.0269 2224 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:55:47.0269 2224 seclogon - ok
15:55:47.0285 2224 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:55:47.0285 2224 SENS - ok
15:55:47.0300 2224 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:55:47.0300 2224 SensrSvc - ok
15:55:47.0300 2224 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:55:47.0300 2224 Serenum - ok
15:55:47.0332 2224 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:55:47.0332 2224 Serial - ok
15:55:47.0347 2224 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:55:47.0347 2224 sermouse - ok
15:55:47.0378 2224 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:55:47.0378 2224 SessionEnv - ok
15:55:47.0425 2224 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:55:47.0425 2224 sffdisk - ok
15:55:47.0441 2224 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:55:47.0441 2224 sffp_mmc - ok
15:55:47.0456 2224 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:55:47.0456 2224 sffp_sd - ok
15:55:47.0472 2224 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:55:47.0472 2224 sfloppy - ok
15:55:47.0519 2224 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:55:47.0519 2224 SharedAccess - ok
15:55:47.0566 2224 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:55:47.0581 2224 ShellHWDetection - ok
15:55:47.0597 2224 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:55:47.0597 2224 SiSRaid2 - ok
15:55:47.0612 2224 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:55:47.0612 2224 SiSRaid4 - ok
15:55:47.0628 2224 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:55:47.0628 2224 Smb - ok
15:55:47.0659 2224 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:55:47.0659 2224 SNMPTRAP - ok
15:55:47.0675 2224 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:55:47.0675 2224 spldr - ok
15:55:47.0722 2224 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:55:47.0737 2224 Spooler - ok
15:55:47.0971 2224 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:55:48.0002 2224 sppsvc - ok
15:55:48.0080 2224 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:55:48.0080 2224 sppuinotify - ok
15:55:48.0174 2224 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:55:48.0190 2224 srv - ok
15:55:48.0221 2224 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:55:48.0221 2224 srv2 - ok
15:55:48.0236 2224 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:55:48.0236 2224 srvnet - ok
15:55:48.0268 2224 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:55:48.0268 2224 SSDPSRV - ok
15:55:48.0283 2224 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:55:48.0283 2224 SstpSvc - ok
15:55:48.0299 2224 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:55:48.0299 2224 stexstor - ok
15:55:48.0346 2224 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:55:48.0361 2224 stisvc - ok
15:55:48.0392 2224 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:55:48.0392 2224 swenum - ok
15:55:48.0439 2224 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:55:48.0455 2224 swprv - ok
15:55:48.0548 2224 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:55:48.0564 2224 SysMain - ok
15:55:48.0658 2224 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:55:48.0658 2224 TabletInputService - ok
15:55:48.0704 2224 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:55:48.0704 2224 TapiSrv - ok
15:55:48.0720 2224 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:55:48.0720 2224 TBS - ok
15:55:48.0845 2224 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:55:48.0845 2224 Tcpip - ok
15:55:49.0016 2224 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:55:49.0016 2224 TCPIP6 - ok
15:55:49.0079 2224 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:55:49.0079 2224 tcpipreg - ok
15:55:49.0094 2224 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:55:49.0157 2224 TDPIPE - ok
15:55:49.0188 2224 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:55:49.0188 2224 TDTCP - ok
15:55:49.0219 2224 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:55:49.0235 2224 tdx - ok
15:55:49.0250 2224 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:55:49.0250 2224 TermDD - ok
15:55:49.0313 2224 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:55:49.0328 2224 TermService - ok
15:55:49.0328 2224 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:55:49.0328 2224 Themes - ok
15:55:49.0344 2224 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:55:49.0344 2224 THREADORDER - ok
15:55:49.0360 2224 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:55:49.0360 2224 TrkWks - ok
15:55:49.0406 2224 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:55:49.0422 2224 TrustedInstaller - ok
15:55:49.0453 2224 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:55:49.0453 2224 tssecsrv - ok
15:55:49.0484 2224 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:55:49.0484 2224 TsUsbFlt - ok
15:55:49.0516 2224 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:55:49.0516 2224 tunnel - ok
15:55:49.0531 2224 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:55:49.0531 2224 uagp35 - ok
15:55:49.0562 2224 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:55:49.0562 2224 udfs - ok
15:55:49.0578 2224 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:55:49.0578 2224 UI0Detect - ok
15:55:49.0594 2224 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:55:49.0594 2224 uliagpkx - ok
15:55:49.0656 2224 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:55:49.0656 2224 umbus - ok
15:55:49.0672 2224 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:55:49.0672 2224 UmPass - ok
15:55:49.0703 2224 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:55:49.0703 2224 upnphost - ok
15:55:49.0734 2224 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:55:49.0734 2224 USBAAPL64 - ok
15:55:49.0750 2224 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:55:49.0750 2224 usbccgp - ok
15:55:49.0781 2224 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:55:49.0781 2224 usbcir - ok
15:55:49.0812 2224 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:55:49.0812 2224 usbehci - ok
15:55:49.0828 2224 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:55:49.0843 2224 usbhub - ok
15:55:49.0874 2224 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:55:49.0874 2224 usbohci - ok
