1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

service.exe Trojan

Discussion in 'Virus & Other Malware Removal' started by ruecke, Aug 2, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. ruecke

    ruecke Thread Starter

    Joined:
    Aug 2, 2012
    Messages:
    13
    I use AVG for my antivirus software on my HP G60 Notebook. It's running Windows 7 (64 bit). AVG is reporting a "Trojan horse Patched_c.LXT" in C:\Windows\System32\services.exe. It is saying that it can't be removed because it's a system file. :-( Any help you can give would be greatly appreciated. Here are my log files. Thanks

    Ryan

    HijackThis


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:29:26 PM, on 8/2/2012
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16671)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe
    C:\Program Files (x86)\HP\QuickPlay\QPService.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
    C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    C:\Program Files (x86)\AVG\AVG10\avgui.exe
    C:\Windows\sysWow64\SearchProtocolHost.exe
    C:\Users\Owner\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.flipfloprentals.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: FCToolbarURLSearchHook Class - {c1b8770b-7d91-c494-31e0-e62db08b9414} - C:\Program Files (x86)\Bucksbee Loyalty Plugin - W3i\Helper.dll
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: FCTBPos00Pos - {626A9BF6-A6F4-18F4-159B-52A7A586C40B} - C:\Program Files (x86)\Bucksbee Loyalty Plugin - W3i\BucksBee Loyalty Plugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
    O4 - HKCU\..\Run: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 12036 bytes




    DDS


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
    Run by Owner at 17:35:50 on 2012-08-02
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.1386 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG10\avgchsva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe
    C:\Program Files (x86)\HP\QuickPlay\QPService.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
    C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\PROGRA~2\AVG\AVG10\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.flipfloprentals.com/
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: FCToolbarURLSearchHook Class: {c1b8770b-7d91-c494-31e0-e62db08b9414} - C:\Program Files (x86)\Bucksbee Loyalty Plugin - W3i\Helper.dll
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Bucksbee Loyalty Plugin - W3i: {626a9bf6-a6f4-18f4-159b-52a7a586c40b} - C:\Program Files (x86)\Bucksbee Loyalty Plugin - W3i\BucksBee Loyalty Plugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
    uRun: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe"
    mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
    mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [<NO NAME>]
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    uPolicies-system: WallpaperStyle = 2
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    dPolicies-system: WallpaperStyle = 2
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{18D9E025-E8E9-4E28-8B58-21E1E647E015} : DhcpNameServer = 8.8.8.8 8.8.4.4
    TCP: Interfaces\{20E7A493-E919-4ADA-8169-A04104E2FA5D} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{20E7A493-E919-4ADA-8169-A04104E2FA5D}\3547F627D6970205F696E6470234C6572686F6573756 : DhcpNameServer = 10.128.128.128
    TCP: Interfaces\{20E7A493-E919-4ADA-8169-A04104E2FA5D}\3557D6D656277796E646370234F6474716765602143636563737 : DhcpNameServer = 10.128.128.128
    TCP: Interfaces\{20E7A493-E919-4ADA-8169-A04104E2FA5D}\94E6475676279647970235562767963656 : DhcpNameServer = 68.94.156.1 151.164.8.201
    TCP: Interfaces\{20E7A493-E919-4ADA-8169-A04104E2FA5D}\94E647567627964797F5548545 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{8032AECB-EB0A-4B6C-AFE7-B137AF060861} : DhcpNameServer = 68.87.72.134 68.87.77.134
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Bucksbee Loyalty Plugin - W3i: {626A9BF6-A6F4-18F4-159B-52A7A586C40B} - C:\Program Files (x86)\Bucksbee Loyalty Plugin - W3i\BucksBee Loyalty Plugin.dll
    BHO-X64: FCTBPos00Pos - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    BHO-X64: HelloWorldBHO - No File
    BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
    mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [(Default)]
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.flipfloprentals.com/
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff6.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff7.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Musicnotes\npmusicn.dll
    FF - plugin: C:\Program Files (x86)\Musicnotes\NPSibelius.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: HP Smart Web Printing: [email protected] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - C:\Program Files (x86)\AVG\AVG10\Firefox4
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
    R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
    R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-6-24 91456]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
    R3 easytether;easytether;C:\Windows\system32\DRIVERS\easytthr.sys --> C:\Windows\system32\DRIVERS\easytthr.sys [?]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-31 257224]
    S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
    S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 228408]
    S3 JLTECH0227;Dual Mode Camera;C:\Windows\system32\Drivers\jl2005c.sys --> C:\Windows\system32\Drivers\jl2005c.sys [?]
    S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]
    S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
    S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
    S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
    S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-08-01 02:19:33 -------- d-----w- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
    2012-08-01 02:15:53 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
    2012-08-01 02:00:43 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
    2012-08-01 02:00:26 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-08-01 02:00:26 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-08-01 02:00:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-01 01:30:49 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-31 12:42:49 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-07-23 13:11:12 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\5467.tmp
    .
    ==================== Find3M ====================
    .
    2012-08-01 01:30:49 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 17:36:19.20 ===============


    Attach.zip attached.
     

    Attached Files:

  2. Conspire

    Conspire Malware Specialist

    Joined:
    Feb 3, 2011
    Messages:
    448
    Hello there, Ryan

    Welcome to TSG

    I'm Conspire, I'll be glad to help you with your computer problems.

    Please observe these rules while we work:
    • Read the entire procedure
    • It is important to perform ALL actions in sequence.
    • If you don't know, stop and ask! Don't keep going on.
    • Please reply to this thread. Do not start a new topic.
    • Stick with me till you're given the all clear.
    • Remember, absence of symptoms does not mean the infection is all gone.
    • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.


    IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

    ---------------------------------------------------------------------------------------------------

    Also note that I will not respond to this thread if I don't receive your reply for 3 days.

    ---------------------------------------------------------------------------------------------------

    Please download aswMBR.exe and save it to your desktop.
    • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
    • Allow it to update where necessary
    • Click Scan
      • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
      • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
    ===================================================

    Download TDSSKiller.exe and save it to your desktop

    Execute TDSSKiller.exe by doubleclicking on it.
    Press Start Scan
    If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
    Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

    ===================================================

    On your next reply please post :
    aswMBR log
    MBR.dat (attachment)
    TDSS Killer log


    Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!
     
  3. ruecke

    ruecke Thread Starter

    Joined:
    Aug 2, 2012
    Messages:
    13
    Hello Conspire, thanks for being willing to help me.

    I have run the tests as you have asked and am posting the results. The only thing that I didn't do was when the aswMBR asked to download and use the Avast virus definitions, I chose not to do that since I haven't been connecting that laptop to the internet since the trojan. Let me know if I should go back and redo that one after I connect to the internet again.Thanks

    Ryan

    aswMBR


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-03 18:31:53
    -----------------------------
    18:31:53.689 OS Version: Windows x64 6.1.7600
    18:31:53.689 Number of processors: 2 586 0x170A
    18:31:53.689 ComputerName: THENEWMOM UserName: Owner
    18:31:54.781 Initialize success
    18:32:33.227 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    18:32:33.227 Disk 0 Vendor: Hitachi_HTS545032B9A300 PB3OCA0G Size: 305245MB BusType: 11
    18:32:33.227 Disk 0 MBR read successfully
    18:32:33.242 Disk 0 MBR scan
    18:32:33.242 Disk 0 unknown MBR code
    18:32:33.258 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    18:32:33.274 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292848 MB offset 409600
    18:32:33.305 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12196 MB offset 600162304
    18:32:33.352 Disk 0 scanning C:\Windows\system32\drivers
    18:32:40.559 Service scanning
    18:32:59.045 Modules scanning
    18:32:59.045 Disk 0 trace - called modules:
    18:32:59.076 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    18:32:59.076 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800338a060]
    18:32:59.092 3 CLASSPNP.SYS[fffff8800111043f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002e1f060]
    18:32:59.092 Scan finished successfully
    18:33:11.041 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
    18:33:11.057 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"



