Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Infected with redirect virus (again), text keeps jumping around and error screens keep coming up

Started by dogfish1980 , May 27 2012 10:17 PM

This topic is locked

43 replies to this topic

#1 dogfish1980

Member

Members
49 posts

Posted 27 May 2012 - 10:17 PM

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by Dogfish1980 at 19:38:21 on 2012-05-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2498 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\MyPhoneExplorer\MyPhoneExplorer.exe
C:\Program Files (x86)\MyPhoneExplorer\DLL\adb.exe
C:\Windows\system32\AUDIODG.EXE
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=a545ea26&toolbarid=blekkotb_soc&u=D4ECA4086CB1CA43127A824FC2E27D0F&tbp=homepage&v=2_0
uDefault_Page_URL = hxxp://asus.msn.com
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: I Want This: {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Shop to Win: {6ae00f2c-62f7-41b5-83a6-b0cc6959cbc4} - C:\Program Files (x86)\Shop to Win 21\Shop to Win 21.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Blekko search bar: {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll
BHO: DefaultTab Browser Helper: {7f6afbf1-e065-4627-a2fd-810366367d01} - C:\Users\Dogfish1980\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: Fantapper: {8a86d350-37ab-410a-8531-7d1363f317b3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Blekko search bar: {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Dogfish1980\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Active Desktop Calendar] C:\Program Files (x86)\XemiComputers\Active Desktop Calendar\ADC.exe
uRun: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2287DE97-332B-4251-9D09-A1366E26B826} : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{7B766886-DD1B-4238-8F40-CCB377155137} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7B766886-DD1B-4238-8F40-CCB377155137}\35861646970236F6666656560216E64602475616D27657563747 : DhcpNameServer = 10.1.10.1
TCP: Interfaces\{7B766886-DD1B-4238-8F40-CCB377155137}\4756D607C65636F666665656 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7B766886-DD1B-4238-8F40-CCB377155137}\E416B65646C4F657E67656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7B766886-DD1B-4238-8F40-CCB377155137}\F46666963656534376 : DhcpNameServer = 192.168.2.1 192.168.0.1
TCP: Interfaces\{7BE591E0-E416-469E-9179-D8750FADD067} : DhcpNameServer = 192.168.50.1
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: I Want This: {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll
BHO-X64: CrossriderApp0002258 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Shop to Win: {6AE00F2C-62F7-41B5-83A6-B0CC6959CBC4} - C:\Program Files (x86)\Shop to Win 21\Shop to Win 21.dll
BHO-X64: Freecause Shopping BHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Blekko search bar: {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll
BHO-X64: Blekko search bar - No File
BHO-X64: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Dogfish1980\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO-X64: DefaultTabBHO - No File
BHO-X64: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO-X64: Fantapper - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: Blekko search bar: {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dogfish1980\AppData\Roaming\Mozilla\Firefox\Profiles\5g4kli1t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VUZTDF&PC=VUZE&q=
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_soc&u=USERGUID&q=
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Dogfish1980\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-2-26 44768]
R3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
R3 easytether;easytether;C:\Windows\system32\DRIVERS\easytthr.sys --> C:\Windows\system32\DRIVERS\easytthr.sys [?]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FTSvc;Fantapper Player Update Service;"C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe" --> C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe [?]
S2 hkmsvc32;Health Key and Certificate Management ;C:\Windows\system32\ole3232.exe --> C:\Windows\system32\ole3232.exe [?]
S2 RosettaStoneLtdController;RosettaStoneLtdController;"C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe" --> C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [?]
S3 38931270;38931270;C:\Windows\system32\drivers\27232243.sys --> C:\Windows\system32\drivers\27232243.sys [?]
S3 53521978;53521978;C:\Windows\system32\drivers\67754965.sys --> C:\Windows\system32\drivers\67754965.sys [?]
S3 72012792;72012792;C:\Windows\system32\drivers\20143216.sys --> C:\Windows\system32\drivers\20143216.sys [?]
S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 129976]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-28 02:28:13 -------- d-----w- C:\Program Files (x86)\PC Speed Maximizer
2012-05-28 02:27:52 -------- d-----w- C:\Users\Dogfish1980\AppData\Local\antiphishing-vmninternethelper1_1dn
2012-05-28 02:27:51 -------- d-----w- C:\ProgramData\Anti-phishing Domain Advisor
2012-05-28 02:27:40 -------- d-----w- C:\Users\Dogfish1980\AppData\Local\I Want This
2012-05-28 02:27:38 -------- d-----w- C:\Program Files (x86)\I Want This
2012-05-28 02:27:10 -------- d-----w- C:\Program Files (x86)\blekkotb_soc
2012-05-27 01:18:57 -------- d-----w- C:\Users\Dogfish1980\AppData\Roaming\XemiComputers
2012-05-27 01:08:40 -------- d-----w- C:\Program Files (x86)\XemiComputers
2012-05-27 01:08:38 -------- d-----w- C:\ProgramData\blekko toolbars
2012-05-27 01:08:26 -------- d-----w- C:\Users\Dogfish1980\AppData\Local\blekkotb_031
2012-05-10 00:36:26 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-10 00:36:25 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-10 00:36:07 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-10 00:36:05 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-10 00:36:03 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-10 00:36:02 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-10 00:34:56 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-10 00:34:24 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-10 00:34:18 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-10 00:34:18 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 00:34:17 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 00:34:16 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-10 00:34:16 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-04 02:48:37 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-04 02:48:34 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-04 02:48:34 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-04-24 00:21:34 770384 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2012-04-24 00:21:34 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2012-04-24 00:21:34 138056 ----a-w- C:\Windows\SysWow64\atl100.dll
2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2009-04-08 18:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 19:41:46.36 ===============

Attached Files

Attach.txt 11.81K 2 downloads

BC Ads
BleepingComputer.com

#2 gringo_pr

Bleepin Gringo

Malware Response Team
120,668 posts

Gender:Male
Location:Puerto rico

Posted 27 May 2012 - 11:26 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

Download Security Check by screen317 from here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

#3 dogfish1980

Member

Members
49 posts

Posted 27 May 2012 - 11:56 PM

Here are the contents from the Security Check. Also, I ran Combofix, but it got stuck on Stage_49, which I notice that it always does from previous attempts. My computer is running the same as before.

