Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: service.exe Trojan


(!)

ruecke's Avatar
ruecke   (Ryan) ruecke is offline
Member with 13 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
02-Aug-2012, 05:43 PM #1
service.exe Trojan
I use AVG for my antivirus software on my HP G60 Notebook. It's running Windows 7 (64 bit). AVG is reporting a "Trojan horse Patched_c.LXT" in C:\Windows\System32\services.exe. It is saying that it can't be removed because it's a system file. :-( Any help you can give would be greatly appreciated. Here are my log files. Thanks

Ryan

HijackThis


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:29:26 PM, on 8/2/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files (x86)\AVG\AVG10\avgui.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Users\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.flipfloprentals.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {c1b8770b-7d91-c494-31e0-e62db08b9414} - C:\Program Files (x86)\Bucksbee Loyalty Plugin - W3i\Helper.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: FCTBPos00Pos - {626A9BF6-A6F4-18F4-159B-52A7A586C40B} - C:\Program Files (x86)\Bucksbee Loyalty Plugin - W3i\BucksBee Loyalty Plugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
O4 - HKCU\..\Run: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12036 bytes




DDS


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
Run by Owner at 17:35:50 on 2012-08-02
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.1386 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.flipfloprentals.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: FCToolbarURLSearchHook Class: {c1b8770b-7d91-c494-31e0-e62db08b9414} - C:\Program Files (x86)\Bucksbee Loyalty Plugin - W3i\Helper.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Bucksbee Loyalty Plugin - W3i: {626a9bf6-a6f4-18f4-159b-52a7a586c40b} - C:\Program Files (x86)\Bucksbee Loyalty Plugin - W3i\BucksBee Loyalty Plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
uRun: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe"
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [<NO NAME>]
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: HideSCAHealth = 1 (0x1)
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{18D9E025-E8E9-4E28-8B58-21E1E647E015} : DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{20E7A493-E919-4ADA-8169-A04104E2FA5D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{20E7A493-E919-4ADA-8169-A04104E2FA5D}\3547F627D6970205F696E6470234C6572686F6573756 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{20E7A493-E919-4ADA-8169-A04104E2FA5D}\3557D6D656277796E646370234F6474716765602143636563737 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{20E7A493-E919-4ADA-8169-A04104E2FA5D}\94E6475676279647970235562767963656 : DhcpNameServer = 68.94.156.1 151.164.8.201
TCP: Interfaces\{20E7A493-E919-4ADA-8169-A04104E2FA5D}\94E647567627964797F5548545 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8032AECB-EB0A-4B6C-AFE7-B137AF060861} : DhcpNameServer = 68.87.72.134 68.87.77.134
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Bucksbee Loyalty Plugin - W3i: {626A9BF6-A6F4-18F4-159B-52A7A586C40B} - C:\Program Files (x86)\Bucksbee Loyalty Plugin - W3i\BucksBee Loyalty Plugin.dll
BHO-X64: FCTBPos00Pos - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.flipfloprentals.com/
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\npmusicn.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\NPSibelius.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - C:\Program Files (x86)\AVG\AVG10\Firefox4
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-6-24 91456]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 easytether;easytether;C:\Windows\system32\DRIVERS\easytthr.sys --> C:\Windows\system32\DRIVERS\easytthr.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-31 257224]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 228408]
S3 JLTECH0227;Dual Mode Camera;C:\Windows\system32\Drivers\jl2005c.sys --> C:\Windows\system32\Drivers\jl2005c.sys [?]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-08-01 02:19:33 -------- d-----w- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2012-08-01 02:15:53 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-08-01 02:00:43 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2012-08-01 02:00:26 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-01 02:00:26 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-01 02:00:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-01 01:30:49 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-31 12:42:49 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-23 13:11:12 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\5467.tmp
.
==================== Find3M ====================
.
2012-08-01 01:30:49 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 17:36:19.20 ===============


Attach.zip attached.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Conspire's Avatar
Conspire Conspire is offline Conspire is authorized to help remove malware.
Malware Removal Specialist with 433 posts.
 
Join Date: Feb 2011
Location: Malaysia
Experience: Intermediate
03-Aug-2012, 09:23 AM #2
Hello there, Ryan

Welcome to TSG

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.


IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------

Also note that I will not respond to this thread if I don't receive your reply for 3 days.

---------------------------------------------------------------------------------------------------

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
aswMBR log
MBR.dat (attachment)
TDSS Killer log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

Last edited by Conspire; 03-Aug-2012 at 09:31 AM..
ruecke's Avatar
ruecke   (Ryan) ruecke is offline
Member with 13 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
03-Aug-2012, 06:41 PM #3
Hello Conspire, thanks for being willing to help me.

I have run the tests as you have asked and am posting the results. The only thing that I didn't do was when the aswMBR asked to download and use the Avast virus definitions, I chose not to do that since I haven't been connecting that laptop to the internet since the trojan. Let me know if I should go back and redo that one after I connect to the internet again.Thanks

Ryan

aswMBR


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-03 18:31:53
-----------------------------
18:31:53.689 OS Version: Windows x64 6.1.7600
18:31:53.689 Number of processors: 2 586 0x170A
18:31:53.689 ComputerName: THENEWMOM UserName: Owner
18:31:54.781 Initialize success
18:32:33.227 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:32:33.227 Disk 0 Vendor: Hitachi_HTS545032B9A300 PB3OCA0G Size: 305245MB BusType: 11
18:32:33.227 Disk 0 MBR read successfully
18:32:33.242 Disk 0 MBR scan
18:32:33.242 Disk 0 unknown MBR code
18:32:33.258 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
18:32:33.274 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292848 MB offset 409600
18:32:33.305 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12196 MB offset 600162304
18:32:33.352 Disk 0 scanning C:\Windows\system32\drivers
18:32:40.559 Service scanning
18:32:59.045 Modules scanning
18:32:59.045 Disk 0 trace - called modules:
18:32:59.076 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:32:59.076 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800338a060]
18:32:59.092 3 CLASSPNP.SYS[fffff8800111043f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002e1f060]
18:32:59.092 Scan finished successfully
18:33:11.041 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
18:33:11.057 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"