    tdsskiller



    18:33:49.0890 1208 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    18:33:49.0905 1208 ============================================================
    18:33:49.0905 1208 Current date / time: 2012/08/03 18:33:49.0905
    18:33:49.0905 1208 SystemInfo:
    18:33:49.0905 1208
    18:33:49.0905 1208 OS Version: 6.1.7600 ServicePack: 0.0
    18:33:49.0905 1208 Product type: Workstation
    18:33:49.0905 1208 ComputerName: THENEWMOM
    18:33:49.0905 1208 UserName: Owner
    18:33:49.0905 1208 Windows directory: C:\Windows
    18:33:49.0905 1208 System windows directory: C:\Windows
    18:33:49.0905 1208 Running under WOW64
    18:33:49.0905 1208 Processor architecture: Intel x64
    18:33:49.0905 1208 Number of processors: 2
    18:33:49.0905 1208 Page size: 0x1000
    18:33:49.0905 1208 Boot type: Normal boot
    18:33:49.0905 1208 ============================================================
    18:33:51.0029 1208 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x1E4843, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x5, Type 'K0', Flags 0x00000040
    18:33:51.0029 1208 Drive \Device\Harddisk1\DR4 - Size: 0x1E1FFFE00 (7.53 Gb), SectorSize: 0x200, Cylinders: 0x3D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    18:33:51.0029 1208 ============================================================
    18:33:51.0029 1208 \Device\Harddisk0\DR0:
    18:33:51.0029 1208 MBR partitions:
    18:33:51.0029 1208 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    18:33:51.0029 1208 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23BF8000
    18:33:51.0029 1208 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23C5C000, BlocksNum 0x17D2000
    18:33:51.0029 1208 \Device\Harddisk1\DR4:
    18:33:51.0029 1208 MBR partitions:
    18:33:51.0029 1208 \Device\Harddisk1\DR4\Partition0: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4
    18:33:51.0029 1208 ============================================================
    18:33:51.0060 1208 C: <-> \Device\Harddisk0\DR0\Partition1
    18:33:51.0122 1208 D: <-> \Device\Harddisk0\DR0\Partition2
    18:33:51.0122 1208 ============================================================
    18:33:51.0122 1208 Initialize success
    18:33:51.0122 1208 ============================================================
    18:33:53.0306 3928 ============================================================
    18:33:53.0306 3928 Scan started
    18:33:53.0306 3928 Mode: Manual;
    18:33:53.0306 3928 ============================================================
    18:33:54.0617 3928 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    18:33:54.0617 3928 1394ohci - ok
    18:33:54.0663 3928 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    18:33:54.0679 3928 ACPI - ok
    18:33:54.0710 3928 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    18:33:54.0710 3928 AcpiPmi - ok
    18:33:54.0804 3928 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    18:33:54.0819 3928 AdobeFlashPlayerUpdateSvc - ok
    18:33:54.0866 3928 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    18:33:54.0866 3928 adp94xx - ok
    18:33:54.0929 3928 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    18:33:54.0929 3928 adpahci - ok
    18:33:54.0944 3928 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    18:33:54.0944 3928 adpu320 - ok
    18:33:54.0991 3928 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    18:33:54.0991 3928 AeLookupSvc - ok
    18:33:55.0038 3928 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    18:33:55.0038 3928 AFD - ok
    18:33:55.0069 3928 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    18:33:55.0069 3928 agp440 - ok
    18:33:55.0100 3928 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    18:33:55.0100 3928 ALG - ok
    18:33:55.0131 3928 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    18:33:55.0131 3928 aliide - ok
    18:33:55.0163 3928 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    18:33:55.0163 3928 amdide - ok
    18:33:55.0194 3928 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    18:33:55.0209 3928 AmdK8 - ok
    18:33:55.0225 3928 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    18:33:55.0225 3928 AmdPPM - ok
    18:33:55.0272 3928 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    18:33:55.0272 3928 amdsata - ok
    18:33:55.0303 3928 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    18:33:55.0303 3928 amdsbs - ok
    18:33:55.0319 3928 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    18:33:55.0319 3928 amdxata - ok
    18:33:55.0365 3928 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    18:33:55.0365 3928 AppID - ok
    18:33:55.0397 3928 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    18:33:55.0397 3928 AppIDSvc - ok
    18:33:55.0428 3928 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
    18:33:55.0428 3928 Appinfo - ok
    18:33:55.0475 3928 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    18:33:55.0475 3928 arc - ok
    18:33:55.0506 3928 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    18:33:55.0506 3928 arcsas - ok
    18:33:55.0553 3928 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    18:33:55.0553 3928 AsyncMac - ok
    18:33:55.0584 3928 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    18:33:55.0584 3928 atapi - ok
    18:33:55.0709 3928 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
    18:33:55.0724 3928 athr - ok
    18:33:55.0865 3928 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    18:33:55.0880 3928 AudioEndpointBuilder - ok
    18:33:55.0880 3928 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    18:33:55.0896 3928 AudioSrv - ok
    18:33:56.0333 3928 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    18:33:56.0489 3928 AVGIDSAgent - ok
    18:33:56.0645 3928 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    18:33:56.0645 3928 AVGIDSDriver - ok
    18:33:56.0707 3928 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    18:33:56.0707 3928 AVGIDSEH - ok
    18:33:56.0738 3928 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    18:33:56.0738 3928 AVGIDSFilter - ok
    18:33:56.0832 3928 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
    18:33:56.0832 3928 Avgldx64 - ok
    18:33:56.0879 3928 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
    18:33:56.0894 3928 Avgmfx64 - ok
    18:33:56.0910 3928 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
    18:33:56.0910 3928 Avgrkx64 - ok
    18:33:56.0925 3928 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
    18:33:56.0941 3928 Avgtdia - ok
    18:33:57.0066 3928 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    18:33:57.0081 3928 avgwd - ok
    18:33:57.0128 3928 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
    18:33:57.0128 3928 AxInstSV - ok
    18:33:57.0175 3928 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    18:33:57.0191 3928 b06bdrv - ok
    18:33:57.0253 3928 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    18:33:57.0253 3928 b57nd60a - ok
    18:33:57.0269 3928 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    18:33:57.0269 3928 BDESVC - ok
    18:33:57.0300 3928 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    18:33:57.0300 3928 Beep - ok
    18:33:57.0347 3928 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    18:33:57.0347 3928 blbdrive - ok
    18:33:57.0378 3928 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    18:33:57.0378 3928 bowser - ok
    18:33:57.0409 3928 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    18:33:57.0409 3928 BrFiltLo - ok
    18:33:57.0440 3928 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    18:33:57.0440 3928 BrFiltUp - ok
    18:33:57.0471 3928 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
    18:33:57.0471 3928 Browser - ok
    18:33:57.0518 3928 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    18:33:57.0518 3928 Brserid - ok
    18:33:57.0549 3928 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    18:33:57.0549 3928 BrSerWdm - ok
    18:33:57.0549 3928 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    18:33:57.0549 3928 BrUsbMdm - ok
    18:33:57.0581 3928 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    18:33:57.0581 3928 BrUsbSer - ok
    18:33:57.0627 3928 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
    18:33:57.0627 3928 BTCFilterService - ok
    18:33:57.0659 3928 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    18:33:57.0659 3928 BTHMODEM - ok
    18:33:57.0690 3928 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    18:33:57.0705 3928 bthserv - ok
    18:33:57.0768 3928 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
    18:33:57.0768 3928 CAXHWAZL - ok
    18:33:57.0799 3928 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    18:33:57.0815 3928 cdfs - ok
    18:33:57.0861 3928 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    18:33:57.0861 3928 cdrom - ok
    18:33:57.0893 3928 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    18:33:57.0893 3928 CertPropSvc - ok
    18:33:57.0924 3928 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    18:33:57.0924 3928 circlass - ok
    18:33:57.0955 3928 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    18:33:57.0955 3928 CLFS - ok
    18:33:58.0033 3928 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:33:58.0033 3928 clr_optimization_v2.0.50727_32 - ok
    18:33:58.0080 3928 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    18:33:58.0080 3928 clr_optimization_v2.0.50727_64 - ok
    18:33:58.0220 3928 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:33:58.0220 3928 clr_optimization_v4.0.30319_32 - ok
    18:33:58.0267 3928 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    18:33:58.0267 3928 clr_optimization_v4.0.30319_64 - ok
    18:33:58.0298 3928 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    18:33:58.0298 3928 CmBatt - ok
    18:33:58.0314 3928 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    18:33:58.0314 3928 cmdide - ok
    18:33:58.0361 3928 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    18:33:58.0376 3928 CNG - ok