Results of screen317's Security Check version 0.99.39
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
AVG Anti-Virus Free Edition 2011
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 30
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 10.3.183.5 Flash Player out of Date!
Adobe Flash Player 10.3.183.5
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
[/u]````````````````````End of Log``````````````````````[/u]

#4 gringo_pr

Bleepin Gringo

Malware Response Team
120,668 posts

Gender:Male
Location:Puerto rico

Posted 28 May 2012 - 12:27 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo

#5 dogfish1980

Member

Members
49 posts

Posted 28 May 2012 - 10:03 AM

Hi

I ran Combofix in safe mode and it still froze up on Stage_49. I ran it three times total and it never went past that stage.

#6 gringo_pr

Bleepin Gringo

Malware Response Team
120,668 posts

Gender:Male
Location:Puerto rico

Posted 28 May 2012 - 10:26 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

#7 dogfish1980

Member

Members
49 posts

Posted 28 May 2012 - 10:43 AM

First log is tdsskiller -

08:29:52.0047 3312 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
08:29:53.0134 3312 ============================================================
08:29:53.0134 3312 Current date / time: 2012/05/28 08:29:53.0134
08:29:53.0134 3312 SystemInfo:
08:29:53.0134 3312
08:29:53.0134 3312 OS Version: 6.1.7601 ServicePack: 1.0
08:29:53.0134 3312 Product type: Workstation
08:29:53.0135 3312 ComputerName: DOGFISH1980-PC
08:29:53.0135 3312 UserName: Dogfish1980
08:29:53.0135 3312 Windows directory: C:\Windows
08:29:53.0135 3312 System windows directory: C:\Windows
08:29:53.0135 3312 Running under WOW64
08:29:53.0135 3312 Processor architecture: Intel x64
08:29:53.0135 3312 Number of processors: 2
08:29:53.0135 3312 Page size: 0x1000
08:29:53.0135 3312 Boot type: Normal boot
08:29:53.0135 3312 ============================================================
08:29:53.0564 3312 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:29:53.0582 3312 ============================================================
08:29:53.0582 3312 \Device\Harddisk0\DR0:
08:29:53.0583 3312 MBR partitions:
08:29:53.0583 3312 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D4B178, BlocksNum 0x3863A6B8
08:29:53.0583 3312 ============================================================
08:29:53.0609 3312 C: <-> \Device\Harddisk0\DR0\Partition0
08:29:53.0609 3312 ============================================================
08:29:53.0609 3312 Initialize success
08:29:53.0609 3312 ============================================================
08:30:01.0481 3968 ============================================================
08:30:01.0481 3968 Scan started
08:30:01.0481 3968 Mode: Manual;
08:30:01.0481 3968 ============================================================
08:30:01.0960 3968 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:30:01.0965 3968 1394ohci - ok
08:30:02.0046 3968 38931270 (a76e27c387a1309564349992ea5462c0) C:\Windows\system32\drivers\27232243.sys
08:30:02.0049 3968 38931270 - ok
08:30:02.0082 3968 53521978 (a76e27c387a1309564349992ea5462c0) C:\Windows\system32\drivers\67754965.sys
08:30:02.0085 3968 53521978 - ok
08:30:02.0117 3968 72012792 (a76e27c387a1309564349992ea5462c0) C:\Windows\system32\drivers\20143216.sys
08:30:02.0121 3968 72012792 - ok
08:30:02.0186 3968 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:30:02.0201 3968 ACPI - ok
08:30:02.0241 3968 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:30:02.0243 3968 AcpiPmi - ok
08:30:02.0392 3968 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:30:02.0395 3968 AdobeARMservice - ok
08:30:02.0462 3968 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:30:02.0484 3968 adp94xx - ok
08:30:02.0533 3968 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:30:02.0548 3968 adpahci - ok
08:30:02.0573 3968 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:30:02.0577 3968 adpu320 - ok
08:30:02.0659 3968 ADSMService (c0bf554d2277f7a4c735d475ade2e3b2) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
08:30:02.0661 3968 ADSMService - ok
08:30:02.0699 3968 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:30:02.0702 3968 AeLookupSvc - ok
08:30:02.0746 3968 AFBAgent (2d00d3dadc1d3326ba788eb071f2726e) C:\Windows\system32\FBAgent.exe
08:30:02.0770 3968 AFBAgent - ok
08:30:02.0854 3968 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:30:02.0876 3968 AFD - ok
08:30:02.0946 3968 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:30:02.0948 3968 agp440 - ok
08:30:02.0974 3968 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:30:02.0978 3968 ALG - ok
08:30:03.0014 3968 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:30:03.0017 3968 aliide - ok
08:30:03.0036 3968 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:30:03.0038 3968 amdide - ok
08:30:03.0068 3968 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:30:03.0071 3968 AmdK8 - ok
08:30:03.0083 3968 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:30:03.0086 3968 AmdPPM - ok
08:30:03.0110 3968 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:30:03.0113 3968 amdsata - ok
08:30:03.0134 3968 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:30:03.0139 3968 amdsbs - ok
08:30:03.0156 3968 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:30:03.0157 3968 amdxata - ok
08:30:03.0193 3968 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
08:30:03.0195 3968 AmUStor - ok
08:30:03.0236 3968 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
08:30:03.0238 3968 androidusb - ok
08:30:03.0305 3968 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:30:03.0307 3968 AppID - ok
08:30:03.0328 3968 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:30:03.0332 3968 AppIDSvc - ok
08:30:03.0379 3968 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:30:03.0383 3968 Appinfo - ok
08:30:03.0458 3968 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:30:03.0461 3968 arc - ok
08:30:03.0475 3968 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:30:03.0478 3968 arcsas - ok
08:30:03.0497 3968 AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys
08:30:03.0499 3968 AsDsm - ok
08:30:03.0579 3968 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
08:30:03.0581 3968 ASLDRService - ok
08:30:03.0626 3968 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
08:30:03.0627 3968 ASMMAP64 - ok
08:30:03.0701 3968 aswFsBlk (c7c69ed14a7ddecaf58e3dfd1fca6d37) C:\Windows\system32\drivers\aswFsBlk.sys
08:30:03.0702 3968 aswFsBlk - ok
08:30:03.0754 3968 aswMonFlt (ad5276449159ba8d5206c6094c764249) C:\Windows\system32\drivers\aswMonFlt.sys
08:30:03.0755 3968 aswMonFlt - ok
08:30:03.0825 3968 aswRdr (1e5ca4c89227df49c5fc779e7848ae8b) C:\Windows\System32\Drivers\aswrdr2.sys
08:30:03.0826 3968 aswRdr - ok
08:30:03.0875 3968 aswSnx (45ad1ed2a0ccd582e32b10535f5c42e9) C:\Windows\system32\drivers\aswSnx.sys
08:30:03.0882 3968 aswSnx - ok
08:30:03.0926 3968 aswSP (06fd751c1b15734e57df09614602be66) C:\Windows\system32\drivers\aswSP.sys
08:30:03.0928 3968 aswSP - ok
08:30:03.0967 3968 aswTdi (bf670f65762ff8da7615d7b80914c0f8) C:\Windows\system32\drivers\aswTdi.sys
08:30:03.0968 3968 aswTdi - ok
08:30:03.0998 3968 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:30:04.0000 3968 AsyncMac - ok
08:30:04.0035 3968 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:30:04.0036 3968 atapi - ok
08:30:04.0116 3968 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
08:30:04.0168 3968 athr - ok
08:30:04.0271 3968 ATKGFNEXSrv (63f1212ffe13e62ca1e8d8ee19abd9a7) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
08:30:04.0274 3968 ATKGFNEXSrv - ok
08:30:04.0437 3968 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:30:04.0466 3968 AudioEndpointBuilder - ok
08:30:04.0481 3968 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:30:04.0487 3968 AudioSrv - ok