tdsskiller



18:33:49.0890 1208 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:33:49.0905 1208 ============================================================
18:33:49.0905 1208 Current date / time: 2012/08/03 18:33:49.0905
18:33:49.0905 1208 SystemInfo:
18:33:49.0905 1208
18:33:49.0905 1208 OS Version: 6.1.7600 ServicePack: 0.0
18:33:49.0905 1208 Product type: Workstation
18:33:49.0905 1208 ComputerName: THENEWMOM
18:33:49.0905 1208 UserName: Owner
18:33:49.0905 1208 Windows directory: C:\Windows
18:33:49.0905 1208 System windows directory: C:\Windows
18:33:49.0905 1208 Running under WOW64
18:33:49.0905 1208 Processor architecture: Intel x64
18:33:49.0905 1208 Number of processors: 2
18:33:49.0905 1208 Page size: 0x1000
18:33:49.0905 1208 Boot type: Normal boot
18:33:49.0905 1208 ============================================================
18:33:51.0029 1208 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x1E4843, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x5, Type 'K0', Flags 0x00000040
18:33:51.0029 1208 Drive \Device\Harddisk1\DR4 - Size: 0x1E1FFFE00 (7.53 Gb), SectorSize: 0x200, Cylinders: 0x3D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:33:51.0029 1208 ============================================================
18:33:51.0029 1208 \Device\Harddisk0\DR0:
18:33:51.0029 1208 MBR partitions:
18:33:51.0029 1208 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:33:51.0029 1208 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23BF8000
18:33:51.0029 1208 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23C5C000, BlocksNum 0x17D2000
18:33:51.0029 1208 \Device\Harddisk1\DR4:
18:33:51.0029 1208 MBR partitions:
18:33:51.0029 1208 \Device\Harddisk1\DR4\Partition0: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4
18:33:51.0029 1208 ============================================================
18:33:51.0060 1208 C: <-> \Device\Harddisk0\DR0\Partition1
18:33:51.0122 1208 D: <-> \Device\Harddisk0\DR0\Partition2
18:33:51.0122 1208 ============================================================
18:33:51.0122 1208 Initialize success
18:33:51.0122 1208 ============================================================
18:33:53.0306 3928 ============================================================
18:33:53.0306 3928 Scan started
18:33:53.0306 3928 Mode: Manual;
18:33:53.0306 3928 ============================================================
18:33:54.0617 3928 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:33:54.0617 3928 1394ohci - ok
18:33:54.0663 3928 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:33:54.0679 3928 ACPI - ok
18:33:54.0710 3928 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:33:54.0710 3928 AcpiPmi - ok
18:33:54.0804 3928 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:33:54.0819 3928 AdobeFlashPlayerUpdateSvc - ok
18:33:54.0866 3928 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:33:54.0866 3928 adp94xx - ok
18:33:54.0929 3928 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:33:54.0929 3928 adpahci - ok
18:33:54.0944 3928 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:33:54.0944 3928 adpu320 - ok
18:33:54.0991 3928 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:33:54.0991 3928 AeLookupSvc - ok
18:33:55.0038 3928 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
18:33:55.0038 3928 AFD - ok
18:33:55.0069 3928 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:33:55.0069 3928 agp440 - ok
18:33:55.0100 3928 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:33:55.0100 3928 ALG - ok
18:33:55.0131 3928 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:33:55.0131 3928 aliide - ok
18:33:55.0163 3928 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:33:55.0163 3928 amdide - ok
18:33:55.0194 3928 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:33:55.0209 3928 AmdK8 - ok
18:33:55.0225 3928 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:33:55.0225 3928 AmdPPM - ok
18:33:55.0272 3928 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
18:33:55.0272 3928 amdsata - ok
18:33:55.0303 3928 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:33:55.0303 3928 amdsbs - ok
18:33:55.0319 3928 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
18:33:55.0319 3928 amdxata - ok
18:33:55.0365 3928 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:33:55.0365 3928 AppID - ok
18:33:55.0397 3928 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:33:55.0397 3928 AppIDSvc - ok
18:33:55.0428 3928 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
18:33:55.0428 3928 Appinfo - ok
18:33:55.0475 3928 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:33:55.0475 3928 arc - ok
18:33:55.0506 3928 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:33:55.0506 3928 arcsas - ok
18:33:55.0553 3928 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:33:55.0553 3928 AsyncMac - ok
18:33:55.0584 3928 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:33:55.0584 3928 atapi - ok
18:33:55.0709 3928 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
18:33:55.0724 3928 athr - ok
18:33:55.0865 3928 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:33:55.0880 3928 AudioEndpointBuilder - ok
18:33:55.0880 3928 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:33:55.0896 3928 AudioSrv - ok
18:33:56.0333 3928 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
18:33:56.0489 3928 AVGIDSAgent - ok
18:33:56.0645 3928 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
18:33:56.0645 3928 AVGIDSDriver - ok
18:33:56.0707 3928 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
18:33:56.0707 3928 AVGIDSEH - ok
18:33:56.0738 3928 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
18:33:56.0738 3928 AVGIDSFilter - ok
18:33:56.0832 3928 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
18:33:56.0832 3928 Avgldx64 - ok
18:33:56.0879 3928 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
18:33:56.0894 3928 Avgmfx64 - ok
18:33:56.0910 3928 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
18:33:56.0910 3928 Avgrkx64 - ok
18:33:56.0925 3928 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
18:33:56.0941 3928 Avgtdia - ok
18:33:57.0066 3928 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
18:33:57.0081 3928 avgwd - ok
18:33:57.0128 3928 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
18:33:57.0128 3928 AxInstSV - ok
18:33:57.0175 3928 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:33:57.0191 3928 b06bdrv - ok
18:33:57.0253 3928 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:33:57.0253 3928 b57nd60a - ok
18:33:57.0269 3928 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:33:57.0269 3928 BDESVC - ok
18:33:57.0300 3928 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:33:57.0300 3928 Beep - ok
18:33:57.0347 3928 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:33:57.0347 3928 blbdrive - ok
18:33:57.0378 3928 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
18:33:57.0378 3928 bowser - ok
18:33:57.0409 3928 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:33:57.0409 3928 BrFiltLo - ok
18:33:57.0440 3928 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:33:57.0440 3928 BrFiltUp - ok
18:33:57.0471 3928 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
18:33:57.0471 3928 Browser - ok
18:33:57.0518 3928 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:33:57.0518 3928 Brserid - ok
18:33:57.0549 3928 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:33:57.0549 3928 BrSerWdm - ok
18:33:57.0549 3928 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:33:57.0549 3928 BrUsbMdm - ok
18:33:57.0581 3928 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:33:57.0581 3928 BrUsbSer - ok
18:33:57.0627 3928 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
18:33:57.0627 3928 BTCFilterService - ok
18:33:57.0659 3928 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:33:57.0659 3928 BTHMODEM - ok
18:33:57.0690 3928 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:33:57.0705 3928 bthserv - ok
18:33:57.0768 3928 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
18:33:57.0768 3928 CAXHWAZL - ok
18:33:57.0799 3928 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:33:57.0815 3928 cdfs - ok
18:33:57.0861 3928 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:33:57.0861 3928 cdrom - ok
18:33:57.0893 3928 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:33:57.0893 3928 CertPropSvc - ok
18:33:57.0924 3928 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:33:57.0924 3928 circlass - ok
18:33:57.0955 3928 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:33:57.0955 3928 CLFS - ok
18:33:58.0033 3928 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:33:58.0033 3928 clr_optimization_v2.0.50727_32 - ok
18:33:58.0080 3928 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:33:58.0080 3928 clr_optimization_v2.0.50727_64 - ok
18:33:58.0220 3928 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:33:58.0220 3928 clr_optimization_v4.0.30319_32 - ok
18:33:58.0267 3928 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:33:58.0267 3928 clr_optimization_v4.0.30319_64 - ok
18:33:58.0298 3928 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:33:58.0298 3928 CmBatt - ok
18:33:58.0314 3928 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:33:58.0314 3928 cmdide - ok
18:33:58.0361 3928 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