    18:33:58.0439 3928 CnxtHdAudService (3cb10294f7a59fd22501f4bad915f250) C:\Windows\system32\drivers\CHDRT64.sys
    18:33:58.0439 3928 CnxtHdAudService - ok
    18:33:58.0532 3928 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    18:33:58.0532 3928 Com4QLBEx - ok
    18:33:58.0532 3928 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    18:33:58.0532 3928 Compbatt - ok
    18:33:58.0563 3928 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    18:33:58.0563 3928 CompositeBus - ok
    18:33:58.0579 3928 COMSysApp - ok
    18:33:58.0610 3928 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    18:33:58.0610 3928 crcdisk - ok
    18:33:58.0657 3928 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
    18:33:58.0657 3928 CryptSvc - ok
    18:33:58.0704 3928 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    18:33:58.0704 3928 DcomLaunch - ok
    18:33:58.0766 3928 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    18:33:58.0766 3928 defragsvc - ok
    18:33:58.0797 3928 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    18:33:58.0813 3928 DfsC - ok
    18:33:58.0844 3928 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
    18:33:58.0860 3928 Dhcp - ok
    18:33:58.0860 3928 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    18:33:58.0860 3928 discache - ok
    18:33:58.0922 3928 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    18:33:58.0922 3928 Disk - ok
    18:33:58.0969 3928 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
    18:33:58.0969 3928 Dnscache - ok
    18:33:59.0000 3928 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
    18:33:59.0000 3928 dot3svc - ok
    18:33:59.0031 3928 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
    18:33:59.0031 3928 DPS - ok
    18:33:59.0063 3928 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    18:33:59.0063 3928 drmkaud - ok
    18:33:59.0125 3928 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
    18:33:59.0141 3928 DXGKrnl - ok
    18:33:59.0156 3928 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    18:33:59.0172 3928 EapHost - ok
    18:33:59.0219 3928 easytether (1d69a83033930c20583d608c622ca56b) C:\Windows\system32\DRIVERS\easytthr.sys
    18:33:59.0219 3928 easytether - ok
    18:33:59.0375 3928 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    18:33:59.0406 3928 ebdrv - ok
    18:33:59.0640 3928 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
    18:33:59.0640 3928 EFS - ok
    18:33:59.0749 3928 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
    18:33:59.0749 3928 ehRecvr - ok
    18:33:59.0796 3928 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    18:33:59.0796 3928 ehSched - ok
    18:33:59.0874 3928 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    18:33:59.0874 3928 elxstor - ok
    18:33:59.0905 3928 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    18:33:59.0905 3928 ErrDev - ok
    18:33:59.0952 3928 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    18:33:59.0952 3928 EventSystem - ok
    18:33:59.0983 3928 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    18:33:59.0983 3928 exfat - ok
    18:34:00.0014 3928 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    18:34:00.0014 3928 fastfat - ok
    18:34:00.0061 3928 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
    18:34:00.0077 3928 Fax - ok
    18:34:00.0108 3928 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    18:34:00.0108 3928 fdc - ok
    18:34:00.0123 3928 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    18:34:00.0123 3928 fdPHost - ok
    18:34:00.0139 3928 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    18:34:00.0139 3928 FDResPub - ok
    18:34:00.0170 3928 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    18:34:00.0170 3928 FileInfo - ok
    18:34:00.0201 3928 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    18:34:00.0201 3928 Filetrace - ok
    18:34:00.0233 3928 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    18:34:00.0233 3928 flpydisk - ok
    18:34:00.0279 3928 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    18:34:00.0279 3928 FltMgr - ok
    18:34:00.0342 3928 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
    18:34:00.0357 3928 FontCache - ok
    18:34:00.0435 3928 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    18:34:00.0435 3928 FontCache3.0.0.0 - ok
    18:34:00.0482 3928 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    18:34:00.0482 3928 FsDepends - ok
    18:34:00.0513 3928 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    18:34:00.0513 3928 Fs_Rec - ok
    18:34:00.0560 3928 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    18:34:00.0576 3928 fvevol - ok
    18:34:00.0607 3928 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    18:34:00.0607 3928 gagp30kx - ok
    18:34:00.0685 3928 GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    18:34:00.0701 3928 GameConsoleService - ok
    18:34:00.0779 3928 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
    18:34:00.0779 3928 gpsvc - ok
    18:34:00.0872 3928 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    18:34:00.0872 3928 gusvc - ok
    18:34:00.0903 3928 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    18:34:00.0903 3928 hcw85cir - ok
    18:34:00.0966 3928 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    18:34:00.0966 3928 HdAudAddService - ok
    18:34:01.0013 3928 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    18:34:01.0013 3928 HDAudBus - ok
    18:34:01.0028 3928 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    18:34:01.0028 3928 HidBatt - ok
    18:34:01.0059 3928 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    18:34:01.0059 3928 HidBth - ok
    18:34:01.0075 3928 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    18:34:01.0075 3928 HidIr - ok
    18:34:01.0091 3928 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    18:34:01.0106 3928 hidserv - ok
    18:34:01.0137 3928 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    18:34:01.0137 3928 HidUsb - ok
    18:34:01.0169 3928 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
    18:34:01.0169 3928 hkmsvc - ok
    18:34:01.0200 3928 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
    18:34:01.0200 3928 HomeGroupListener - ok
    18:34:01.0231 3928 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
    18:34:01.0231 3928 HomeGroupProvider - ok
    18:34:01.0325 3928 HP Health Check Service (0141816a095a3f5a83ffa5b4a47b8023) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    18:34:01.0325 3928 HP Health Check Service - ok
    18:34:01.0340 3928 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    18:34:01.0340 3928 HpqKbFiltr - ok
    18:34:01.0387 3928 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    18:34:01.0387 3928 hpqwmiex - ok
    18:34:01.0434 3928 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    18:34:01.0434 3928 HpSAMD - ok
    18:34:01.0543 3928 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll
    18:34:01.0543 3928 HsfXAudioService - ok
    18:34:01.0621 3928 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
    18:34:01.0637 3928 HSF_DPV - ok
    18:34:01.0808 3928 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    18:34:01.0808 3928 HTTP - ok
    18:34:01.0824 3928 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    18:34:01.0824 3928 hwpolicy - ok
    18:34:01.0855 3928 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    18:34:01.0855 3928 i8042prt - ok
    18:34:01.0917 3928 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    18:34:01.0917 3928 iaStorV - ok
    18:34:02.0011 3928 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    18:34:02.0027 3928 idsvc - ok
    18:34:02.0370 3928 igfx (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
    18:34:02.0510 3928 igfx - ok
    18:34:02.0635 3928 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    18:34:02.0635 3928 iirsp - ok
    18:34:02.0713 3928 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
    18:34:02.0713 3928 IKEEXT - ok
    18:34:02.0760 3928 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
    18:34:02.0760 3928 IntcHdmiAddService - ok
    18:34:02.0791 3928 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    18:34:02.0791 3928 intelide - ok
    18:34:02.0838 3928 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    18:34:02.0838 3928 intelppm - ok
    18:34:02.0869 3928 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    18:34:02.0869 3928 IPBusEnum - ok
    18:34:02.0900 3928 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:34:02.0900 3928 IpFilterDriver - ok
    18:34:02.0931 3928 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    18:34:02.0931 3928 IPMIDRV - ok
    18:34:02.0947 3928 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    18:34:02.0947 3928 IPNAT - ok
    18:34:02.0994 3928 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    18:34:02.0994 3928 IRENUM - ok
    18:34:03.0009 3928 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    18:34:03.0009 3928 isapnp - ok
    18:34:03.0041 3928 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    18:34:03.0041 3928 iScsiPrt - ok
    18:34:03.0103 3928 JLTECH0227 (d2788bd344280e416502fce52450d66f) C:\Windows\system32\Drivers\jl2005c.sys
    18:34:03.0103 3928 JLTECH0227 - ok
    18:34:03.0134 3928 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    18:34:03.0134 3928 kbdclass - ok
    18:34:03.0150 3928 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    18:34:03.0150 3928 kbdhid - ok
    18:34:03.0181 3928 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    18:34:03.0181 3928 KeyIso - ok
    18:34:03.0212 3928 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    18:34:03.0212 3928 KSecDD - ok
    18:34:03.0259 3928 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
    18:34:03.0259 3928 KSecPkg - ok
    18:34:03.0275 3928 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    18:34:03.0275 3928 ksthunk - ok