08:30:04.0598 3968 avast! Antivirus (a45aa986d9490a4e5b87563d9cd7b175) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:30:04.0600 3968 avast! Antivirus - ok
08:30:04.0667 3968 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:30:04.0671 3968 AxInstSV - ok
08:30:04.0754 3968 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:30:04.0777 3968 b06bdrv - ok
08:30:04.0822 3968 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:30:04.0838 3968 b57nd60a - ok
08:30:04.0881 3968 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:30:04.0885 3968 BDESVC - ok
08:30:04.0918 3968 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:30:04.0921 3968 Beep - ok
08:30:04.0990 3968 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
08:30:05.0042 3968 BITS - ok
08:30:05.0083 3968 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:30:05.0086 3968 blbdrive - ok
08:30:05.0149 3968 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:30:05.0152 3968 bowser - ok
08:30:05.0170 3968 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:30:05.0172 3968 BrFiltLo - ok
08:30:05.0194 3968 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:30:05.0204 3968 BrFiltUp - ok
08:30:05.0263 3968 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:30:05.0266 3968 BridgeMP - ok
08:30:05.0313 3968 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:30:05.0318 3968 Browser - ok
08:30:05.0346 3968 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:30:05.0362 3968 Brserid - ok
08:30:05.0392 3968 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:30:05.0394 3968 BrSerWdm - ok
08:30:05.0417 3968 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:30:05.0420 3968 BrUsbMdm - ok
08:30:05.0437 3968 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:30:05.0439 3968 BrUsbSer - ok
08:30:05.0482 3968 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:30:05.0484 3968 BTHMODEM - ok
08:30:05.0522 3968 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:30:05.0526 3968 bthserv - ok
08:30:05.0548 3968 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:30:05.0552 3968 cdfs - ok
08:30:05.0608 3968 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:30:05.0612 3968 cdrom - ok
08:30:05.0671 3968 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:30:05.0675 3968 CertPropSvc - ok
08:30:05.0717 3968 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:30:05.0720 3968 circlass - ok
08:30:05.0768 3968 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:30:05.0781 3968 CLFS - ok
08:30:05.0847 3968 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:30:05.0873 3968 clr_optimization_v2.0.50727_32 - ok
08:30:05.0919 3968 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:30:05.0946 3968 clr_optimization_v2.0.50727_64 - ok
08:30:06.0044 3968 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:30:06.0084 3968 clr_optimization_v4.0.30319_32 - ok
08:30:06.0112 3968 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:30:06.0136 3968 clr_optimization_v4.0.30319_64 - ok
08:30:06.0174 3968 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:30:06.0176 3968 CmBatt - ok
08:30:06.0226 3968 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:30:06.0228 3968 cmdide - ok
08:30:06.0287 3968 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:30:06.0306 3968 CNG - ok
08:30:06.0350 3968 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:30:06.0352 3968 Compbatt - ok
08:30:06.0402 3968 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:30:06.0405 3968 CompositeBus - ok
08:30:06.0418 3968 COMSysApp - ok
08:30:06.0438 3968 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:30:06.0440 3968 crcdisk - ok
08:30:06.0499 3968 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
08:30:06.0504 3968 CryptSvc - ok
08:30:06.0589 3968 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:30:06.0623 3968 DcomLaunch - ok
08:30:06.0659 3968 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:30:06.0675 3968 defragsvc - ok
08:30:06.0718 3968 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:30:06.0721 3968 DfsC - ok
08:30:06.0790 3968 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:30:06.0805 3968 Dhcp - ok
08:30:06.0831 3968 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:30:06.0833 3968 discache - ok
08:30:06.0862 3968 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:30:06.0864 3968 Disk - ok
08:30:06.0919 3968 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:30:06.0925 3968 Dnscache - ok
08:30:06.0986 3968 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:30:07.0002 3968 dot3svc - ok
08:30:07.0067 3968 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
08:30:07.0071 3968 Dot4 - ok
08:30:07.0134 3968 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
08:30:07.0136 3968 Dot4Print - ok
08:30:07.0155 3968 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
08:30:07.0158 3968 dot4usb - ok
08:30:07.0207 3968 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:30:07.0213 3968 DPS - ok
08:30:07.0241 3968 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:30:07.0242 3968 drmkaud - ok
08:30:07.0325 3968 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:30:07.0334 3968 DXGKrnl - ok
08:30:07.0368 3968 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:30:07.0373 3968 EapHost - ok
08:30:07.0405 3968 easytether (1e8d0e318d3f17b2eaaf993db20c76f0) C:\Windows\system32\DRIVERS\easytthr.sys
08:30:07.0406 3968 easytether - ok
08:30:07.0565 3968 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:30:07.0659 3968 ebdrv - ok
08:30:07.0779 3968 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:30:07.0786 3968 EFS - ok
08:30:07.0870 3968 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:30:07.0910 3968 ehRecvr - ok
08:30:07.0952 3968 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:30:07.0955 3968 ehSched - ok
08:30:08.0029 3968 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:30:08.0050 3968 elxstor - ok
08:30:08.0088 3968 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:30:08.0090 3968 ErrDev - ok
08:30:08.0139 3968 ETD (3c38648375b7f3988691f53a7aae10a9) C:\Windows\system32\DRIVERS\ETD.sys
08:30:08.0142 3968 ETD - ok
08:30:08.0184 3968 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:30:08.0208 3968 EventSystem - ok
08:30:08.0243 3968 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:30:08.0248 3968 exfat - ok
08:30:08.0276 3968 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:30:08.0280 3968 fastfat - ok
08:30:08.0363 3968 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:30:08.0402 3968 Fax - ok
08:30:08.0433 3968 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:30:08.0436 3968 fdc - ok
08:30:08.0459 3968 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:30:08.0463 3968 fdPHost - ok
08:30:08.0478 3968 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:30:08.0483 3968 FDResPub - ok
08:30:08.0509 3968 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:30:08.0512 3968 FileInfo - ok
08:30:08.0525 3968 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:30:08.0528 3968 Filetrace - ok
08:30:08.0656 3968 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:30:08.0697 3968 FLEXnet Licensing Service - ok
08:30:08.0733 3968 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:30:08.0736 3968 flpydisk - ok
08:30:08.0797 3968 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:30:08.0812 3968 FltMgr - ok
08:30:08.0892 3968 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:30:08.0945 3968 FontCache - ok
08:30:09.0018 3968 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:30:09.0022 3968 FontCache3.0.0.0 - ok
08:30:09.0084 3968 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:30:09.0087 3968 FsDepends - ok
08:30:09.0131 3968 fssfltr (5814011b2f6e088e29d689b5fcd49b8f) C:\Windows\system32\DRIVERS\fssfltr.sys
08:30:09.0134 3968 fssfltr - ok
08:30:09.0237 3968 fsssvc (f6717211c1ec2cddaa81b97b0727c2e9) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
08:30:09.0259 3968 fsssvc - ok