18:33:58.0376 3928 CNG - ok
18:33:58.0439 3928 CnxtHdAudService (3cb10294f7a59fd22501f4bad915f250) C:\Windows\system32\drivers\CHDRT64.sys
18:33:58.0439 3928 CnxtHdAudService - ok
18:33:58.0532 3928 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
18:33:58.0532 3928 Com4QLBEx - ok
18:33:58.0532 3928 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:33:58.0532 3928 Compbatt - ok
18:33:58.0563 3928 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:33:58.0563 3928 CompositeBus - ok
18:33:58.0579 3928 COMSysApp - ok
18:33:58.0610 3928 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:33:58.0610 3928 crcdisk - ok
18:33:58.0657 3928 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
18:33:58.0657 3928 CryptSvc - ok
18:33:58.0704 3928 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:33:58.0704 3928 DcomLaunch - ok
18:33:58.0766 3928 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:33:58.0766 3928 defragsvc - ok
18:33:58.0797 3928 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
18:33:58.0813 3928 DfsC - ok
18:33:58.0844 3928 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
18:33:58.0860 3928 Dhcp - ok
18:33:58.0860 3928 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:33:58.0860 3928 discache - ok
18:33:58.0922 3928 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:33:58.0922 3928 Disk - ok
18:33:58.0969 3928 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
18:33:58.0969 3928 Dnscache - ok
18:33:59.0000 3928 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
18:33:59.0000 3928 dot3svc - ok
18:33:59.0031 3928 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
18:33:59.0031 3928 DPS - ok
18:33:59.0063 3928 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:33:59.0063 3928 drmkaud - ok
18:33:59.0125 3928 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
18:33:59.0141 3928 DXGKrnl - ok
18:33:59.0156 3928 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:33:59.0172 3928 EapHost - ok
18:33:59.0219 3928 easytether (1d69a83033930c20583d608c622ca56b) C:\Windows\system32\DRIVERS\easytthr.sys
18:33:59.0219 3928 easytether - ok
18:33:59.0375 3928 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:33:59.0406 3928 ebdrv - ok
18:33:59.0640 3928 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
18:33:59.0640 3928 EFS - ok
18:33:59.0749 3928 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
18:33:59.0749 3928 ehRecvr - ok
18:33:59.0796 3928 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:33:59.0796 3928 ehSched - ok
18:33:59.0874 3928 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:33:59.0874 3928 elxstor - ok
18:33:59.0905 3928 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:33:59.0905 3928 ErrDev - ok
18:33:59.0952 3928 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:33:59.0952 3928 EventSystem - ok
18:33:59.0983 3928 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:33:59.0983 3928 exfat - ok
18:34:00.0014 3928 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:34:00.0014 3928 fastfat - ok
18:34:00.0061 3928 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
18:34:00.0077 3928 Fax - ok
18:34:00.0108 3928 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:34:00.0108 3928 fdc - ok
18:34:00.0123 3928 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:34:00.0123 3928 fdPHost - ok
18:34:00.0139 3928 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:34:00.0139 3928 FDResPub - ok
18:34:00.0170 3928 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:34:00.0170 3928 FileInfo - ok
18:34:00.0201 3928 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:34:00.0201 3928 Filetrace - ok
18:34:00.0233 3928 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:34:00.0233 3928 flpydisk - ok
18:34:00.0279 3928 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:34:00.0279 3928 FltMgr - ok
18:34:00.0342 3928 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
18:34:00.0357 3928 FontCache - ok
18:34:00.0435 3928 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:34:00.0435 3928 FontCache3.0.0.0 - ok
18:34:00.0482 3928 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:34:00.0482 3928 FsDepends - ok
18:34:00.0513 3928 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:34:00.0513 3928 Fs_Rec - ok
18:34:00.0560 3928 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:34:00.0576 3928 fvevol - ok
18:34:00.0607 3928 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:34:00.0607 3928 gagp30kx - ok
18:34:00.0685 3928 GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
18:34:00.0701 3928 GameConsoleService - ok
18:34:00.0779 3928 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
18:34:00.0779 3928 gpsvc - ok
18:34:00.0872 3928 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:34:00.0872 3928 gusvc - ok
18:34:00.0903 3928 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:34:00.0903 3928 hcw85cir - ok
18:34:00.0966 3928 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
18:34:00.0966 3928 HdAudAddService - ok
18:34:01.0013 3928 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:34:01.0013 3928 HDAudBus - ok
18:34:01.0028 3928 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:34:01.0028 3928 HidBatt - ok
18:34:01.0059 3928 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:34:01.0059 3928 HidBth - ok
18:34:01.0075 3928 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:34:01.0075 3928 HidIr - ok
18:34:01.0091 3928 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:34:01.0106 3928 hidserv - ok
18:34:01.0137 3928 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:34:01.0137 3928 HidUsb - ok
18:34:01.0169 3928 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
18:34:01.0169 3928 hkmsvc - ok
18:34:01.0200 3928 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
18:34:01.0200 3928 HomeGroupListener - ok
18:34:01.0231 3928 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
18:34:01.0231 3928 HomeGroupProvider - ok
18:34:01.0325 3928 HP Health Check Service (0141816a095a3f5a83ffa5b4a47b8023) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
18:34:01.0325 3928 HP Health Check Service - ok
18:34:01.0340 3928 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:34:01.0340 3928 HpqKbFiltr - ok
18:34:01.0387 3928 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
18:34:01.0387 3928 hpqwmiex - ok
18:34:01.0434 3928 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:34:01.0434 3928 HpSAMD - ok
18:34:01.0543 3928 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll
18:34:01.0543 3928 HsfXAudioService - ok
18:34:01.0621 3928 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
18:34:01.0637 3928 HSF_DPV - ok
18:34:01.0808 3928 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:34:01.0808 3928 HTTP - ok
18:34:01.0824 3928 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:34:01.0824 3928 hwpolicy - ok
18:34:01.0855 3928 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:34:01.0855 3928 i8042prt - ok
18:34:01.0917 3928 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
18:34:01.0917 3928 iaStorV - ok
18:34:02.0011 3928 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:34:02.0027 3928 idsvc - ok
18:34:02.0370 3928 igfx (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:34:02.0510 3928 igfx - ok
18:34:02.0635 3928 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:34:02.0635 3928 iirsp - ok
18:34:02.0713 3928 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
18:34:02.0713 3928 IKEEXT - ok
18:34:02.0760 3928 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
18:34:02.0760 3928 IntcHdmiAddService - ok
18:34:02.0791 3928 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:34:02.0791 3928 intelide - ok
18:34:02.0838 3928 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:34:02.0838 3928 intelppm - ok
18:34:02.0869 3928 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:34:02.0869 3928 IPBusEnum - ok
18:34:02.0900 3928 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:34:02.0900 3928 IpFilterDriver - ok
18:34:02.0931 3928 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:34:02.0931 3928 IPMIDRV - ok
18:34:02.0947 3928 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:34:02.0947 3928 IPNAT - ok
18:34:02.0994 3928 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:34:02.0994 3928 IRENUM - ok
18:34:03.0009 3928 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:34:03.0009 3928 isapnp - ok
18:34:03.0041 3928 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:34:03.0041 3928 iScsiPrt - ok
18:34:03.0103 3928 JLTECH0227 (d2788bd344280e416502fce52450d66f) C:\Windows\system32\Drivers\jl2005c.sys
18:34:03.0103 3928 JLTECH0227 - ok
18:34:03.0134 3928 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:34:03.0134 3928 kbdclass - ok
18:34:03.0150 3928 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:34:03.0150 3928 kbdhid - ok
18:34:03.0181 3928 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:34:03.0181 3928 KeyIso - ok
18:34:03.0212 3928 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
18:34:03.0212 3928 KSecDD - ok
18:34:03.0259 3928 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
18:34:03.0259 3928 KSecPkg - ok
18:34:03.0275 3928 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:34:03.0275 3928 ksthunk - ok
18:34:03.0321 3928 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:34:03.0321 3928 KtmRm - ok