15:55:49.0890 2224 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:55:49.0906 2224 usbprint - ok
15:55:49.0906 2224 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:55:49.0906 2224 USBSTOR - ok
15:55:49.0921 2224 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:55:49.0921 2224 usbuhci - ok
15:55:49.0937 2224 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:55:49.0937 2224 UxSms - ok
15:55:49.0952 2224 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:55:49.0952 2224 VaultSvc - ok
15:55:49.0968 2224 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:55:49.0968 2224 vdrvroot - ok
15:55:49.0999 2224 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:55:50.0015 2224 vds - ok
15:55:50.0030 2224 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:55:50.0030 2224 vga - ok
15:55:50.0030 2224 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:55:50.0030 2224 VgaSave - ok
15:55:50.0062 2224 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:55:50.0062 2224 vhdmp - ok
15:55:50.0077 2224 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:55:50.0093 2224 viaide - ok
15:55:50.0155 2224 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:55:50.0155 2224 volmgr - ok
15:55:50.0186 2224 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:55:50.0186 2224 volmgrx - ok
15:55:50.0218 2224 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:55:50.0218 2224 volsnap - ok
15:55:50.0249 2224 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:55:50.0249 2224 vsmraid - ok
15:55:50.0342 2224 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:55:50.0358 2224 VSS - ok
15:55:50.0483 2224 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
15:55:50.0498 2224 vToolbarUpdater10.2.0 - ok
15:55:50.0561 2224 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:55:50.0561 2224 vwifibus - ok
15:55:50.0576 2224 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:55:50.0576 2224 vwififlt - ok
15:55:50.0639 2224 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:55:50.0654 2224 W32Time - ok
15:55:50.0654 2224 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:55:50.0654 2224 WacomPen - ok
15:55:50.0686 2224 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:55:50.0686 2224 WANARP - ok
15:55:50.0701 2224 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:55:50.0701 2224 Wanarpv6 - ok
15:55:50.0779 2224 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:55:50.0810 2224 WatAdminSvc - ok
15:55:50.0920 2224 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:55:50.0935 2224 wbengine - ok
15:55:50.0998 2224 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:55:50.0998 2224 WbioSrvc - ok
15:55:51.0044 2224 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:55:51.0044 2224 wcncsvc - ok
15:55:51.0107 2224 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:55:51.0107 2224 WcsPlugInService - ok
15:55:51.0138 2224 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:55:51.0138 2224 Wd - ok
15:55:51.0185 2224 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:55:51.0185 2224 Wdf01000 - ok
15:55:51.0200 2224 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:55:51.0200 2224 WdiServiceHost - ok
15:55:51.0200 2224 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:55:51.0200 2224 WdiSystemHost - ok
15:55:51.0232 2224 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:55:51.0247 2224 WebClient - ok
15:55:51.0263 2224 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:55:51.0263 2224 Wecsvc - ok
15:55:51.0278 2224 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:55:51.0278 2224 wercplsupport - ok
15:55:51.0294 2224 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:55:51.0294 2224 WerSvc - ok
15:55:51.0325 2224 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:55:51.0325 2224 WfpLwf - ok
15:55:51.0356 2224 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:55:51.0356 2224 WIMMount - ok
15:55:51.0372 2224 WinDefend - ok
15:55:51.0372 2224 WinHttpAutoProxySvc - ok
15:55:51.0419 2224 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:55:51.0419 2224 Winmgmt - ok
15:55:51.0544 2224 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:55:51.0559 2224 WinRM - ok
15:55:51.0637 2224 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:55:51.0637 2224 WinUsb - ok
15:55:51.0700 2224 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:55:51.0715 2224 Wlansvc - ok
15:55:51.0731 2224 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:55:51.0731 2224 WmiAcpi - ok
15:55:51.0778 2224 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:55:51.0778 2224 wmiApSrv - ok
15:55:51.0793 2224 WMPNetworkSvc - ok
15:55:51.0809 2224 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:55:51.0809 2224 WPCSvc - ok
15:55:51.0824 2224 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:55:51.0840 2224 WPDBusEnum - ok
15:55:51.0840 2224 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:55:51.0840 2224 ws2ifsl - ok
15:55:51.0856 2224 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:55:51.0871 2224 wscsvc - ok
15:55:51.0871 2224 WSearch - ok
15:55:52.0027 2224 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:55:52.0043 2224 wuauserv - ok
15:55:52.0105 2224 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:55:52.0105 2224 WudfPf - ok
15:55:52.0136 2224 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:55:52.0136 2224 WUDFRd - ok
15:55:52.0168 2224 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:55:52.0168 2224 wudfsvc - ok
15:55:52.0214 2224 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:55:52.0214 2224 WwanSvc - ok
15:55:52.0246 2224 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:55:52.0292 2224 \Device\Harddisk0\DR0 - ok
15:55:52.0292 2224 Boot (0x1200) (7ba66f2a9c9b570243b9cd7ff34dcfdf) \Device\Harddisk0\DR0\Partition0
15:55:52.0292 2224 \Device\Harddisk0\DR0\Partition0 - ok
15:55:52.0292 2224 Boot (0x1200) (ba11f57af69d81613973117917e29c3f) \Device\Harddisk0\DR0\Partition1
15:55:52.0292 2224 \Device\Harddisk0\DR0\Partition1 - ok
15:55:52.0292 2224 ============================================================
15:55:52.0292 2224 Scan finished
15:55:52.0292 2224 ============================================================
15:55:52.0308 3540 Detected object count: 0
15:55:52.0308 3540 Actual detected object count: 0
with a golden heart comes a rebel fist.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:56 PM