08:30:09.0302 3968 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:30:09.0303 3968 Fs_Rec - ok
08:30:09.0321 3968 FTSvc - ok
08:30:09.0383 3968 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:30:09.0388 3968 fvevol - ok
08:30:09.0406 3968 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:30:09.0408 3968 gagp30kx - ok
08:30:09.0474 3968 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:30:09.0518 3968 gpsvc - ok
08:30:09.0536 3968 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:30:09.0538 3968 hcw85cir - ok
08:30:09.0599 3968 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:30:09.0612 3968 HdAudAddService - ok
08:30:09.0643 3968 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:30:09.0646 3968 HDAudBus - ok
08:30:09.0668 3968 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:30:09.0671 3968 HidBatt - ok
08:30:09.0693 3968 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:30:09.0697 3968 HidBth - ok
08:30:09.0714 3968 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:30:09.0717 3968 HidIr - ok
08:30:09.0734 3968 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
08:30:09.0740 3968 hidserv - ok
08:30:09.0759 3968 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
08:30:09.0761 3968 HidUsb - ok
08:30:09.0815 3968 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:30:09.0823 3968 hkmsvc - ok
08:30:09.0838 3968 hkmsvc32 - ok
08:30:09.0886 3968 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:30:09.0902 3968 HomeGroupListener - ok
08:30:09.0953 3968 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:30:09.0970 3968 HomeGroupProvider - ok
08:30:10.0100 3968 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
08:30:10.0102 3968 hpqcxs08 - ok
08:30:10.0164 3968 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
08:30:10.0166 3968 hpqddsvc - ok
08:30:10.0205 3968 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:30:10.0208 3968 HpSAMD - ok
08:30:10.0318 3968 HPSLPSVC (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
08:30:10.0369 3968 HPSLPSVC - ok
08:30:10.0434 3968 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:30:10.0470 3968 HTTP - ok
08:30:10.0511 3968 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:30:10.0512 3968 hwpolicy - ok
08:30:10.0595 3968 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
08:30:10.0617 3968 i8042prt - ok
08:30:10.0665 3968 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
08:30:10.0669 3968 iaStor - ok
08:30:10.0750 3968 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:30:10.0769 3968 iaStorV - ok
08:30:10.0881 3968 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:30:10.0920 3968 idsvc - ok
08:30:11.0381 3968 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
08:30:11.0603 3968 igfx - ok
08:30:11.0752 3968 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:30:11.0755 3968 iirsp - ok
08:30:11.0834 3968 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:30:11.0873 3968 IKEEXT - ok
08:30:11.0924 3968 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:30:11.0927 3968 intelide - ok
08:30:11.0959 3968 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:30:11.0960 3968 intelppm - ok
08:30:11.0985 3968 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:30:11.0993 3968 IPBusEnum - ok
08:30:12.0033 3968 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:30:12.0036 3968 IpFilterDriver - ok
08:30:12.0092 3968 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:30:12.0135 3968 iphlpsvc - ok
08:30:12.0178 3968 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:30:12.0181 3968 IPMIDRV - ok
08:30:12.0222 3968 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:30:12.0226 3968 IPNAT - ok
08:30:12.0257 3968 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:30:12.0260 3968 IRENUM - ok
08:30:12.0274 3968 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:30:12.0277 3968 isapnp - ok
08:30:12.0310 3968 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:30:12.0325 3968 iScsiPrt - ok
08:30:12.0339 3968 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
08:30:12.0341 3968 kbdclass - ok
08:30:12.0367 3968 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:30:12.0369 3968 kbdhid - ok
08:30:12.0407 3968 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
08:30:12.0408 3968 kbfiltr - ok
08:30:12.0445 3968 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:30:12.0450 3968 KeyIso - ok
08:30:12.0465 3968 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:30:12.0468 3968 KSecDD - ok
08:30:12.0493 3968 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:30:12.0497 3968 KSecPkg - ok
08:30:12.0529 3968 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:30:12.0531 3968 ksthunk - ok
08:30:12.0582 3968 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:30:12.0607 3968 KtmRm - ok
08:30:12.0641 3968 L1E (b8e670d7ef61615fa03104552854fac9) C:\Windows\system32\DRIVERS\L1E62x64.sys
08:30:12.0644 3968 L1E - ok
08:30:12.0713 3968 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
08:30:12.0737 3968 LanmanServer - ok
08:30:12.0781 3968 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:30:12.0801 3968 LanmanWorkstation - ok
08:30:12.0828 3968 Lavasoft Kernexplorer - ok
08:30:12.0887 3968 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
08:30:12.0890 3968 Lbd - ok
08:30:12.0942 3968 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:30:12.0945 3968 lltdio - ok
08:30:12.0995 3968 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:30:13.0010 3968 lltdsvc - ok
08:30:13.0033 3968 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:30:13.0040 3968 lmhosts - ok
08:30:13.0098 3968 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:30:13.0101 3968 LSI_FC - ok
08:30:13.0120 3968 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:30:13.0125 3968 LSI_SAS - ok
08:30:13.0148 3968 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:30:13.0151 3968 LSI_SAS2 - ok
08:30:13.0168 3968 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:30:13.0172 3968 LSI_SCSI - ok
08:30:13.0197 3968 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:30:13.0200 3968 luafv - ok
08:30:13.0221 3968 lullaby (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys
08:30:13.0222 3968 lullaby - ok
08:30:13.0263 3968 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:30:13.0270 3968 Mcx2Svc - ok
08:30:13.0286 3968 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:30:13.0289 3968 megasas - ok
08:30:13.0315 3968 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:30:13.0330 3968 MegaSR - ok
08:30:13.0353 3968 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:30:13.0360 3968 MMCSS - ok
08:30:13.0372 3968 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:30:13.0374 3968 Modem - ok
08:30:13.0403 3968 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:30:13.0404 3968 monitor - ok
08:30:13.0448 3968 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:30:13.0450 3968 mouclass - ok
08:30:13.0473 3968 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:30:13.0476 3968 mouhid - ok
08:30:13.0518 3968 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:30:13.0521 3968 mountmgr - ok
08:30:13.0608 3968 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:30:13.0611 3968 MozillaMaintenance - ok
08:30:13.0654 3968 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:30:13.0658 3968 mpio - ok
08:30:13.0678 3968 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:30:13.0681 3968 mpsdrv - ok
08:30:13.0742 3968 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:30:13.0747 3968 MRxDAV - ok
08:30:13.0787 3968 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:30:13.0792 3968 mrxsmb - ok
08:30:13.0847 3968 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:30:13.0863 3968 mrxsmb10 - ok
08:30:13.0879 3968 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:30:13.0883 3968 mrxsmb20 - ok
08:30:13.0930 3968 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:30:13.0931 3968 msahci - ok