    18:34:03.0321 3928 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    18:34:03.0321 3928 KtmRm - ok
    18:34:03.0399 3928 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
    18:34:03.0399 3928 LanmanServer - ok
    18:34:03.0431 3928 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
    18:34:03.0431 3928 LanmanWorkstation - ok
    18:34:03.0524 3928 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    18:34:03.0524 3928 LightScribeService - ok
    18:34:03.0555 3928 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    18:34:03.0555 3928 lltdio - ok
    18:34:03.0618 3928 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    18:34:03.0618 3928 lltdsvc - ok
    18:34:03.0633 3928 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    18:34:03.0633 3928 lmhosts - ok
    18:34:03.0680 3928 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    18:34:03.0680 3928 LSI_FC - ok
    18:34:03.0711 3928 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    18:34:03.0711 3928 LSI_SAS - ok
    18:34:03.0727 3928 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    18:34:03.0727 3928 LSI_SAS2 - ok
    18:34:03.0743 3928 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    18:34:03.0743 3928 LSI_SCSI - ok
    18:34:03.0789 3928 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    18:34:03.0789 3928 luafv - ok
    18:34:03.0836 3928 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
    18:34:03.0852 3928 Mcx2Svc - ok
    18:34:03.0883 3928 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    18:34:03.0883 3928 mdmxsdk - ok
    18:34:03.0914 3928 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    18:34:03.0914 3928 megasas - ok
    18:34:03.0945 3928 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    18:34:03.0945 3928 MegaSR - ok
    18:34:04.0023 3928 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    18:34:04.0023 3928 Microsoft Office Groove Audit Service - ok
    18:34:04.0055 3928 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    18:34:04.0070 3928 MMCSS - ok
    18:34:04.0101 3928 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    18:34:04.0101 3928 Modem - ok
    18:34:04.0133 3928 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    18:34:04.0133 3928 monitor - ok
    18:34:04.0179 3928 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
    18:34:04.0195 3928 motandroidusb - ok
    18:34:04.0211 3928 motccgp (93f5adcad940111f6d4d71ae1d9ec7f6) C:\Windows\system32\DRIVERS\motccgp.sys
    18:34:04.0211 3928 motccgp - ok
    18:34:04.0226 3928 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
    18:34:04.0226 3928 motccgpfl - ok
    18:34:04.0242 3928 motmodem (db83dc223b9133da3e41afcbdecc46b5) C:\Windows\system32\DRIVERS\motmodem.sys
    18:34:04.0242 3928 motmodem - ok
    18:34:04.0320 3928 MotoConnect Service (9b2923c59d49672d1205c391a1296525) C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
    18:34:04.0320 3928 MotoConnect Service - ok
    18:34:04.0335 3928 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
    18:34:04.0335 3928 MotoSwitchService - ok
    18:34:04.0351 3928 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
    18:34:04.0351 3928 Motousbnet - ok
    18:34:04.0413 3928 motusbdevice (307727f9829fb46ff4be0e4d1dac5002) C:\Windows\system32\DRIVERS\motusbdevice.sys
    18:34:04.0413 3928 motusbdevice - ok
    18:34:04.0445 3928 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    18:34:04.0445 3928 mouclass - ok
    18:34:04.0476 3928 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    18:34:04.0476 3928 mouhid - ok
    18:34:04.0507 3928 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    18:34:04.0507 3928 mountmgr - ok
    18:34:04.0538 3928 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    18:34:04.0538 3928 mpio - ok
    18:34:04.0554 3928 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    18:34:04.0554 3928 mpsdrv - ok
    18:34:04.0569 3928 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    18:34:04.0569 3928 MRxDAV - ok
    18:34:04.0647 3928 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:34:04.0663 3928 mrxsmb - ok
    18:34:04.0679 3928 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:34:04.0694 3928 mrxsmb10 - ok
    18:34:04.0741 3928 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:34:04.0741 3928 mrxsmb20 - ok
    18:34:04.0772 3928 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    18:34:04.0788 3928 msahci - ok
    18:34:04.0803 3928 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    18:34:04.0803 3928 msdsm - ok
    18:34:04.0835 3928 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    18:34:04.0835 3928 MSDTC - ok
    18:34:04.0881 3928 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    18:34:04.0881 3928 Msfs - ok
    18:34:04.0897 3928 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    18:34:04.0897 3928 mshidkmdf - ok
    18:34:04.0897 3928 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    18:34:04.0897 3928 msisadrv - ok
    18:34:04.0959 3928 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    18:34:04.0959 3928 MSiSCSI - ok
    18:34:04.0959 3928 msiserver - ok
    18:34:04.0991 3928 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    18:34:04.0991 3928 MSKSSRV - ok
    18:34:04.0991 3928 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    18:34:04.0991 3928 MSPCLOCK - ok
    18:34:05.0022 3928 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    18:34:05.0022 3928 MSPQM - ok
    18:34:05.0053 3928 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    18:34:05.0053 3928 MsRPC - ok
    18:34:05.0084 3928 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    18:34:05.0084 3928 mssmbios - ok
    18:34:05.0115 3928 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    18:34:05.0115 3928 MSTEE - ok
    18:34:05.0147 3928 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    18:34:05.0147 3928 MTConfig - ok
    18:34:05.0178 3928 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    18:34:05.0178 3928 Mup - ok
    18:34:05.0225 3928 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
    18:34:05.0225 3928 napagent - ok
    18:34:05.0287 3928 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    18:34:05.0287 3928 NativeWifiP - ok
    18:34:05.0349 3928 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    18:34:05.0365 3928 NDIS - ok
    18:34:05.0381 3928 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    18:34:05.0381 3928 NdisCap - ok
    18:34:05.0427 3928 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    18:34:05.0427 3928 NdisTapi - ok
    18:34:05.0459 3928 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    18:34:05.0459 3928 Ndisuio - ok
    18:34:05.0474 3928 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    18:34:05.0474 3928 NdisWan - ok
    18:34:05.0490 3928 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    18:34:05.0490 3928 NDProxy - ok
    18:34:05.0505 3928 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    18:34:05.0505 3928 NetBIOS - ok
    18:34:05.0521 3928 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    18:34:05.0521 3928 NetBT - ok
    18:34:05.0552 3928 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    18:34:05.0552 3928 Netlogon - ok
    18:34:05.0583 3928 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    18:34:05.0599 3928 Netman - ok
    18:34:05.0615 3928 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    18:34:05.0630 3928 netprofm - ok
    18:34:05.0677 3928 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    18:34:05.0693 3928 NetTcpPortSharing - ok
    18:34:05.0927 3928 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
    18:34:05.0989 3928 netw5v64 - ok
    18:34:06.0098 3928 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    18:34:06.0098 3928 nfrd960 - ok
    18:34:06.0145 3928 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
    18:34:06.0145 3928 NlaSvc - ok
    18:34:06.0207 3928 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    18:34:06.0207 3928 Npfs - ok
    18:34:06.0239 3928 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    18:34:06.0239 3928 nsi - ok
    18:34:06.0254 3928 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    18:34:06.0254 3928 nsiproxy - ok
    18:34:06.0348 3928 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    18:34:06.0363 3928 Ntfs - ok
    18:34:06.0488 3928 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    18:34:06.0488 3928 Null - ok
    18:34:06.0519 3928 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    18:34:06.0519 3928 nvraid - ok
    18:34:06.0551 3928 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    18:34:06.0551 3928 nvstor - ok
    18:34:06.0582 3928 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    18:34:06.0582 3928 nv_agp - ok
    18:34:06.0675 3928 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    18:34:06.0675 3928 odserv - ok
    18:34:06.0722 3928 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    18:34:06.0722 3928 ohci1394 - ok
    18:34:06.0800 3928 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:34:06.0800 3928 ose - ok
    18:34:06.0863 3928 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    18:34:06.0863 3928 p2pimsvc - ok
    18:34:06.0894 3928 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    18:34:06.0909 3928 p2psvc - ok
    18:34:06.0941 3928 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    18:34:06.0941 3928 Parport - ok
    18:34:06.0972 3928 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    18:34:06.0972 3928 partmgr - ok
    18:34:06.0987 3928 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    18:34:07.0003 3928 PcaSvc - ok
    18:34:07.0019 3928 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    18:34:07.0019 3928 pci - ok
    18:34:07.0034 3928 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    18:34:07.0034 3928 pciide - ok
    18:34:07.0065 3928 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    18:34:07.0065 3928 pcmcia - ok
    18:34:07.0081 3928 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    18:34:07.0081 3928 pcw - ok