18:34:03.0399 3928 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
18:34:03.0399 3928 LanmanServer - ok
18:34:03.0431 3928 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
18:34:03.0431 3928 LanmanWorkstation - ok
18:34:03.0524 3928 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:34:03.0524 3928 LightScribeService - ok
18:34:03.0555 3928 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:34:03.0555 3928 lltdio - ok
18:34:03.0618 3928 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:34:03.0618 3928 lltdsvc - ok
18:34:03.0633 3928 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:34:03.0633 3928 lmhosts - ok
18:34:03.0680 3928 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:34:03.0680 3928 LSI_FC - ok
18:34:03.0711 3928 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:34:03.0711 3928 LSI_SAS - ok
18:34:03.0727 3928 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:34:03.0727 3928 LSI_SAS2 - ok
18:34:03.0743 3928 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:34:03.0743 3928 LSI_SCSI - ok
18:34:03.0789 3928 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:34:03.0789 3928 luafv - ok
18:34:03.0836 3928 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
18:34:03.0852 3928 Mcx2Svc - ok
18:34:03.0883 3928 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:34:03.0883 3928 mdmxsdk - ok
18:34:03.0914 3928 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:34:03.0914 3928 megasas - ok
18:34:03.0945 3928 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:34:03.0945 3928 MegaSR - ok
18:34:04.0023 3928 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
18:34:04.0023 3928 Microsoft Office Groove Audit Service - ok
18:34:04.0055 3928 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:34:04.0070 3928 MMCSS - ok
18:34:04.0101 3928 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:34:04.0101 3928 Modem - ok
18:34:04.0133 3928 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:34:04.0133 3928 monitor - ok
18:34:04.0179 3928 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
18:34:04.0195 3928 motandroidusb - ok
18:34:04.0211 3928 motccgp (93f5adcad940111f6d4d71ae1d9ec7f6) C:\Windows\system32\DRIVERS\motccgp.sys
18:34:04.0211 3928 motccgp - ok
18:34:04.0226 3928 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
18:34:04.0226 3928 motccgpfl - ok
18:34:04.0242 3928 motmodem (db83dc223b9133da3e41afcbdecc46b5) C:\Windows\system32\DRIVERS\motmodem.sys
18:34:04.0242 3928 motmodem - ok
18:34:04.0320 3928 MotoConnect Service (9b2923c59d49672d1205c391a1296525) C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
18:34:04.0320 3928 MotoConnect Service - ok
18:34:04.0335 3928 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
18:34:04.0335 3928 MotoSwitchService - ok
18:34:04.0351 3928 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
18:34:04.0351 3928 Motousbnet - ok
18:34:04.0413 3928 motusbdevice (307727f9829fb46ff4be0e4d1dac5002) C:\Windows\system32\DRIVERS\motusbdevice.sys
18:34:04.0413 3928 motusbdevice - ok
18:34:04.0445 3928 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:34:04.0445 3928 mouclass - ok
18:34:04.0476 3928 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:34:04.0476 3928 mouhid - ok
18:34:04.0507 3928 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:34:04.0507 3928 mountmgr - ok
18:34:04.0538 3928 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:34:04.0538 3928 mpio - ok
18:34:04.0554 3928 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:34:04.0554 3928 mpsdrv - ok
18:34:04.0569 3928 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:34:04.0569 3928 MRxDAV - ok
18:34:04.0647 3928 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:34:04.0663 3928 mrxsmb - ok
18:34:04.0679 3928 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:34:04.0694 3928 mrxsmb10 - ok
18:34:04.0741 3928 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:34:04.0741 3928 mrxsmb20 - ok
18:34:04.0772 3928 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
18:34:04.0788 3928 msahci - ok
18:34:04.0803 3928 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:34:04.0803 3928 msdsm - ok
18:34:04.0835 3928 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:34:04.0835 3928 MSDTC - ok
18:34:04.0881 3928 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:34:04.0881 3928 Msfs - ok
18:34:04.0897 3928 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:34:04.0897 3928 mshidkmdf - ok
18:34:04.0897 3928 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:34:04.0897 3928 msisadrv - ok
18:34:04.0959 3928 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:34:04.0959 3928 MSiSCSI - ok
18:34:04.0959 3928 msiserver - ok
18:34:04.0991 3928 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:34:04.0991 3928 MSKSSRV - ok
18:34:04.0991 3928 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:34:04.0991 3928 MSPCLOCK - ok
18:34:05.0022 3928 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:34:05.0022 3928 MSPQM - ok
18:34:05.0053 3928 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:34:05.0053 3928 MsRPC - ok
18:34:05.0084 3928 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:34:05.0084 3928 mssmbios - ok
18:34:05.0115 3928 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:34:05.0115 3928 MSTEE - ok
18:34:05.0147 3928 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:34:05.0147 3928 MTConfig - ok
18:34:05.0178 3928 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:34:05.0178 3928 Mup - ok
18:34:05.0225 3928 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
18:34:05.0225 3928 napagent - ok
18:34:05.0287 3928 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:34:05.0287 3928 NativeWifiP - ok
18:34:05.0349 3928 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:34:05.0365 3928 NDIS - ok
18:34:05.0381 3928 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:34:05.0381 3928 NdisCap - ok
18:34:05.0427 3928 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:34:05.0427 3928 NdisTapi - ok
18:34:05.0459 3928 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:34:05.0459 3928 Ndisuio - ok
18:34:05.0474 3928 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:34:05.0474 3928 NdisWan - ok
18:34:05.0490 3928 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:34:05.0490 3928 NDProxy - ok
18:34:05.0505 3928 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:34:05.0505 3928 NetBIOS - ok
18:34:05.0521 3928 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:34:05.0521 3928 NetBT - ok
18:34:05.0552 3928 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:34:05.0552 3928 Netlogon - ok
18:34:05.0583 3928 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:34:05.0599 3928 Netman - ok
18:34:05.0615 3928 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:34:05.0630 3928 netprofm - ok
18:34:05.0677 3928 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:34:05.0693 3928 NetTcpPortSharing - ok
18:34:05.0927 3928 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
18:34:05.0989 3928 netw5v64 - ok
18:34:06.0098 3928 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:34:06.0098 3928 nfrd960 - ok
18:34:06.0145 3928 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
18:34:06.0145 3928 NlaSvc - ok
18:34:06.0207 3928 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:34:06.0207 3928 Npfs - ok
18:34:06.0239 3928 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:34:06.0239 3928 nsi - ok
18:34:06.0254 3928 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:34:06.0254 3928 nsiproxy - ok
18:34:06.0348 3928 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
18:34:06.0363 3928 Ntfs - ok
18:34:06.0488 3928 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:34:06.0488 3928 Null - ok
18:34:06.0519 3928 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
18:34:06.0519 3928 nvraid - ok
18:34:06.0551 3928 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
18:34:06.0551 3928 nvstor - ok
18:34:06.0582 3928 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:34:06.0582 3928 nv_agp - ok
18:34:06.0675 3928 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:34:06.0675 3928 odserv - ok
18:34:06.0722 3928 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:34:06.0722 3928 ohci1394 - ok
18:34:06.0800 3928 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:34:06.0800 3928 ose - ok
18:34:06.0863 3928 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:34:06.0863 3928 p2pimsvc - ok
18:34:06.0894 3928 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:34:06.0909 3928 p2psvc - ok
18:34:06.0941 3928 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:34:06.0941 3928 Parport - ok
18:34:06.0972 3928 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
18:34:06.0972 3928 partmgr - ok
18:34:06.0987 3928 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:34:07.0003 3928 PcaSvc - ok
18:34:07.0019 3928 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:34:07.0019 3928 pci - ok
18:34:07.0034 3928 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
18:34:07.0034 3928 pciide - ok
18:34:07.0065 3928 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:34:07.0065 3928 pcmcia - ok
18:34:07.0081 3928 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:34:07.0081 3928 pcw - ok
18:34:07.0128 3928 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:34:07.0128 3928 PEAUTH - ok