08:30:13.0953 3968 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:30:13.0957 3968 msdsm - ok
08:30:13.0992 3968 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:30:14.0001 3968 MSDTC - ok
08:30:14.0028 3968 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:30:14.0031 3968 Msfs - ok
08:30:14.0044 3968 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:30:14.0047 3968 mshidkmdf - ok
08:30:14.0089 3968 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:30:14.0090 3968 msisadrv - ok
08:30:14.0126 3968 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:30:14.0134 3968 MSiSCSI - ok
08:30:14.0139 3968 msiserver - ok
08:30:14.0162 3968 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:30:14.0164 3968 MSKSSRV - ok
08:30:14.0176 3968 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:30:14.0179 3968 MSPCLOCK - ok
08:30:14.0192 3968 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:30:14.0196 3968 MSPQM - ok
08:30:14.0252 3968 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:30:14.0266 3968 MsRPC - ok
08:30:14.0313 3968 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:30:14.0314 3968 mssmbios - ok
08:30:14.0336 3968 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:30:14.0339 3968 MSTEE - ok
08:30:14.0357 3968 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:30:14.0361 3968 MTConfig - ok
08:30:14.0401 3968 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
08:30:14.0402 3968 MTsensor - ok
08:30:14.0433 3968 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:30:14.0435 3968 Mup - ok
08:30:14.0484 3968 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:30:14.0518 3968 napagent - ok
08:30:14.0563 3968 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:30:14.0578 3968 NativeWifiP - ok
08:30:14.0642 3968 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:30:14.0675 3968 NDIS - ok
08:30:14.0714 3968 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:30:14.0716 3968 NdisCap - ok
08:30:14.0730 3968 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:30:14.0733 3968 NdisTapi - ok
08:30:14.0783 3968 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:30:14.0786 3968 Ndisuio - ok
08:30:14.0827 3968 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:30:14.0831 3968 NdisWan - ok
08:30:14.0874 3968 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:30:14.0877 3968 NDProxy - ok
08:30:14.0935 3968 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
08:30:14.0939 3968 Net Driver HPZ12 - ok
08:30:14.0965 3968 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:30:14.0967 3968 NetBIOS - ok
08:30:15.0017 3968 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:30:15.0022 3968 NetBT - ok
08:30:15.0054 3968 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:30:15.0060 3968 Netlogon - ok
08:30:15.0107 3968 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:30:15.0133 3968 Netman - ok
08:30:15.0170 3968 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:30:15.0193 3968 netprofm - ok
08:30:15.0253 3968 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:30:15.0257 3968 NetTcpPortSharing - ok
08:30:15.0294 3968 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:30:15.0296 3968 nfrd960 - ok
08:30:15.0357 3968 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:30:15.0383 3968 NlaSvc - ok
08:30:15.0485 3968 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
08:30:15.0488 3968 NMSAccess - ok
08:30:15.0521 3968 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:30:15.0524 3968 Npfs - ok
08:30:15.0549 3968 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:30:15.0557 3968 nsi - ok
08:30:15.0575 3968 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:30:15.0576 3968 nsiproxy - ok
08:30:15.0686 3968 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:30:15.0740 3968 Ntfs - ok
08:30:15.0840 3968 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:30:15.0842 3968 Null - ok
08:30:15.0884 3968 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:30:15.0888 3968 nvraid - ok
08:30:15.0907 3968 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:30:15.0912 3968 nvstor - ok
08:30:15.0937 3968 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:30:15.0941 3968 nv_agp - ok
08:30:16.0091 3968 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:30:16.0110 3968 odserv - ok
08:30:16.0151 3968 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:30:16.0155 3968 ohci1394 - ok
08:30:16.0206 3968 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:30:16.0210 3968 ose - ok
08:30:16.0262 3968 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:30:16.0287 3968 p2pimsvc - ok
08:30:16.0330 3968 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:30:16.0364 3968 p2psvc - ok
08:30:16.0396 3968 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:30:16.0400 3968 Parport - ok
08:30:16.0450 3968 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
08:30:16.0453 3968 partmgr - ok
08:30:16.0479 3968 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:30:16.0506 3968 PcaSvc - ok
08:30:16.0553 3968 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:30:16.0557 3968 pci - ok
08:30:16.0575 3968 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:30:16.0576 3968 pciide - ok
08:30:16.0607 3968 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:30:16.0612 3968 pcmcia - ok
08:30:16.0632 3968 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:30:16.0634 3968 pcw - ok
08:30:16.0674 3968 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:30:16.0692 3968 PEAUTH - ok
08:30:16.0757 3968 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:30:16.0765 3968 PerfHost - ok
08:30:16.0868 3968 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:30:16.0928 3968 pla - ok
08:30:17.0011 3968 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:30:17.0035 3968 PlugPlay - ok
08:30:17.0087 3968 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
08:30:17.0091 3968 Pml Driver HPZ12 - ok
08:30:17.0116 3968 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:30:17.0125 3968 PNRPAutoReg - ok
08:30:17.0154 3968 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:30:17.0163 3968 PNRPsvc - ok
08:30:17.0225 3968 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:30:17.0258 3968 PolicyAgent - ok
08:30:17.0299 3968 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:30:17.0316 3968 Power - ok
08:30:17.0408 3968 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:30:17.0412 3968 PptpMiniport - ok
08:30:17.0439 3968 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:30:17.0442 3968 Processor - ok
08:30:17.0479 3968 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
08:30:17.0489 3968 ProfSvc - ok
08:30:17.0519 3968 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:30:17.0524 3968 ProtectedStorage - ok
08:30:17.0588 3968 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:30:17.0591 3968 Psched - ok
08:30:17.0677 3968 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:30:17.0740 3968 ql2300 - ok
08:30:17.0864 3968 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:30:17.0868 3968 ql40xx - ok
08:30:17.0903 3968 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:30:17.0926 3968 QWAVE - ok
08:30:17.0949 3968 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:30:17.0952 3968 QWAVEdrv - ok
08:30:17.0974 3968 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:30:17.0978 3968 RasAcd - ok
08:30:18.0018 3968 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:30:18.0021 3968 RasAgileVpn - ok
08:30:18.0035 3968 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:30:18.0045 3968 RasAuto - ok
08:30:18.0100 3968 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:30:18.0104 3968 Rasl2tp - ok
08:30:18.0162 3968 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:30:18.0187 3968 RasMan - ok
08:30:18.0217 3968 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:30:18.0221 3968 RasPppoe - ok