    18:34:07.0128 3928 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    18:34:07.0128 3928 PEAUTH - ok
    18:34:07.0190 3928 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    18:34:07.0190 3928 PerfHost - ok
    18:34:07.0284 3928 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
    18:34:07.0299 3928 pla - ok
    18:34:07.0362 3928 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
    18:34:07.0362 3928 PlugPlay - ok
    18:34:07.0393 3928 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    18:34:07.0393 3928 PNRPAutoReg - ok
    18:34:07.0424 3928 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    18:34:07.0424 3928 PNRPsvc - ok
    18:34:07.0487 3928 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
    18:34:07.0502 3928 PolicyAgent - ok
    18:34:07.0533 3928 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    18:34:07.0533 3928 Power - ok
    18:34:07.0596 3928 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    18:34:07.0596 3928 PptpMiniport - ok
    18:34:07.0627 3928 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    18:34:07.0627 3928 Processor - ok
    18:34:07.0658 3928 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
    18:34:07.0674 3928 ProfSvc - ok
    18:34:07.0689 3928 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    18:34:07.0705 3928 ProtectedStorage - ok
    18:34:07.0721 3928 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    18:34:07.0736 3928 Psched - ok
    18:34:07.0830 3928 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    18:34:07.0845 3928 ql2300 - ok
    18:34:07.0970 3928 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    18:34:07.0970 3928 ql40xx - ok
    18:34:08.0001 3928 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    18:34:08.0001 3928 QWAVE - ok
    18:34:08.0033 3928 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    18:34:08.0033 3928 QWAVEdrv - ok
    18:34:08.0048 3928 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    18:34:08.0048 3928 RasAcd - ok
    18:34:08.0079 3928 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    18:34:08.0079 3928 RasAgileVpn - ok
    18:34:08.0111 3928 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    18:34:08.0111 3928 RasAuto - ok
    18:34:08.0142 3928 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:34:08.0142 3928 Rasl2tp - ok
    18:34:08.0173 3928 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
    18:34:08.0189 3928 RasMan - ok
    18:34:08.0204 3928 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    18:34:08.0204 3928 RasPppoe - ok
    18:34:08.0220 3928 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    18:34:08.0220 3928 RasSstp - ok
    18:34:08.0251 3928 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    18:34:08.0251 3928 rdbss - ok
    18:34:08.0267 3928 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    18:34:08.0282 3928 rdpbus - ok
    18:34:08.0282 3928 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:34:08.0282 3928 RDPCDD - ok
    18:34:08.0329 3928 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    18:34:08.0329 3928 RDPENCDD - ok
    18:34:08.0345 3928 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    18:34:08.0345 3928 RDPREFMP - ok
    18:34:08.0360 3928 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    18:34:08.0376 3928 RDPWD - ok
    18:34:08.0407 3928 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    18:34:08.0407 3928 rdyboost - ok
    18:34:08.0454 3928 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    18:34:08.0454 3928 RemoteAccess - ok
    18:34:08.0501 3928 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    18:34:08.0501 3928 RemoteRegistry - ok
    18:34:08.0563 3928 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    18:34:08.0579 3928 RichVideo - ok
    18:34:08.0594 3928 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    18:34:08.0594 3928 RpcEptMapper - ok
    18:34:08.0610 3928 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    18:34:08.0625 3928 RpcLocator - ok
    18:34:08.0657 3928 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    18:34:08.0657 3928 RpcSs - ok
    18:34:08.0735 3928 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    18:34:08.0735 3928 rspndr - ok
    18:34:08.0766 3928 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
    18:34:08.0766 3928 RSUSBSTOR - ok
    18:34:08.0813 3928 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
    18:34:08.0813 3928 RTL8167 - ok
    18:34:08.0828 3928 RtsUIR - ok
    18:34:08.0859 3928 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    18:34:08.0859 3928 SamSs - ok
    18:34:08.0875 3928 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    18:34:08.0891 3928 sbp2port - ok
    18:34:08.0922 3928 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    18:34:08.0922 3928 SCardSvr - ok
    18:34:08.0953 3928 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    18:34:08.0953 3928 scfilter - ok
    18:34:09.0015 3928 Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll
    18:34:09.0031 3928 Schedule - ok
    18:34:09.0062 3928 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    18:34:09.0062 3928 SCPolicySvc - ok
    18:34:09.0093 3928 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
    18:34:09.0093 3928 sdbus - ok
    18:34:09.0125 3928 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
    18:34:09.0125 3928 SDRSVC - ok
    18:34:09.0171 3928 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    18:34:09.0171 3928 secdrv - ok
    18:34:09.0187 3928 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
    18:34:09.0187 3928 seclogon - ok
    18:34:09.0203 3928 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    18:34:09.0203 3928 SENS - ok
    18:34:09.0234 3928 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    18:34:09.0249 3928 SensrSvc - ok
    18:34:09.0265 3928 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    18:34:09.0265 3928 Serenum - ok
    18:34:09.0281 3928 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    18:34:09.0296 3928 Serial - ok
    18:34:09.0327 3928 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    18:34:09.0327 3928 sermouse - ok
    18:34:09.0359 3928 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
    18:34:09.0374 3928 SessionEnv - ok
    18:34:09.0405 3928 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    18:34:09.0405 3928 sffdisk - ok
    18:34:09.0405 3928 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    18:34:09.0405 3928 sffp_mmc - ok
    18:34:09.0421 3928 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
    18:34:09.0421 3928 sffp_sd - ok
    18:34:09.0437 3928 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    18:34:09.0437 3928 sfloppy - ok
    18:34:09.0468 3928 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
    18:34:09.0483 3928 ShellHWDetection - ok
    18:34:09.0515 3928 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    18:34:09.0515 3928 SiSRaid2 - ok
    18:34:09.0530 3928 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    18:34:09.0530 3928 SiSRaid4 - ok
    18:34:09.0561 3928 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    18:34:09.0561 3928 Smb - ok
    18:34:09.0608 3928 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    18:34:09.0624 3928 SNMPTRAP - ok
    18:34:09.0639 3928 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    18:34:09.0639 3928 spldr - ok
    18:34:09.0686 3928 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
    18:34:09.0702 3928 Spooler - ok
    18:34:09.0858 3928 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
    18:34:09.0889 3928 sppsvc - ok
    18:34:09.0998 3928 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    18:34:09.0998 3928 sppuinotify - ok
    18:34:10.0076 3928 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
    18:34:10.0092 3928 srv - ok
    18:34:10.0123 3928 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
    18:34:10.0123 3928 srv2 - ok
    18:34:10.0154 3928 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    18:34:10.0170 3928 SrvHsfHDA - ok
    18:34:10.0248 3928 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    18:34:10.0263 3928 SrvHsfV92 - ok
    18:34:10.0404 3928 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    18:34:10.0419 3928 SrvHsfWinac - ok
    18:34:10.0466 3928 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
    18:34:10.0466 3928 srvnet - ok
    18:34:10.0513 3928 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    18:34:10.0513 3928 SSDPSRV - ok
    18:34:10.0529 3928 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    18:34:10.0544 3928 SstpSvc - ok
    18:34:10.0560 3928 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    18:34:10.0560 3928 stexstor - ok
    18:34:10.0622 3928 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
    18:34:10.0638 3928 stisvc - ok
    18:34:10.0669 3928 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    18:34:10.0669 3928 swenum - ok
    18:34:10.0716 3928 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    18:34:10.0731 3928 swprv - ok
    18:34:10.0778 3928 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
    18:34:10.0794 3928 SynTP - ok
    18:34:10.0872 3928 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
    18:34:10.0903 3928 SysMain - ok
    18:34:11.0012 3928 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
    18:34:11.0012 3928 TabletInputService - ok
    18:34:11.0043 3928 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
    18:34:11.0059 3928 TapiSrv - ok
    18:34:11.0075 3928 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    18:34:11.0075 3928 TBS - ok
    18:34:11.0215 3928 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
    18:34:11.0231 3928 Tcpip - ok
    18:34:11.0449 3928 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
    18:34:11.0465 3928 TCPIP6 - ok
    18:34:11.0511 3928 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    18:34:11.0511 3928 tcpipreg - ok