18:34:07.0190 3928 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:34:07.0190 3928 PerfHost - ok
18:34:07.0284 3928 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
18:34:07.0299 3928 pla - ok
18:34:07.0362 3928 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
18:34:07.0362 3928 PlugPlay - ok
18:34:07.0393 3928 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:34:07.0393 3928 PNRPAutoReg - ok
18:34:07.0424 3928 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:34:07.0424 3928 PNRPsvc - ok
18:34:07.0487 3928 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
18:34:07.0502 3928 PolicyAgent - ok
18:34:07.0533 3928 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:34:07.0533 3928 Power - ok
18:34:07.0596 3928 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:34:07.0596 3928 PptpMiniport - ok
18:34:07.0627 3928 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:34:07.0627 3928 Processor - ok
18:34:07.0658 3928 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
18:34:07.0674 3928 ProfSvc - ok
18:34:07.0689 3928 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:34:07.0705 3928 ProtectedStorage - ok
18:34:07.0721 3928 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:34:07.0736 3928 Psched - ok
18:34:07.0830 3928 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:34:07.0845 3928 ql2300 - ok
18:34:07.0970 3928 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:34:07.0970 3928 ql40xx - ok
18:34:08.0001 3928 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:34:08.0001 3928 QWAVE - ok
18:34:08.0033 3928 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:34:08.0033 3928 QWAVEdrv - ok
18:34:08.0048 3928 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:34:08.0048 3928 RasAcd - ok
18:34:08.0079 3928 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:34:08.0079 3928 RasAgileVpn - ok
18:34:08.0111 3928 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:34:08.0111 3928 RasAuto - ok
18:34:08.0142 3928 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:34:08.0142 3928 Rasl2tp - ok
18:34:08.0173 3928 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
18:34:08.0189 3928 RasMan - ok
18:34:08.0204 3928 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:34:08.0204 3928 RasPppoe - ok
18:34:08.0220 3928 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:34:08.0220 3928 RasSstp - ok
18:34:08.0251 3928 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:34:08.0251 3928 rdbss - ok
18:34:08.0267 3928 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:34:08.0282 3928 rdpbus - ok
18:34:08.0282 3928 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:34:08.0282 3928 RDPCDD - ok
18:34:08.0329 3928 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:34:08.0329 3928 RDPENCDD - ok
18:34:08.0345 3928 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:34:08.0345 3928 RDPREFMP - ok
18:34:08.0360 3928 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
18:34:08.0376 3928 RDPWD - ok
18:34:08.0407 3928 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
18:34:08.0407 3928 rdyboost - ok
18:34:08.0454 3928 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:34:08.0454 3928 RemoteAccess - ok
18:34:08.0501 3928 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:34:08.0501 3928 RemoteRegistry - ok
18:34:08.0563 3928 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:34:08.0579 3928 RichVideo - ok
18:34:08.0594 3928 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:34:08.0594 3928 RpcEptMapper - ok
18:34:08.0610 3928 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:34:08.0625 3928 RpcLocator - ok
18:34:08.0657 3928 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:34:08.0657 3928 RpcSs - ok
18:34:08.0735 3928 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:34:08.0735 3928 rspndr - ok
18:34:08.0766 3928 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
18:34:08.0766 3928 RSUSBSTOR - ok
18:34:08.0813 3928 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:34:08.0813 3928 RTL8167 - ok
18:34:08.0828 3928 RtsUIR - ok
18:34:08.0859 3928 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:34:08.0859 3928 SamSs - ok
18:34:08.0875 3928 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:34:08.0891 3928 sbp2port - ok
18:34:08.0922 3928 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:34:08.0922 3928 SCardSvr - ok
18:34:08.0953 3928 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:34:08.0953 3928 scfilter - ok
18:34:09.0015 3928 Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll
18:34:09.0031 3928 Schedule - ok
18:34:09.0062 3928 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:34:09.0062 3928 SCPolicySvc - ok
18:34:09.0093 3928 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
18:34:09.0093 3928 sdbus - ok
18:34:09.0125 3928 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
18:34:09.0125 3928 SDRSVC - ok
18:34:09.0171 3928 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:34:09.0171 3928 secdrv - ok
18:34:09.0187 3928 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
18:34:09.0187 3928 seclogon - ok
18:34:09.0203 3928 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:34:09.0203 3928 SENS - ok
18:34:09.0234 3928 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:34:09.0249 3928 SensrSvc - ok
18:34:09.0265 3928 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:34:09.0265 3928 Serenum - ok
18:34:09.0281 3928 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:34:09.0296 3928 Serial - ok
18:34:09.0327 3928 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:34:09.0327 3928 sermouse - ok
18:34:09.0359 3928 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
18:34:09.0374 3928 SessionEnv - ok
18:34:09.0405 3928 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
18:34:09.0405 3928 sffdisk - ok
18:34:09.0405 3928 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:34:09.0405 3928 sffp_mmc - ok
18:34:09.0421 3928 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:34:09.0421 3928 sffp_sd - ok
18:34:09.0437 3928 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:34:09.0437 3928 sfloppy - ok
18:34:09.0468 3928 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
18:34:09.0483 3928 ShellHWDetection - ok
18:34:09.0515 3928 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:34:09.0515 3928 SiSRaid2 - ok
18:34:09.0530 3928 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:34:09.0530 3928 SiSRaid4 - ok
18:34:09.0561 3928 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:34:09.0561 3928 Smb - ok
18:34:09.0608 3928 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:34:09.0624 3928 SNMPTRAP - ok
18:34:09.0639 3928 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:34:09.0639 3928 spldr - ok
18:34:09.0686 3928 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
18:34:09.0702 3928 Spooler - ok
18:34:09.0858 3928 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
18:34:09.0889 3928 sppsvc - ok
18:34:09.0998 3928 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:34:09.0998 3928 sppuinotify - ok
18:34:10.0076 3928 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
18:34:10.0092 3928 srv - ok
18:34:10.0123 3928 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
18:34:10.0123 3928 srv2 - ok
18:34:10.0154 3928 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:34:10.0170 3928 SrvHsfHDA - ok
18:34:10.0248 3928 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:34:10.0263 3928 SrvHsfV92 - ok
18:34:10.0404 3928 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:34:10.0419 3928 SrvHsfWinac - ok
18:34:10.0466 3928 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
18:34:10.0466 3928 srvnet - ok
18:34:10.0513 3928 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:34:10.0513 3928 SSDPSRV - ok
18:34:10.0529 3928 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:34:10.0544 3928 SstpSvc - ok
18:34:10.0560 3928 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:34:10.0560 3928 stexstor - ok
18:34:10.0622 3928 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
18:34:10.0638 3928 stisvc - ok
18:34:10.0669 3928 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:34:10.0669 3928 swenum - ok
18:34:10.0716 3928 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:34:10.0731 3928 swprv - ok
18:34:10.0778 3928 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
18:34:10.0794 3928 SynTP - ok
18:34:10.0872 3928 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
18:34:10.0903 3928 SysMain - ok
18:34:11.0012 3928 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
18:34:11.0012 3928 TabletInputService - ok
18:34:11.0043 3928 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
18:34:11.0059 3928 TapiSrv - ok
18:34:11.0075 3928 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:34:11.0075 3928 TBS - ok
18:34:11.0215 3928 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
18:34:11.0231 3928 Tcpip - ok
18:34:11.0449 3928 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
18:34:11.0465 3928 TCPIP6 - ok
18:34:11.0511 3928 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:34:11.0511 3928 tcpipreg - ok
18:34:11.0543 3928 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:34:11.0543 3928 TDPIPE - ok
18:34:11.0558 3928 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:34:11.0558 3928 TDTCP - ok