08:30:18.0233 3968 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:30:18.0236 3968 RasSstp - ok
08:30:18.0282 3968 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:30:18.0297 3968 rdbss - ok
08:30:18.0312 3968 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:30:18.0316 3968 rdpbus - ok
08:30:18.0334 3968 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:30:18.0335 3968 RDPCDD - ok
08:30:18.0365 3968 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:30:18.0366 3968 RDPENCDD - ok
08:30:18.0387 3968 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:30:18.0388 3968 RDPREFMP - ok
08:30:18.0437 3968 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
08:30:18.0442 3968 RDPWD - ok
08:30:18.0500 3968 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:30:18.0505 3968 rdyboost - ok
08:30:18.0542 3968 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:30:18.0550 3968 RemoteAccess - ok
08:30:18.0585 3968 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:30:18.0603 3968 RemoteRegistry - ok
08:30:18.0651 3968 RosettaStoneLtdController - ok
08:30:18.0681 3968 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:30:18.0690 3968 RpcEptMapper - ok
08:30:18.0725 3968 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:30:18.0732 3968 RpcLocator - ok
08:30:18.0793 3968 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:30:18.0804 3968 RpcSs - ok
08:30:18.0852 3968 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:30:18.0855 3968 rspndr - ok
08:30:18.0894 3968 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:30:18.0900 3968 SamSs - ok
08:30:18.0940 3968 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:30:18.0944 3968 sbp2port - ok
08:30:18.0997 3968 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:30:19.0014 3968 SCardSvr - ok
08:30:19.0057 3968 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:30:19.0060 3968 scfilter - ok
08:30:19.0153 3968 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:30:19.0197 3968 Schedule - ok
08:30:19.0240 3968 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:30:19.0242 3968 SCPolicySvc - ok
08:30:19.0264 3968 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:30:19.0282 3968 SDRSVC - ok
08:30:19.0333 3968 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:30:19.0336 3968 secdrv - ok
08:30:19.0384 3968 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:30:19.0393 3968 seclogon - ok
08:30:19.0421 3968 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
08:30:19.0431 3968 SENS - ok
08:30:19.0450 3968 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:30:19.0460 3968 SensrSvc - ok
08:30:19.0489 3968 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:30:19.0492 3968 Serenum - ok
08:30:19.0528 3968 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:30:19.0532 3968 Serial - ok
08:30:19.0568 3968 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:30:19.0571 3968 sermouse - ok
08:30:19.0630 3968 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:30:19.0649 3968 SessionEnv - ok
08:30:19.0665 3968 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:30:19.0668 3968 sffdisk - ok
08:30:19.0685 3968 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:30:19.0688 3968 sffp_mmc - ok
08:30:19.0705 3968 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:30:19.0708 3968 sffp_sd - ok
08:30:19.0734 3968 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:30:19.0737 3968 sfloppy - ok
08:30:19.0789 3968 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
08:30:19.0815 3968 SharedAccess - ok
08:30:19.0865 3968 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:30:19.0889 3968 ShellHWDetection - ok
08:30:19.0911 3968 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
08:30:19.0914 3968 SiSGbeLH - ok
08:30:19.0947 3968 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:30:19.0950 3968 SiSRaid2 - ok
08:30:19.0969 3968 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:30:19.0972 3968 SiSRaid4 - ok
08:30:19.0995 3968 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:30:19.0998 3968 Smb - ok
08:30:20.0046 3968 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:30:20.0055 3968 SNMPTRAP - ok
08:30:20.0176 3968 SNP2UVC (f06a6de8438f7446bff9e61f31356521) C:\Windows\system32\DRIVERS\snp2uvc.sys
08:30:20.0236 3968 SNP2UVC - ok
08:30:20.0353 3968 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:30:20.0354 3968 spldr - ok
08:30:20.0423 3968 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:30:20.0454 3968 Spooler - ok
08:30:20.0632 3968 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:30:20.0721 3968 sppsvc - ok
08:30:20.0821 3968 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:30:20.0832 3968 sppuinotify - ok
08:30:20.0889 3968 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:30:20.0911 3968 srv - ok
08:30:20.0942 3968 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:30:20.0963 3968 srv2 - ok
08:30:20.0985 3968 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:30:20.0990 3968 srvnet - ok
08:30:21.0066 3968 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
08:30:21.0068 3968 ssadbus - ok
08:30:21.0114 3968 ssadmdfl (f7936ac6e8437e10e1ae488ce21f3086) C:\Windows\system32\DRIVERS\ssadmdfl.sys
08:30:21.0116 3968 ssadmdfl - ok
08:30:21.0161 3968 ssadmdm (1fe033372a58c67b3ecca903fc637b36) C:\Windows\system32\DRIVERS\ssadmdm.sys
08:30:21.0164 3968 ssadmdm - ok
08:30:21.0203 3968 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:30:21.0221 3968 SSDPSRV - ok
08:30:21.0242 3968 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:30:21.0253 3968 SstpSvc - ok
08:30:21.0339 3968 Steam Client Service - ok
08:30:21.0380 3968 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:30:21.0382 3968 stexstor - ok
08:30:21.0464 3968 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:30:21.0495 3968 stisvc - ok
08:30:21.0535 3968 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:30:21.0536 3968 swenum - ok
08:30:21.0655 3968 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
08:30:21.0677 3968 SwitchBoard - ok
08:30:21.0726 3968 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:30:21.0759 3968 swprv - ok
08:30:21.0871 3968 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:30:21.0935 3968 SysMain - ok
08:30:22.0052 3968 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:30:22.0072 3968 TabletInputService - ok
08:30:22.0128 3968 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:30:22.0153 3968 TapiSrv - ok
08:30:22.0190 3968 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:30:22.0200 3968 TBS - ok
08:30:22.0352 3968 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
08:30:22.0412 3968 Tcpip - ok
08:30:22.0562 3968 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
08:30:22.0575 3968 TCPIP6 - ok
08:30:22.0667 3968 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:30:22.0670 3968 tcpipreg - ok
08:30:22.0714 3968 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:30:22.0717 3968 TDPIPE - ok
08:30:22.0751 3968 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:30:22.0753 3968 TDTCP - ok
08:30:22.0796 3968 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:30:22.0800 3968 tdx - ok
08:30:22.0843 3968 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:30:22.0845 3968 TermDD - ok
08:30:22.0884 3968 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:30:22.0924 3968 TermService - ok
08:30:22.0967 3968 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:30:22.0976 3968 Themes - ok
08:30:22.0994 3968 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:30:22.0999 3968 THREADORDER - ok
08:30:23.0037 3968 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:30:23.0048 3968 TrkWks - ok
08:30:23.0118 3968 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:30:23.0147 3968 TrustedInstaller - ok
08:30:23.0198 3968 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:30:23.0201 3968 tssecsrv - ok
08:30:23.0251 3968 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:30:23.0255 3968 TsUsbFlt - ok