    18:34:11.0543 3928 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    18:34:11.0543 3928 TDPIPE - ok
    18:34:11.0558 3928 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    18:34:11.0558 3928 TDTCP - ok
    18:34:11.0574 3928 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    18:34:11.0574 3928 tdx - ok
    18:34:11.0605 3928 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    18:34:11.0605 3928 TermDD - ok
    18:34:11.0667 3928 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
    18:34:11.0683 3928 TermService - ok
    18:34:11.0699 3928 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    18:34:11.0699 3928 Themes - ok
    18:34:11.0730 3928 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    18:34:11.0730 3928 THREADORDER - ok
    18:34:11.0745 3928 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    18:34:11.0745 3928 TrkWks - ok
    18:34:11.0808 3928 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
    18:34:11.0808 3928 TrustedInstaller - ok
    18:34:11.0839 3928 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:34:11.0839 3928 tssecsrv - ok
    18:34:11.0886 3928 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    18:34:11.0886 3928 tunnel - ok
    18:34:11.0917 3928 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    18:34:11.0917 3928 uagp35 - ok
    18:34:11.0948 3928 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    18:34:11.0948 3928 udfs - ok
    18:34:11.0995 3928 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    18:34:11.0995 3928 UI0Detect - ok
    18:34:12.0026 3928 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    18:34:12.0026 3928 uliagpkx - ok
    18:34:12.0057 3928 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    18:34:12.0057 3928 umbus - ok
    18:34:12.0104 3928 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    18:34:12.0104 3928 UmPass - ok
    18:34:12.0120 3928 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    18:34:12.0135 3928 upnphost - ok
    18:34:12.0135 3928 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    18:34:12.0135 3928 usbccgp - ok
    18:34:12.0151 3928 USBCCID - ok
    18:34:12.0213 3928 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    18:34:12.0213 3928 usbcir - ok
    18:34:12.0229 3928 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    18:34:12.0229 3928 usbehci - ok
    18:34:12.0276 3928 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
    18:34:12.0276 3928 usbhub - ok
    18:34:12.0307 3928 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    18:34:12.0307 3928 usbohci - ok
    18:34:12.0338 3928 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    18:34:12.0338 3928 usbprint - ok
    18:34:12.0354 3928 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:34:12.0354 3928 USBSTOR - ok
    18:34:12.0354 3928 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    18:34:12.0354 3928 usbuhci - ok
    18:34:12.0401 3928 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
    18:34:12.0401 3928 usbvideo - ok
    18:34:12.0432 3928 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    18:34:12.0447 3928 UxSms - ok
    18:34:12.0463 3928 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    18:34:12.0463 3928 VaultSvc - ok
    18:34:12.0494 3928 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    18:34:12.0494 3928 vdrvroot - ok
    18:34:12.0541 3928 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
    18:34:12.0541 3928 vds - ok
    18:34:12.0572 3928 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    18:34:12.0588 3928 vga - ok
    18:34:12.0603 3928 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    18:34:12.0603 3928 VgaSave - ok
    18:34:12.0635 3928 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    18:34:12.0650 3928 vhdmp - ok
    18:34:12.0666 3928 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    18:34:12.0666 3928 viaide - ok
    18:34:12.0697 3928 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    18:34:12.0697 3928 volmgr - ok
    18:34:12.0713 3928 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    18:34:12.0713 3928 volmgrx - ok
    18:34:12.0759 3928 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    18:34:12.0759 3928 volsnap - ok
    18:34:12.0806 3928 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    18:34:12.0806 3928 vsmraid - ok
    18:34:12.0884 3928 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
    18:34:12.0900 3928 VSS - ok
    18:34:13.0009 3928 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    18:34:13.0009 3928 vwifibus - ok
    18:34:13.0040 3928 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    18:34:13.0040 3928 vwififlt - ok
    18:34:13.0087 3928 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    18:34:13.0103 3928 W32Time - ok
    18:34:13.0134 3928 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    18:34:13.0134 3928 WacomPen - ok
    18:34:13.0149 3928 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    18:34:13.0149 3928 WANARP - ok
    18:34:13.0165 3928 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    18:34:13.0165 3928 Wanarpv6 - ok
    18:34:13.0290 3928 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    18:34:13.0305 3928 WatAdminSvc - ok
    18:34:13.0399 3928 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
    18:34:13.0430 3928 wbengine - ok
    18:34:13.0539 3928 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    18:34:13.0555 3928 WbioSrvc - ok
    18:34:13.0571 3928 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
    18:34:13.0586 3928 wcncsvc - ok
    18:34:13.0602 3928 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    18:34:13.0602 3928 WcsPlugInService - ok
    18:34:13.0633 3928 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    18:34:13.0633 3928 Wd - ok
    18:34:13.0680 3928 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    18:34:13.0695 3928 Wdf01000 - ok
    18:34:13.0711 3928 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    18:34:13.0711 3928 WdiServiceHost - ok
    18:34:13.0727 3928 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    18:34:13.0727 3928 WdiSystemHost - ok
    18:34:13.0758 3928 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
    18:34:13.0758 3928 WebClient - ok
    18:34:13.0789 3928 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    18:34:13.0805 3928 Wecsvc - ok
    18:34:13.0820 3928 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    18:34:13.0820 3928 wercplsupport - ok
    18:34:13.0851 3928 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    18:34:13.0851 3928 WerSvc - ok
    18:34:13.0914 3928 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    18:34:13.0914 3928 WfpLwf - ok
    18:34:13.0929 3928 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    18:34:13.0929 3928 WIMMount - ok
    18:34:13.0992 3928 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
    18:34:13.0992 3928 winachsf - ok
    18:34:14.0007 3928 WinHttpAutoProxySvc - ok
    18:34:14.0054 3928 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    18:34:14.0054 3928 Winmgmt - ok
    18:34:14.0179 3928 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
    18:34:14.0195 3928 WinRM - ok
    18:34:14.0397 3928 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
    18:34:14.0397 3928 WinUsb - ok
    18:34:14.0491 3928 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    18:34:14.0491 3928 Wlansvc - ok
    18:34:14.0538 3928 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    18:34:14.0538 3928 WmiAcpi - ok
    18:34:14.0600 3928 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    18:34:14.0600 3928 wmiApSrv - ok
    18:34:14.0631 3928 WMPNetworkSvc - ok
    18:34:14.0663 3928 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    18:34:14.0663 3928 WPCSvc - ok
    18:34:14.0694 3928 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
    18:34:14.0694 3928 WPDBusEnum - ok
    18:34:14.0725 3928 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    18:34:14.0725 3928 ws2ifsl - ok
    18:34:14.0725 3928 WSearch - ok
    18:34:14.0772 3928 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    18:34:14.0772 3928 WudfPf - ok
    18:34:14.0819 3928 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:34:14.0819 3928 WUDFRd - ok
    18:34:14.0850 3928 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
    18:34:14.0850 3928 wudfsvc - ok
    18:34:14.0881 3928 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    18:34:14.0897 3928 WwanSvc - ok
    18:34:14.0943 3928 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
    18:34:14.0943 3928 XAudio - ok
    18:34:15.0037 3928 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    18:34:15.0053 3928 YahooAUService - ok
    18:34:15.0115 3928 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
    18:34:15.0115 3928 yukonw7 - ok
    18:34:15.0177 3928 MBR (0x1B8) (26f09bb2d3c825f4e28a6915a269f46d) \Device\Harddisk0\DR0
    18:34:15.0349 3928 \Device\Harddisk0\DR0 - ok
    18:34:15.0365 3928 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR4
    18:34:15.0365 3928 \Device\Harddisk1\DR4 - ok
    18:34:15.0365 3928 Boot (0x1200) (f036e9421c81dc0f35ce6a32bea059be) \Device\Harddisk0\DR0\Partition0
    18:34:15.0365 3928 \Device\Harddisk0\DR0\Partition0 - ok
    18:34:15.0380 3928 Boot (0x1200) (dc4f07280d9caf32bf8c530e60351f8b) \Device\Harddisk0\DR0\Partition1
    18:34:15.0380 3928 \Device\Harddisk0\DR0\Partition1 - ok
    18:34:15.0411 3928 Boot (0x1200) (ef7318940247f57e4080d868791a948c) \Device\Harddisk0\DR0\Partition2
    18:34:15.0411 3928 \Device\Harddisk0\DR0\Partition2 - ok
    18:34:15.0427 3928 Boot (0x1200) (5ae167f4ba7b809437852ecc4a70e5a3) \Device\Harddisk1\DR4\Partition0
    18:34:15.0427 3928 \Device\Harddisk1\DR4\Partition0 - ok
    18:34:15.0427 3928 ============================================================
    18:34:15.0427 3928 Scan finished
    18:34:15.0427 3928 ============================================================
    18:34:15.0443 1172 Detected object count: 0
    18:34:15.0443 1172 Actual detected object count: 0
     