Posted 26 April 2012 - 03:05 PM

Let me have the aswMBR report when it is complete OK


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 skylyre

skylyre
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:a pale blue dot.
  • Local time:11:56 AM

Posted 26 April 2012 - 03:06 PM

Ok just ran the asw scan... looks like it found something, here's the log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-26 15:57:52
-----------------------------
15:57:52.236 OS Version: Windows x64 6.1.7601 Service Pack 1
15:57:52.236 Number of processors: 2 586 0x2502
15:57:52.236 ComputerName: BROWN-PC UserName: Brown
15:57:54.405 Initialize success
15:58:50.650 AVAST engine defs: 12042601
15:59:13.894 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:59:13.894 Disk 0 Vendor: WDC_WD1001FALS-00J7B0 05.00K05 Size: 953869MB BusType: 3
15:59:13.909 Disk 0 MBR read successfully
15:59:13.909 Disk 0 MBR scan
15:59:13.925 Disk 0 Windows 7 default MBR code
15:59:13.925 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:59:13.925 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
15:59:13.956 Disk 0 scanning C:\Windows\system32\drivers
15:59:20.680 Service scanning
15:59:32.848 Modules scanning
15:59:32.848 Disk 0 trace - called modules:
15:59:32.848 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:59:32.864 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a7d060]
15:59:32.864 3 CLASSPNP.SYS[fffff8800199543f] -> nt!IofCallDriver -> [0xfffffa8003aece40]
15:59:32.864 5 ACPI.sys[fffff88000ef27a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800455c060]
15:59:34.985 AVAST engine scan C:\Windows
15:59:38.105 AVAST engine scan C:\Windows\system32
16:01:28.787 AVAST engine scan C:\Windows\system32\drivers
16:01:37.492 AVAST engine scan C:\Users\Brown
16:03:16.708 File: C:\Users\Brown\AppData\Roaming\InstallShield\InstallShield\hqsysrld.dll **INFECTED** Win32:Trojan-gen
16:03:45.397 AVAST engine scan C:\ProgramData
16:04:19.826 Scan finished successfully
16:05:47.795 Disk 0 MBR has been saved successfully to "C:\Users\Brown\Desktop\MBR.dat"
16:05:47.795 The log file has been saved successfully to "C:\Users\Brown\Desktop\aswMBR.txt"
with a golden heart comes a rebel fist.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:56 PM

Posted 26 April 2012 - 03:09 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\programdata\Microsoft\Windows\DRM

File::
C:\Users\Brown\AppData\Roaming\InstallShield\InstallShield\hqsysrld.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 skylyre

skylyre
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:a pale blue dot.
  • Local time:11:56 AM

Posted 26 April 2012 - 03:37 PM

Ran CFScript, computer seems to be working fine. Here's the log:

ComboFix 12-04-26.01 - Brown 04/26/2012 16:21:34.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3959.2581 [GMT -4:00]
Running from: c:\users\Brown\Downloads\ComboFix.exe
Command switches used :: c:\users\Brown\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Brown\AppData\Roaming\InstallShield\InstallShield\hqsysrld.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM
c:\programdata\Microsoft\Windows\DRM\109C.tmp
c:\programdata\Microsoft\Windows\DRM\blackbox.bin
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-21-1737974787-2706121336-2693514871-1000\Indiv01.key
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.bla
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.key
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.tmp
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01_64.key
c:\programdata\Microsoft\Windows\DRM\drmstore.hds
c:\programdata\Microsoft\Windows\DRM\IndivBox.key
c:\programdata\Microsoft\Windows\DRM\IndivBox_64.key
c:\programdata\Microsoft\Windows\DRM\v2ksndv.bla
c:\programdata\Microsoft\Windows\DRM\v3ks.bla
c:\programdata\Microsoft\Windows\DRM\v3ks.sec
c:\users\Brown\AppData\Roaming\InstallShield\InstallShield\hqsysrld.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-26 to 2012-04-26 )))))))))))))))))))))))))))))))
.
.
2012-04-26 20:24 . 2012-04-26 20:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-11 20:41 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 20:41 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 20:41 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 20:40 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 20:40 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 20:40 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 20:40 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 20:40 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 20:40 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 20:40 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-04 11:52 . 2012-04-04 11:52 -------- d-----w- c:\program files\iPod
2012-04-04 11:52 . 2012-04-04 11:52 -------- d-----w- c:\program files\iTunes
2012-04-04 11:52 . 2012-04-04 11:52 -------- d-----w- c:\program files (x86)\iTunes
2012-04-02 15:51 . 2012-04-02 15:51 -------- d-----w- c:\users\Brown\AppData\Roaming\IrfanView
2012-04-02 15:51 . 2012-04-02 15:51 -------- d-----w- c:\program files (x86)\IrfanView
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 06:38 . 2012-03-14 12:49 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 12:49 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 12:49 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 12:49 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 12:49 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 12:49 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-14 12:49 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-26_18.20.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-06 16:39 . 2012-04-26 18:35 37616 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-26 18:35 30624 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-06 16:39 . 2012-04-26 18:35 15624 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1737974787-2706121336-2693514871-1000_UserData.bin
- 2010-07-06 20:56 . 2012-04-26 18:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-06 20:56 . 2012-04-26 20:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-06 20:56 . 2012-04-26 18:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-06 20:56 . 2012-04-26 20:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-26 20:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-26 18:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-06 18:09 . 2012-04-26 18:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-06 18:09 . 2012-04-26 20:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-06 18:09 . 2012-04-26 18:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-06 18:09 . 2012-04-26 20:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-26 20:25 . 2012-04-26 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-26 18:20 . 2012-04-26 18:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-26 20:25 . 2012-04-26 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-26 18:20 . 2012-04-26 18:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-25 16:52 624162 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-26 18:37 624162 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-26 18:37 106538 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-25 16:52 106538 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-26 18:19 397552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-26 20:24 397552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-25 16:48 . 2012-04-26 20:24 398320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1737974787-2706121336-2693514871-1000-8192.dat
- 2012-04-25 16:48 . 2012-04-26 18:19 398320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1737974787-2706121336-2693514871-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 11:44 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-12 982880]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-11-9 5911896]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-9 1156968]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2011\QBW32.EXE [2011-11-9 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 136176]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-12 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 14:21]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 14:21]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Brown\AppData\Roaming\Mozilla\Firefox\Profiles\li61cc49.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B0a2f15dd-1dc5-4a4b-b7e0-3ef0859cb35d%7D&mid=cc2be067016e251053a2476a259c6296-b6e5b04d0f61287473f4b59ee352838e554622a5&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-09-22%2009%3A05%3A40&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
.
**************************************************************************
.
Completion time: 2012-04-26 16:28:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-26 20:28
ComboFix2.txt 2012-04-26 18:23
.
Pre-Run: 943,258,710,016 bytes free
Post-Run: 943,233,740,800 bytes free
.
- - End Of File - - EF4774760254DF7E4E558F609C62602B
with a golden heart comes a rebel fist.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:56 PM

Posted 26 April 2012 - 06:22 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 22 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 skylyre

skylyre
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:a pale blue dot.
  • Local time:11:56 AM

Posted 27 April 2012 - 08:03 AM

Morning Gringo, everything went smoothly. Here's the MBAM log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.27.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Brown :: BROWN-PC [administrator]

4/27/2012 8:49:16 AM
mbam-log-2012-04-27 (08-49-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203447
Time elapsed: 1 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Here's the HiJack log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:59:44 AM, on 4/27/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Users\Brown\Desktop\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10223 bytes



I ran it again, hopefully as the Administrator, because it gave me a message saying it might not have been able to see all the files or something... here's that log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:02:07 AM, on 4/27/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Users\Brown\Desktop\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10223 bytes
with a golden heart comes a rebel fist.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users