18:34:11.0574 3928 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:34:11.0574 3928 tdx - ok
18:34:11.0605 3928 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:34:11.0605 3928 TermDD - ok
18:34:11.0667 3928 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
18:34:11.0683 3928 TermService - ok
18:34:11.0699 3928 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:34:11.0699 3928 Themes - ok
18:34:11.0730 3928 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:34:11.0730 3928 THREADORDER - ok
18:34:11.0745 3928 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:34:11.0745 3928 TrkWks - ok
18:34:11.0808 3928 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
18:34:11.0808 3928 TrustedInstaller - ok
18:34:11.0839 3928 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:34:11.0839 3928 tssecsrv - ok
18:34:11.0886 3928 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:34:11.0886 3928 tunnel - ok
18:34:11.0917 3928 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:34:11.0917 3928 uagp35 - ok
18:34:11.0948 3928 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
18:34:11.0948 3928 udfs - ok
18:34:11.0995 3928 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:34:11.0995 3928 UI0Detect - ok
18:34:12.0026 3928 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:34:12.0026 3928 uliagpkx - ok
18:34:12.0057 3928 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:34:12.0057 3928 umbus - ok
18:34:12.0104 3928 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:34:12.0104 3928 UmPass - ok
18:34:12.0120 3928 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:34:12.0135 3928 upnphost - ok
18:34:12.0135 3928 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
18:34:12.0135 3928 usbccgp - ok
18:34:12.0151 3928 USBCCID - ok
18:34:12.0213 3928 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:34:12.0213 3928 usbcir - ok
18:34:12.0229 3928 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
18:34:12.0229 3928 usbehci - ok
18:34:12.0276 3928 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
18:34:12.0276 3928 usbhub - ok
18:34:12.0307 3928 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
18:34:12.0307 3928 usbohci - ok
18:34:12.0338 3928 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:34:12.0338 3928 usbprint - ok
18:34:12.0354 3928 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:34:12.0354 3928 USBSTOR - ok
18:34:12.0354 3928 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:34:12.0354 3928 usbuhci - ok
18:34:12.0401 3928 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
18:34:12.0401 3928 usbvideo - ok
18:34:12.0432 3928 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:34:12.0447 3928 UxSms - ok
18:34:12.0463 3928 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:34:12.0463 3928 VaultSvc - ok
18:34:12.0494 3928 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:34:12.0494 3928 vdrvroot - ok
18:34:12.0541 3928 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
18:34:12.0541 3928 vds - ok
18:34:12.0572 3928 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:34:12.0588 3928 vga - ok
18:34:12.0603 3928 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:34:12.0603 3928 VgaSave - ok
18:34:12.0635 3928 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:34:12.0650 3928 vhdmp - ok
18:34:12.0666 3928 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:34:12.0666 3928 viaide - ok
18:34:12.0697 3928 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:34:12.0697 3928 volmgr - ok
18:34:12.0713 3928 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:34:12.0713 3928 volmgrx - ok
18:34:12.0759 3928 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:34:12.0759 3928 volsnap - ok
18:34:12.0806 3928 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:34:12.0806 3928 vsmraid - ok
18:34:12.0884 3928 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
18:34:12.0900 3928 VSS - ok
18:34:13.0009 3928 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:34:13.0009 3928 vwifibus - ok
18:34:13.0040 3928 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:34:13.0040 3928 vwififlt - ok
18:34:13.0087 3928 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:34:13.0103 3928 W32Time - ok
18:34:13.0134 3928 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:34:13.0134 3928 WacomPen - ok
18:34:13.0149 3928 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:34:13.0149 3928 WANARP - ok
18:34:13.0165 3928 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:34:13.0165 3928 Wanarpv6 - ok
18:34:13.0290 3928 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:34:13.0305 3928 WatAdminSvc - ok
18:34:13.0399 3928 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
18:34:13.0430 3928 wbengine - ok
18:34:13.0539 3928 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:34:13.0555 3928 WbioSrvc - ok
18:34:13.0571 3928 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
18:34:13.0586 3928 wcncsvc - ok
18:34:13.0602 3928 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:34:13.0602 3928 WcsPlugInService - ok
18:34:13.0633 3928 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:34:13.0633 3928 Wd - ok
18:34:13.0680 3928 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:34:13.0695 3928 Wdf01000 - ok
18:34:13.0711 3928 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:34:13.0711 3928 WdiServiceHost - ok
18:34:13.0727 3928 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:34:13.0727 3928 WdiSystemHost - ok
18:34:13.0758 3928 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
18:34:13.0758 3928 WebClient - ok
18:34:13.0789 3928 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:34:13.0805 3928 Wecsvc - ok
18:34:13.0820 3928 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:34:13.0820 3928 wercplsupport - ok
18:34:13.0851 3928 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:34:13.0851 3928 WerSvc - ok
18:34:13.0914 3928 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:34:13.0914 3928 WfpLwf - ok
18:34:13.0929 3928 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:34:13.0929 3928 WIMMount - ok
18:34:13.0992 3928 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
18:34:13.0992 3928 winachsf - ok
18:34:14.0007 3928 WinHttpAutoProxySvc - ok
18:34:14.0054 3928 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:34:14.0054 3928 Winmgmt - ok
18:34:14.0179 3928 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
18:34:14.0195 3928 WinRM - ok
18:34:14.0397 3928 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
18:34:14.0397 3928 WinUsb - ok
18:34:14.0491 3928 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:34:14.0491 3928 Wlansvc - ok
18:34:14.0538 3928 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:34:14.0538 3928 WmiAcpi - ok
18:34:14.0600 3928 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:34:14.0600 3928 wmiApSrv - ok
18:34:14.0631 3928 WMPNetworkSvc - ok
18:34:14.0663 3928 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:34:14.0663 3928 WPCSvc - ok
18:34:14.0694 3928 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
18:34:14.0694 3928 WPDBusEnum - ok
18:34:14.0725 3928 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:34:14.0725 3928 ws2ifsl - ok
18:34:14.0725 3928 WSearch - ok
18:34:14.0772 3928 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:34:14.0772 3928 WudfPf - ok
18:34:14.0819 3928 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:34:14.0819 3928 WUDFRd - ok
18:34:14.0850 3928 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
18:34:14.0850 3928 wudfsvc - ok
18:34:14.0881 3928 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:34:14.0897 3928 WwanSvc - ok
18:34:14.0943 3928 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
18:34:14.0943 3928 XAudio - ok
18:34:15.0037 3928 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:34:15.0053 3928 YahooAUService - ok
18:34:15.0115 3928 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
18:34:15.0115 3928 yukonw7 - ok
18:34:15.0177 3928 MBR (0x1B8) (26f09bb2d3c825f4e28a6915a269f46d) \Device\Harddisk0\DR0
18:34:15.0349 3928 \Device\Harddisk0\DR0 - ok
18:34:15.0365 3928 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR4
18:34:15.0365 3928 \Device\Harddisk1\DR4 - ok
18:34:15.0365 3928 Boot (0x1200) (f036e9421c81dc0f35ce6a32bea059be) \Device\Harddisk0\DR0\Partition0
18:34:15.0365 3928 \Device\Harddisk0\DR0\Partition0 - ok
18:34:15.0380 3928 Boot (0x1200) (dc4f07280d9caf32bf8c530e60351f8b) \Device\Harddisk0\DR0\Partition1
18:34:15.0380 3928 \Device\Harddisk0\DR0\Partition1 - ok
18:34:15.0411 3928 Boot (0x1200) (ef7318940247f57e4080d868791a948c) \Device\Harddisk0\DR0\Partition2
18:34:15.0411 3928 \Device\Harddisk0\DR0\Partition2 - ok
18:34:15.0427 3928 Boot (0x1200) (5ae167f4ba7b809437852ecc4a70e5a3) \Device\Harddisk1\DR4\Partition0
18:34:15.0427 3928 \Device\Harddisk1\DR4\Partition0 - ok
18:34:15.0427 3928 ============================================================
18:34:15.0427 3928 Scan finished
18:34:15.0427 3928 ============================================================
18:34:15.0443 1172 Detected object count: 0
18:34:15.0443 1172 Actual detected object count: 0
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Conspire's Avatar
Conspire Conspire is offline Conspire is authorized to help remove malware.
Malware Removal Specialist with 433 posts.
 