    Attached Files:

    • MBR.zip
      File size:
      514 bytes
      Views:
      0
  4. Conspire

    Conspire Malware Specialist

    Joined:
    Feb 3, 2011
    Messages:
    448
    Hello Ryan,

    It's ok, I think we have sufficient information on what is the root of cause. The following procedure we are about to perform will be outside Windows, meaning to say that we will be doing it without Windows actually booting up. Let me know if you have any difficulties running FRST.

    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit Download Link and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • In the Search field box, type services.exe
    • Press Search Files button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  5. ruecke

    ruecke Thread Starter

    Joined:
    Aug 2, 2012
    Messages:
    13
    Conspire,

    I ran the test without a problem. Here are the results. Thanks again for all your help! I wouldn't have known to do any of this!

    Ryan

    frst

    Farbar Recovery Scan Tool Version: 04-08-2012
    Ran by SYSTEM at 2012-08-04 00:03:33
    Running from G:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======
     
  6. Conspire

    Conspire Malware Specialist

    Joined:
    Feb 3, 2011
    Messages:
    448
    You're welcome :)

    Ok, now instead of hitting Search Files button, go ahead and press Scan. It will produce a log on the flash drive. Copy/paste that on your next reply.
     
  7. ruecke

    ruecke Thread Starter

    Joined:
    Aug 2, 2012
    Messages:
    13
    Here are the results of the scan.


    Scan result of Farbar Recovery Scan Tool Version: 04-08-2012
    Ran by SYSTEM at 04-08-2012 09:15:45
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-06-09] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [385560 2009-06-09] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365080 2009-06-09] (Intel Corporation)
    HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-08-17] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" [468264 2009-06-23] (CyberLink Corp.)
    HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [218408 2009-02-17] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-09-23] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-25] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2339168 2012-01-17] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
    HKU\Default\...\Policies\system: [WallpaperStyle] 2
    HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
    HKU\Default User\...\Policies\system: [WallpaperStyle] 2
    HKU\Owner\...\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden [1025320 2009-04-23] (SupportSoft, Inc.)
    HKU\Owner\...\Run: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe" [48456 2010-12-18] (Mobile Stream)
    HKU\Owner\...\Policies\system: [WallpaperStyle] 2
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
    ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)

    ==================== Services (Whitelisted) ======

    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe" [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
    2 MotoConnect Service; C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [91456 2010-06-24] ()
    2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-01-21] ()

    ========================== Drivers (Whitelisted) =============

    3 AVGIDSDriver; C:\Windows\System32\Drivers\AVGIDSDriver.sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\Drivers\AVGIDSFilter.sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [304720 2011-01-07] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [377936 2011-04-04] (AVG Technologies CZ, s.r.o.)
    3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [21072 2010-08-29] (Mobile Stream)
    3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
    3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-03 20:58 - 2012-08-04 09:15 - 00000000 ____D C:\FRST
    2012-08-03 15:33 - 2012-08-03 15:33 - 00001613 ____A C:\Users\Owner\Desktop\aswMBR.txt
    2012-08-03 15:33 - 2012-08-03 15:33 - 00000514 ____A C:\Users\Owner\Desktop\MBR.zip
    2012-08-03 15:33 - 2012-08-03 15:33 - 00000512 ____A C:\Users\Owner\Desktop\MBR.dat
    2012-08-03 15:31 - 2012-08-03 15:30 - 04731392 ____A (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
    2012-08-03 15:31 - 2012-08-03 15:30 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
    2012-08-02 14:33 - 2012-08-02 14:30 - 00607260 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
    2012-08-02 14:24 - 2012-08-02 14:29 - 00012038 ____A C:\Users\Owner\Desktop\hijackthis.log
    2012-08-02 14:24 - 2012-08-02 14:16 - 00388608 ____A (Trend Micro Inc.) C:\Users\Owner\Desktop\HijackThis.exe
    2012-07-31 18:15 - 2012-07-31 18:15 - 00000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
    2012-07-31 18:00 - 2012-07-31 18:09 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-31 18:00 - 2012-07-31 18:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
    2012-07-31 18:00 - 2012-07-31 18:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-31 18:00 - 2012-07-03 10:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-31 17:30 - 2012-08-03 20:54 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-31 17:30 - 2012-07-31 17:30 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-31 17:30 - 2012-07-31 17:30 - 00000000 ____D C:\Windows\System32\Macromed
    2012-07-31 04:42 - 2012-07-31 04:42 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

    ============ 3 Months Modified Files ========================

    2012-08-03 20:54 - 2012-07-31 17:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-03 20:54 - 2009-07-13 20:51 - 00125437 ____A C:\Windows\setupact.log
    2012-08-03 15:33 - 2012-08-03 15:33 - 00001613 ____A C:\Users\Owner\Desktop\aswMBR.txt
    2012-08-03 15:33 - 2012-08-03 15:33 - 00000514 ____A C:\Users\Owner\Desktop\MBR.zip
    2012-08-03 15:33 - 2012-08-03 15:33 - 00000512 ____A C:\Users\Owner\Desktop\MBR.dat
    2012-08-03 15:30 - 2012-08-03 15:31 - 04731392 ____A (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
    2012-08-03 15:30 - 2012-08-03 15:31 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
    2012-08-02 14:30 - 2012-08-02 14:33 - 00607260 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
    2012-08-02 14:29 - 2012-08-02 14:24 - 00012038 ____A C:\Users\Owner\Desktop\hijackthis.log
    2012-08-02 14:16 - 2012-08-02 14:24 - 00388608 ____A (Trend Micro Inc.) C:\Users\Owner\Desktop\HijackThis.exe
    2012-08-02 14:05 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-02 14:05 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-02 13:58 - 2012-04-27 14:04 - 00000414 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job
    2012-08-02 13:58 - 2009-11-14 07:19 - 00000290 ____A C:\Users\All Users\hpqp.ini
    2012-08-02 13:58 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-31 18:09 - 2009-12-28 21:39 - 00227654 ____A C:\Windows\PFRO.log
    2012-07-31 18:00 - 2009-07-13 21:13 - 00732336 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-31 17:30 - 2012-07-31 17:30 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-31 17:30 - 2011-10-21 04:19 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-31 04:37 - 2009-11-14 06:58 - 01204710 ____A C:\Windows\WindowsUpdate.log
    2012-07-03 10:46 - 2012-07-31 18:00 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-01 14:40 - 2010-01-04 11:54 - 00000021 ____A C:\Users\All Users\hpqp.txt
    2012-06-06 18:24 - 2012-06-06 11:22 - 00009947 ____A C:\Users\Owner\Documents\Jacobs Daily Checklist.xlsx
    2012-05-16 04:07 - 2009-07-13 21:08 - 00032560 ____A C:\Windows\Tasks\SCHEDLGU.TXT


    ZeroAccess:
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\@
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\L
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\L\00000004.@
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\L\201d3dde
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\00000004.@
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\000000cb.@
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\80000000.@
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\80000032.@
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\80000064.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 26%
    Total physical RAM: 3003.19 MB
    Available physical RAM: 2219.8 MB
    Total Pagefile: 3001.34 MB
    Available Pagefile: 2293.33 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:285.98 GB) (Free:224.76 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (RECOVERY) (Fixed) (Total:11.91 GB) (Free:2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive g: (PKBACK# 001) (Removable) (Total:7.47 GB) (Free:6.19 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 7711 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 285 GB 200 MB
    Partition 3 Primary 11 GB 286 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 285 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E RECOVERY NTFS Partition 11 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7655 MB 22 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G PKBACK# 001 FAT32 Removable 7655 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-28 04:21
     
  8. Conspire

    Conspire Malware Specialist

    Joined:
    Feb 3, 2011
    Messages:
    448
    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

    Code:
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\@
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\L
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\L\00000004.@
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\L\201d3dde
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\00000004.@
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\000000cb.@
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\80000000.@
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\80000032.@
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\80000064.@
    C:\Windows\assembly\GAC_32\Desktop.ini
    C:\Windows\assembly\GAC_64\Desktop.ini
    Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
    
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
     
  9. ruecke

    ruecke Thread Starter

    Joined:
    Aug 2, 2012
    Messages:
    13
    Here is the result of the fix. Thanks

    Ryan

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-08-2012
    Ran by SYSTEM at 2012-08-05 00:31:06 Run:1
    Running from G:\

    ==============================================

    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2} moved successfully.
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\@ not found.
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\L not found.
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U not found.
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\L\00000004.@ not found.
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\L\201d3dde not found.
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\00000004.@ not found.
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\000000cb.@ not found.
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\80000000.@ not found.
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\80000032.@ not found.
    C:\Windows\Installer\{708e671f-3545-2915-06c0-6082039c15b2}\U\80000064.@ not found.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  10. Conspire

    Conspire Malware Specialist

    Joined:
    Feb 3, 2011
    Messages:
    448
    Looking good so far. Boot back to normal mode and run Combofix.