08:30:23.0314 3968 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:30:23.0317 3968 tunnel - ok
08:30:23.0346 3968 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:30:23.0349 3968 uagp35 - ok
08:30:23.0396 3968 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:30:23.0410 3968 udfs - ok
08:30:23.0435 3968 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:30:23.0446 3968 UI0Detect - ok
08:30:23.0488 3968 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:30:23.0491 3968 uliagpkx - ok
08:30:23.0523 3968 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
08:30:23.0526 3968 umbus - ok
08:30:23.0556 3968 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:30:23.0558 3968 UmPass - ok
08:30:23.0586 3968 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:30:23.0611 3968 upnphost - ok
08:30:23.0627 3968 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:30:23.0630 3968 usbccgp - ok
08:30:23.0654 3968 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:30:23.0658 3968 usbcir - ok
08:30:23.0681 3968 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:30:23.0684 3968 usbehci - ok
08:30:23.0724 3968 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:30:23.0738 3968 usbhub - ok
08:30:23.0759 3968 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
08:30:23.0762 3968 usbohci - ok
08:30:23.0784 3968 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:30:23.0787 3968 usbprint - ok
08:30:23.0835 3968 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:30:23.0839 3968 usbscan - ok
08:30:23.0854 3968 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:30:23.0858 3968 USBSTOR - ok
08:30:23.0901 3968 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
08:30:23.0904 3968 usbuhci - ok
08:30:23.0969 3968 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
08:30:23.0974 3968 usbvideo - ok
08:30:24.0004 3968 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:30:24.0015 3968 UxSms - ok
08:30:24.0045 3968 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:30:24.0051 3968 VaultSvc - ok
08:30:24.0117 3968 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:30:24.0119 3968 vdrvroot - ok
08:30:24.0182 3968 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:30:24.0225 3968 vds - ok
08:30:24.0263 3968 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:30:24.0266 3968 vga - ok
08:30:24.0286 3968 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:30:24.0289 3968 VgaSave - ok
08:30:24.0340 3968 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:30:24.0346 3968 vhdmp - ok
08:30:24.0445 3968 VIAHdAudAddService (fe595d1a1b781190bb483444b62cc607) C:\Windows\system32\drivers\viahduaa.sys
08:30:24.0493 3968 VIAHdAudAddService - ok
08:30:24.0533 3968 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:30:24.0535 3968 viaide - ok
08:30:24.0551 3968 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:30:24.0554 3968 volmgr - ok
08:30:24.0609 3968 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:30:24.0623 3968 volmgrx - ok
08:30:24.0654 3968 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:30:24.0668 3968 volsnap - ok
08:30:24.0698 3968 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:30:24.0702 3968 vsmraid - ok
08:30:24.0805 3968 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:30:24.0864 3968 VSS - ok
08:30:24.0966 3968 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:30:24.0969 3968 vwifibus - ok
08:30:24.0991 3968 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:30:24.0994 3968 vwififlt - ok
08:30:25.0046 3968 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:30:25.0070 3968 W32Time - ok
08:30:25.0089 3968 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:30:25.0092 3968 WacomPen - ok
08:30:25.0152 3968 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:30:25.0156 3968 WANARP - ok
08:30:25.0161 3968 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:30:25.0164 3968 Wanarpv6 - ok
08:30:25.0260 3968 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
08:30:25.0312 3968 WatAdminSvc - ok
08:30:25.0414 3968 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:30:25.0480 3968 wbengine - ok
08:30:25.0570 3968 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:30:25.0587 3968 WbioSrvc - ok
08:30:25.0648 3968 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:30:25.0674 3968 wcncsvc - ok
08:30:25.0699 3968 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:30:25.0710 3968 WcsPlugInService - ok
08:30:25.0752 3968 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:30:25.0755 3968 Wd - ok
08:30:25.0803 3968 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:30:25.0843 3968 Wdf01000 - ok
08:30:25.0865 3968 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:30:25.0885 3968 WdiServiceHost - ok
08:30:25.0889 3968 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:30:25.0899 3968 WdiSystemHost - ok
08:30:25.0959 3968 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:30:25.0986 3968 WebClient - ok
08:30:26.0023 3968 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:30:26.0046 3968 Wecsvc - ok
08:30:26.0063 3968 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:30:26.0083 3968 wercplsupport - ok
08:30:26.0119 3968 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:30:26.0139 3968 WerSvc - ok
08:30:26.0197 3968 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:30:26.0200 3968 WfpLwf - ok
08:30:26.0231 3968 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
08:30:26.0236 3968 WimFltr - ok
08:30:26.0248 3968 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:30:26.0251 3968 WIMMount - ok
08:30:26.0306 3968 WinDefend - ok
08:30:26.0316 3968 WinHttpAutoProxySvc - ok
08:30:26.0370 3968 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:30:26.0408 3968 Winmgmt - ok
08:30:26.0525 3968 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:30:26.0604 3968 WinRM - ok
08:30:26.0772 3968 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:30:26.0775 3968 WinUsb - ok
08:30:26.0838 3968 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:30:26.0917 3968 Wlansvc - ok
08:30:27.0130 3968 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:30:27.0195 3968 wlidsvc - ok
08:30:27.0302 3968 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:30:27.0305 3968 WmiAcpi - ok
08:30:27.0358 3968 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:30:27.0363 3968 wmiApSrv - ok
08:30:27.0411 3968 WMPNetworkSvc - ok
08:30:27.0434 3968 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:30:27.0446 3968 WPCSvc - ok
08:30:27.0495 3968 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:30:27.0514 3968 WPDBusEnum - ok
08:30:27.0537 3968 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:30:27.0538 3968 ws2ifsl - ok
08:30:27.0612 3968 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
08:30:27.0631 3968 wscsvc - ok
08:30:27.0636 3968 WSearch - ok
08:30:27.0780 3968 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
08:30:27.0864 3968 wuauserv - ok
08:30:28.0007 3968 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:30:28.0010 3968 WudfPf - ok
08:30:28.0049 3968 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:30:28.0054 3968 WUDFRd - ok
08:30:28.0095 3968 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:30:28.0115 3968 wudfsvc - ok
08:30:28.0154 3968 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:30:28.0182 3968 WwanSvc - ok
08:30:28.0223 3968 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
08:30:28.0507 3968 \Device\Harddisk0\DR0 - ok
08:30:28.0518 3968 Boot (0x1200) (9e0cd5f24f46a65975854d3365420c1f) \Device\Harddisk0\DR0\Partition0
08:30:28.0521 3968 \Device\Harddisk0\DR0\Partition0 - ok
08:30:28.0521 3968 ============================================================
08:30:28.0521 3968 Scan finished
08:30:28.0521 3968 ============================================================
08:30:28.0542 1892 Detected object count: 0
08:30:28.0542 1892 Actual detected object count: 0