Join Date: Feb 2011
Location: Malaysia
Experience: Intermediate
03-Aug-2012, 10:23 PM #4
Hello Ryan,

It's ok, I think we have sufficient information on what is the root of cause. The following procedure we are about to perform will be outside Windows, meaning to say that we will be doing it without Windows actually booting up. Let me know if you have any difficulties running FRST.

For x64 bit systems download Farbar Recovery Scan Tool 64-Bit Download Link and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • In the Search field box, type services.exe
  • Press Search Files button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
ruecke's Avatar
ruecke   (Ryan) ruecke is offline
Member with 13 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
04-Aug-2012, 12:08 AM #5
Conspire,

I ran the test without a problem. Here are the results. Thanks again for all your help! I wouldn't have known to do any of this!

Ryan

frst

Farbar Recovery Scan Tool Version: 04-08-2012
Ran by SYSTEM at 2012-08-04 00:03:33
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\ser vices.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======
Conspire's Avatar
Conspire Conspire is offline Conspire is authorized to help remove malware.
Malware Removal Specialist with 433 posts.
 
Join Date: Feb 2011
Location: Malaysia
Experience: Intermediate
04-Aug-2012, 01:02 AM #6
You're welcome

Ok, now instead of hitting Search Files button, go ahead and press Scan. It will produce a log on the flash drive. Copy/paste that on your next reply.
ruecke's Avatar
ruecke   (Ryan) ruecke is offline
Member with 13 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
04-Aug-2012, 09:19 AM #7
Here are the results of the scan.


Scan result of Farbar Recovery Scan Tool Version: 04-08-2012
Ran by SYSTEM at 04-08-2012 09:15:45
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-06-09] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [385560 2009-06-09] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365080 2009-06-09] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-08-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" [468264 2009-06-23] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2339168 2012-01-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
HKU\Owner\...\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden [1025320 2009-04-23] (SupportSoft, Inc.)
HKU\Owner\...\Run: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe" [48456 2010-12-18] (Mobile Stream)
HKU\Owner\...\Policies\system: [WallpaperStyle] 2
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)

==================== Services (Whitelisted) ======

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe" [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
2 MotoConnect Service; C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [91456 2010-06-24] ()
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-01-21] ()

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\Drivers\AVGIDSDriver.sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\Drivers\AVGIDSFilter.sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [304720 2011-01-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [377936 2011-04-04] (AVG Technologies CZ, s.r.o.)
3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [21072 2010-08-29] (Mobile Stream)
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-03 20:58 - 2012-08-04 09:15 - 00000000 ____D C:\FRST
2012-08-03 15:33 - 2012-08-03 15:33 - 00001613 ____A C:\Users\Owner\Desktop\aswMBR.txt
2012-08-03 15:33 - 2012-08-03 15:33 - 00000514 ____A C:\Users\Owner\Desktop\MBR.zip
2012-08-03 15:33 - 2012-08-03 15:33 - 00000512 ____A C:\Users\Owner\Desktop\MBR.dat
2012-08-03 15:31 - 2012-08-03 15:30 - 04731392 ____A (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2012-08-03 15:31 - 2012-08-03 15:30 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2012-08-02 14:33 - 2012-08-02 14:30 - 00607260 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2012-08-02 14:24 - 2012-08-02 14:29 - 00012038 ____A C:\Users\Owner\Desktop\hijackthis.log
2012-08-02 14:24 - 2012-08-02 14:16 - 00388608 ____A (Trend Micro Inc.) C:\Users\Owner\Desktop\HijackThis.exe
2012-07-31 18:15 - 2012-07-31 18:15 - 00000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-07-31 18:00 - 2012-07-31 18:09 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-31 18:00 - 2012-07-31 18:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2012-07-31 18:00 - 2012-07-31 18:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-31 18:00 - 2012-07-03 10:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-31 17:30 - 2012-08-03 20:54 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-31 17:30 - 2012-07-31 17:30 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-31 17:30 - 2012-07-31 17:30 - 00000000 ____D C:\Windows\System32\Macromed
2012-07-31 04:42 - 2012-07-31 04:42 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

============ 3 Months Modified Files ========================

2012-08-03 20:54 - 2012-07-31 17:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-03 20:54 - 2009-07-13 20:51 - 00125437 ____A C:\Windows\setupact.log
2012-08-03 15:33 - 2012-08-03 15:33 - 00001613 ____A C:\Users\Owner\Desktop\aswMBR.txt
2012-08-03 15:33 - 2012-08-03 15:33 - 00000514 ____A C:\Users\Owner\Desktop\MBR.zip
2012-08-03 15:33 - 2012-08-03 15:33 - 00000512 ____A C:\Users\Owner\Desktop\MBR.dat
2012-08-03 15:30 - 2012-08-03 15:31 - 04731392 ____A (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2012-08-03 15:30 - 2012-08-03 15:31 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2012-08-02 14:30 - 2012-08-02 14:33 - 00607260 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2012-08-02 14:29 - 2012-08-02 14:24 - 00012038 ____A C:\Users\Owner\Desktop\hijackthis.log
2012-08-02 14:16 - 2012-08-02 14:24 - 00388608 ____A (Trend Micro Inc.) C:\Users\Owner\Desktop\HijackThis.exe
2012-08-02 14:05 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-02 14:05 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-02 13:58 - 2012-04-27 14:04 - 00000414 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2012-08-02 13:58 - 2009-11-14 07:19 - 00000290 ____A C:\Users\All Users\hpqp.ini
2012-08-02 13:58 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-31 18:09 - 2009-12-28 21:39 - 00227654 ____A C:\Windows\PFRO.log
2012-07-31 18:00 - 2009-07-13 21:13 - 00732336 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-31 17:30 - 2012-07-31 17:30 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-31 17:30 - 2011-10-21 04:19 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-31 04:37 - 2009-11-14 06:58 - 01204710 ____A C:\Windows\WindowsUpdate.log
2012-07-03 10:46 - 2012-07-31 18:00 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-01 14:40 - 2010-01-04 11:54 - 00000021 ____A C:\Users\All Users\hpqp.txt
2012-06-06 18:24 - 2012-06-06 11:22 - 00009947 ____A C:\Users\Owner\Documents\Jacobs Daily Checklist.xlsx
2012-05-16 04:07 - 2009-07-13 21:08 - 00032560 ____A C:\Windows\Tasks\SCHEDLGU.TXT


ZeroAccess:
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\@
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\L
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\L\00000004.@
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\L\201d3dde
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\00000004.@
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\000000cb.@
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\80000000.@
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\80000032.@
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 26%
Total physical RAM: 3003.19 MB
Available physical RAM: 2219.8 MB
Total Pagefile: 3001.34 MB
Available Pagefile: 2293.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:285.98 GB) (Free:224.76 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:11.91 GB) (Free:2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (PKBACK# 001) (Removable) (Total:7.47 GB) (Free:6.19 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7711 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 285 GB 200 MB
Partition 3 Primary 11 GB 286 GB

=========================================================================== =======

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================================== =======

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 285 GB Healthy

=========================================================================== =======

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 11 GB Healthy

=========================================================================== =======

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7655 MB 22 KB

=========================================================================== =======

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G PKBACK# 001 FAT32 Removable 7655 MB Healthy

=========================================================================== =======

==========================================================

Last Boot: 2012-07-28 04:21
Conspire's Avatar
Conspire Conspire is offline Conspire is authorized to help remove malware.
Malware Removal Specialist with 433 posts.
 
Join Date: Feb 2011
Location: Malaysia
Experience: Intermediate
04-Aug-2012, 10:05 AM #8
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

Code:
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\@
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\L
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\L\00000004.@
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\L\201d3dde
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\00000004.@
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\000000cb.@
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\80000000.@
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\80000032.@
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\80000064.@
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
ruecke's Avatar
ruecke   (Ryan) ruecke is offline
Member with 13 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
05-Aug-2012, 12:32 AM #9
Here is the result of the fix. Thanks

Ryan

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-08-2012
Ran by SYSTEM at 2012-08-05 00:31:06 Run:1
Running from G:\

==============================================

C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2} moved successfully.
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\@ not found.
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\L not found.
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U not found.
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\L\00000004.@ not found.
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\L\201d3dde not found.
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\00000004.@ not found.
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\000000cb.@ not found.
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\80000000.@ not found.
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\80000032.@ not found.
C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\80000064.@ not found.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\ser vices.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====
Conspire's Avatar
Conspire Conspire is offline Conspire is authorized to help remove malware.
Malware Removal Specialist with 433 posts.
 