    Please read through these instructions to familiarize yourself with what to expect when this tool runs

    Refer to the ComboFix User's Guide


    Download ComboFix from one of these locations:

    Link 1
    Link 2



    * IMPORTANT- Save ComboFix.exe to your Desktop

    ====================================================


    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


    ====================================================


    Double click on combofix.exe & follow the prompts.


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
     
  11. ruecke

    ruecke Thread Starter

    Joined:
    Aug 2, 2012
    Messages:
    13
    Okay, here is the log report for ComboFix. I disabled AVG, but when ComboFix was running, it gave a warning that AVG scanning was still enabled and I doubled checked it and it was still disabled. Hopefully nothing was messed up by that. Also, AVG re-enabled after the 15 minutes, but before ComboFix was done with all its stages, so again, hopefully nothing was messed up. Thanks for your continued help.

    ComboFix

    ComboFix 12-08-05.02 - Owner 08/05/2012 10:05:32.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.1962 [GMT -5:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\users\Owner\AppData\Local\.#
    c:\users\Owner\AppData\Local\.#\MBX@858@F91C00.###
    c:\users\Owner\AppData\Local\.#\MBX@858@F91C10.###
    c:\users\Owner\AppData\Local\.#\MBX@858@F91C20.###
    c:\users\Owner\AppData\Local\.#\MBX@858@F91C30.###
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\chrome.manifest
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\chrome\content\background.html
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\chrome\content\browser.xul
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\chrome\content\crossrider.js
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\chrome\content\crossriderapi.js
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\chrome\content\dialog.js
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\chrome\content\lib\faye-browser-min.js
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\chrome\content\manage-apps-style.css
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\chrome\content\manage-apps.html
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\chrome\content\messaging.js
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\chrome\content\options.js
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\chrome\content\options.xul
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\chrome\content\push.html
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\chrome\content\search_dialog.xul
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\chrome\content\update.html
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\defaults\preferences\prefs.js
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\install.rdf
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\locale\en-US\translations.dtd
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\skin\button1.png
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\skin\button2.png
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\skin\button3.png
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\skin\button4.png
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\skin\button5.png
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\skin\crossrider_statusbar.png
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\skin\icon128.png
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\skin\icon16.png
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\skin\icon24.png
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\skin\icon48.png
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\skin\panelarrow-up.png
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\skin\popup.css
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\skin\popup.html
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\skin\popup_binding.xml
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\skin\skin.css
    c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\extensions\[email protected]\skin\update.css
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-05 15:15 . 2012-08-05 15:15 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-04 04:58 . 2012-08-04 17:15 -------- d-----w- C:\FRST
    2012-08-01 02:19 . 2012-08-01 02:19 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics
    2012-08-01 02:15 . 2012-08-01 02:15 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
    2012-08-01 02:00 . 2012-08-01 02:00 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
    2012-08-01 02:00 . 2012-08-01 02:09 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-01 02:00 . 2012-08-01 02:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-01 02:00 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-01 01:30 . 2012-08-01 01:30 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-01 01:30 . 2012-08-01 01:30 -------- d-----w- c:\windows\system32\Macromed
    2012-07-31 12:42 . 2012-07-31 12:42 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-07-23 13:11 . 2012-07-23 13:11 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\5467.tmp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-01 01:30 . 2011-10-21 12:19 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-23 16:39 . 2010-01-29 04:04 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2012-05-23 16:39 . 2010-01-23 14:40 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-05-23 16:39 . 2011-03-25 13:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{c1b8770b-7d91-c494-31e0-e62db08b9414}"= "c:\program files (x86)\Bucksbee Loyalty Plugin - W3i\Helper.dll" [2012-04-27 361984]
    .
    [HKEY_CLASSES_ROOT\clsid\{c1b8770b-7d91-c494-31e0-e62db08b9414}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{4461AAA2-16D5-BEB4-A120-6B92E5EA1B87}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{626A9BF6-A6F4-18F4-159B-52A7A586C40B}]
    2012-02-02 16:07 13632 ----a-w- c:\program files (x86)\Bucksbee Loyalty Plugin - W3i\BucksBee Loyalty Plugin.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
    2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
    "EasyTether"="c:\program files (x86)\Mobile Stream\EasyTether\easytthr.exe" [2010-12-19 48456]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
    "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
    "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
    "WallpaperStyle"= 2
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-01 257224]
    R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
    R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    R3 JLTECH0227;Dual Mode Camera;c:\windows\system32\Drivers\jl2005c.sys [2010-05-28 76528]
    R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2010-06-18 20992]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
    R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
    R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-26 10240]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-14 1255736]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-04-05 377936]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-28 118864]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
    S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-24 292864]
    S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2010-08-29 21072]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-01 01:30]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-09 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-09 385560]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-09 365080]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.flipfloprentals.com/
    uLocal Page = c:\windows\system32\blank.htm
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uig3tgr0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.flipfloprentals.com/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: HP Smart Web Printing: [email protected] - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files (x86)\AVG\AVG10\Firefox4
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-ComcastHSI - c:\program files (x86)\support.com\uninstall\chsi_uninstaller.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Motorola\MotoConnectService\MotoConnect.exe
    c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-05 10:33:13 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-05 15:33
    .
    Pre-Run: 243,510,837,248 bytes free
    Post-Run: 243,345,989,632 bytes free
    .
    - - End Of File - - 91C7D8312128030818D1357A365AA0D3
     
  12. Conspire

    Conspire Malware Specialist

    Joined:
    Feb 3, 2011
    Messages:
    448
    Do you know anything about Bucksbee Loyalty Plugin?
     
  13. ruecke

    ruecke Thread Starter

    Joined:
    Aug 2, 2012
    Messages:
    13
    Nope, no idea. I should probably uninstall that, huh?
     
  14. Conspire

    Conspire Malware Specialist

    Joined:
    Feb 3, 2011
    Messages:
    448
    Yup, are you able to uninstall it without any difficulties?

    Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    ===================================================

    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan

    Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the [​IMG] button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the [​IMG] icon on your desktop.
    4. Check [​IMG]
    5. Click the [​IMG] button.
    6. Accept any security warnings from your browser.
    7. Check [​IMG]
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push [​IMG]
    12. Push [​IMG], and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
    13. Push the Back button.
    14. Select Uninstall application on close check box and push [​IMG]
    ===================================================

    Malwarebytes' Anti-Malware
    Download Malwarebytes' Anti-Malware here and save to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.)
    • At the end, be sure a checkmark is placed next to:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
    Note:
    • The log can also be found here:
      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to either and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.


    ===================================================

    On your next reply please post :
    ESET log
    MBAM log


    Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!
     
  15. ruecke

    ruecke Thread Starter

    Joined:
    Aug 2, 2012
    Messages:
    13
    Okay, here are the Eset and Malwarebyte reports. On the ESet, it found 6 or 8 other trojans, but the instructions didn't mention anything about removing them in the process, so they are still there. Hopefully that was correct to do. Thanks

    Ryan

    ESet


    C:\FRST\Quarantine\services.exe Win64/Patched.A.Gen trojan
    C:\FRST\Quarantine\{708e671f-3545-2915-06c0-6082039c15b2}\U\000000cb.@ Win64/Conedex.B trojan
    C:\FRST\Quarantine\{708e671f-3545-2915-06c0-6082039c15b2}\U\80000000.@ Win64/Sirefef.AP trojan
    C:\FRST\Quarantine\{708e671f-3545-2915-06c0-6082039c15b2}\U\80000032.@ a variant of Win32/Sirefef.FD trojan
    C:\ProgramData\Microsoft\Windows\DRM\5467.tmp Win64/Olmarik.AH trojan
    C:\Users\All Users\Microsoft\Windows\DRM\5467.tmp Win64/Olmarik.AH trojan
    C:\Windows\System32\sysprep\CRYPTSP.dll_ a variant of Win32/Kryptik.AJET trojan
    C:\Windows\SysWOW64\sysprep\CRYPTSP.dll_ a variant of Win32/Kryptik.AJET trojan


    Malwarebyte


    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.05.07

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Owner :: THENEWMOM [administrator]

    8/5/2012 2:11:08 PM
    mbam-log-2012-08-05 (14-11-08).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 196114
    Time elapsed: 5 minute(s), 22 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 4
    HKCR\Interface\{77777777-7777-7777-7777-770077227758} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1063599