Join Date: Feb 2011
Location: Malaysia
Experience: Intermediate
05-Aug-2012, 08:46 AM #10
Looking good so far. Boot back to normal mode and run Combofix.

Please read through these instructions to familiarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
ruecke's Avatar
ruecke   (Ryan) ruecke is offline
Member with 13 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
05-Aug-2012, 10:45 AM #11
Okay, here is the log report for ComboFix. I disabled AVG, but when ComboFix was running, it gave a warning that AVG scanning was still enabled and I doubled checked it and it was still disabled. Hopefully nothing was messed up by that. Also, AVG re-enabled after the 15 minutes, but before ComboFix was done with all its stages, so again, hopefully nothing was messed up. Thanks for your continued help.

ComboFix

ComboFix 12-08-05.02 - Owner 08/05/2012 10:05:32.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.1962 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Owner\AppData\Local\.#
c:\users\Owner\AppData\Local\.#\MBX@858@F91C00.###
c:\users\Owner\AppData\Local\.#\MBX@858@F91C10.###
c:\users\Owner\AppData\Local\.#\MBX@858@F91C20.###
c:\users\Owner\AppData\Local\.#\MBX@858@F91C30.###
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\chrome.manifest
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\chrome\content\background.html
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\chrome\content\browser.xul
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\chrome\content\crossrider.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\chrome\content\crossriderapi.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\chrome\content\dialog.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\chrome\content\lib\faye-browser-min.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\chrome\content\manage-apps-style.css
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\chrome\content\manage-apps.html
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\chrome\content\messaging.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\chrome\content\options.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\chrome\content\options.xul
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\chrome\content\push.html
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\chrome\content\search_dialog.xul
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\chrome\content\update.html
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\defaults\preferences\prefs.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\install.rdf
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\locale\en-US\translations.dtd
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\skin\button1.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\skin\button2.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\skin\button3.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\skin\button4.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\skin\button5.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\skin\crossrider_statusbar.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\skin\icon128.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\skin\icon16.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\skin\icon24.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\skin\icon48.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\skin\panelarrow-up.png
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\skin\popup.css
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\skin\popup.html
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\skin\popup_binding.xml
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\skin\skin.css
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\ex tensions\crossriderapp2258@crossrider.com\skin\update.css
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 15:15 . 2012-08-05 15:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 04:58 . 2012-08-04 17:15 -------- d-----w- C:\FRST
2012-08-01 02:19 . 2012-08-01 02:19 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics
2012-08-01 02:15 . 2012-08-01 02:15 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-08-01 02:00 . 2012-08-01 02:00 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2012-08-01 02:00 . 2012-08-01 02:09 -------- d-----w- c:\programdata\Malwarebytes
2012-08-01 02:00 . 2012-08-01 02:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-01 02:00 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-01 01:30 . 2012-08-01 01:30 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-01 01:30 . 2012-08-01 01:30 -------- d-----w- c:\windows\system32\Macromed
2012-07-31 12:42 . 2012-07-31 12:42 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-23 13:11 . 2012-07-23 13:11 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\5467.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-01 01:30 . 2011-10-21 12:19 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-23 16:39 . 2010-01-29 04:04 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-05-23 16:39 . 2010-01-23 14:40 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup .dll
2012-05-23 16:39 . 2011-03-25 13:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c1b8770b-7d91-c494-31e0-e62db08b9414}"= "c:\program files (x86)\Bucksbee Loyalty Plugin - W3i\Helper.dll" [2012-04-27 361984]
.
[HKEY_CLASSES_ROOT\clsid\{c1b8770b-7d91-c494-31e0-e62db08b9414}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4461AAA2-16D5-BEB4-A120-6B92E5EA1B87}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{626A9BF6-A6F4-18F4-159B-52A7A586C40B}]
2012-02-02 16:07 13632 ----a-w- c:\program files (x86)\Bucksbee Loyalty Plugin - W3i\BucksBee Loyalty Plugin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"EasyTether"="c:\program files (x86)\Mobile Stream\EasyTether\easytthr.exe" [2010-12-19 48456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\syst em]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-01 257224]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 JLTECH0227;Dual Mode Camera;c:\windows\system32\Drivers\jl2005c.sys [2010-05-28 76528]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2010-06-18 20992]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-26 10240]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-14 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-04-05 377936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-28 118864]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-24 292864]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2010-08-29 21072]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-01 01:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-09 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-09 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-09 365080]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.flipfloprentals.com/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.flipfloprentals.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files (x86)\AVG\AVG10\Firefox4
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-ComcastHSI - c:\program files (x86)\support.com\uninstall\chsi_uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Motorola\MotoConnectService\MotoConnect.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2012-08-05 10:33:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-05 15:33
.
Pre-Run: 243,510,837,248 bytes free
Post-Run: 243,345,989,632 bytes free
.
- - End Of File - - 91C7D8312128030818D1357A365AA0D3
Conspire's Avatar
Conspire Conspire is offline Conspire is authorized to help remove malware.
Malware Removal Specialist with 433 posts.
 
Join Date: Feb 2011
Location: Malaysia
Experience: Intermediate
05-Aug-2012, 11:30 AM #12
Do you know anything about Bucksbee Loyalty Plugin?
ruecke's Avatar
ruecke   (Ryan) ruecke is offline
Member with 13 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
05-Aug-2012, 11:42 AM #13
Nope, no idea. I should probably uninstall that, huh?
Conspire's Avatar
Conspire Conspire is offline Conspire is authorized to help remove malware.
Malware Removal Specialist with 433 posts.
 
Join Date: Feb 2011
Location: Malaysia
Experience: Intermediate
05-Aug-2012, 11:52 AM #14
Yup, are you able to uninstall it without any difficulties?

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
===================================================

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Make sure that the option "Remove found threats" is Unchecked
  9. Push the Start button.
  10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  11. When the scan completes, push
  12. Push , and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  13. Push the Back button.
  14. Select Uninstall application on close check box and push
===================================================

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.)
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.


===================================================

On your next reply please post :
ESET log
MBAM log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
ruecke's Avatar
ruecke   (Ryan) ruecke is offline
Member with 13 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
05-Aug-2012, 07:53 PM #15
Okay, here are the Eset and Malwarebyte reports. On the ESet, it found 6 or 8 other trojans, but the instructions didn't mention anything about removing them in the process, so they are still there. Hopefully that was correct to do. Thanks

Ryan

ESet


C:\FRST\Quarantine\services.exe Win64/Patched.A.Gen trojan
C:\FRST\Quarantine\{708e671f-3545-2915-06c0-6082039c15b2}\U\000000cb.@ Win64/Conedex.B trojan
C:\FRST\Quarantine\{708e671f-3545-2915-06c0-6082039c15b2}\U\80000000.@ Win64/Sirefef.AP trojan
C:\FRST\Quarantine\{708e671f-3545-2915-06c0-6082039c15b2}\U\80000032.@ a variant of Win32/Sirefef.FD trojan
C:\ProgramData\Microsoft\Windows\DRM\5467.tmp Win64/Olmarik.AH trojan
C:\Users\All Users\Microsoft\Windows\DRM\5467.tmp Win64/Olmarik.AH trojan
C:\Windows\System32\sysprep\CRYPTSP.dll_ a variant of Win32/Kryptik.AJET trojan
C:\Windows\SysWOW64\sysprep\CRYPTSP.dll_ a variant of Win32/Kryptik.AJET trojan


Malwarebyte


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.05.07

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Owner :: THENEWMOM [administrator]

8/5/2012 2:11:08 PM
mbam-log-2012-08-05 (14-11-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196114
Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\Interface\{77777777-7777-7777-7777-770077227758} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclm lieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