Next is the aswMBR file -

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-28 08:32:41
-----------------------------
08:32:41.303 OS Version: Windows x64 6.1.7601 Service Pack 1
08:32:41.303 Number of processors: 2 586 0x170A
08:32:41.304 ComputerName: DOGFISH1980-PC UserName: Dogfish1980
08:32:42.923 Initialize success
08:32:43.080 AVAST engine defs: 12052800
08:32:53.042 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:32:53.046 Disk 0 Vendor: ST950032 0002 Size: 476940MB BusType: 3
08:32:53.115 Disk 0 MBR read successfully
08:32:53.119 Disk 0 MBR scan
08:32:53.124 Disk 0 Windows VISTA default MBR code
08:32:53.139 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 14997 MB offset 2048
08:32:53.157 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 461940 MB offset 30716280
08:32:53.171 Disk 0 scanning C:\Windows\system32\drivers
08:33:05.652 Service scanning
08:33:26.423 Modules scanning
08:33:26.434 Disk 0 trace - called modules:
08:33:26.495 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys
08:33:26.501 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c08060]
08:33:26.852 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80046a6040]
08:33:26.860 5 ACPI.sys[fffff88000f9f7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046ac050]
08:33:27.763 AVAST engine scan C:\Windows
08:33:31.305 AVAST engine scan C:\Windows\system32
08:36:07.796 AVAST engine scan C:\Windows\system32\drivers
08:36:22.369 AVAST engine scan C:\Users\Dogfish1980
08:39:18.175 Disk 0 MBR has been saved successfully to "C:\Users\Dogfish1980\Desktop\MBR.dat"
08:39:18.188 The log file has been saved successfully to "C:\Users\Dogfish1980\Desktop\aswMBR.txt"

#8 gringo_pr

Bleepin Gringo

Malware Response Team
120,668 posts

Gender:Male
Location:Puerto rico

Posted 28 May 2012 - 10:59 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]

#9 dogfish1980

Member

Members
49 posts

Posted 28 May 2012 - 12:30 PM

Here is the Farbar Recovery log you asked for.

Scan result of Farbar Recovery Scan Tool Version: 25-05-2012
Ran by SYSTEM at 28-05-2012 10:22:44
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-08-31] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [162328 2011-02-11] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2011-02-11] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [417304 2011-02-11] (Intel Corporation)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot [x]
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4031368 2012-02-23] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [217256 2011-07-29] (Visicom Media Inc. (Powered by Panda Security))
HKU\Dogfish1980\...\Run: [Google Update] "C:\Users\Dogfish1980\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-07-04] (Google Inc.)
HKU\Dogfish1980\...\Run: [Active Desktop Calendar] C:\Program Files (x86)\XemiComputers\Active Desktop Calendar\ADC.exe [7608832 2011-11-23] (XemiComputers ltd.)
HKU\Dogfish1980\...\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe" [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) ======

2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-11-09] (ASUS)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-02-23] (AVAST Software)
2 NMSAccess; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
2 FTSvc; "C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe" [x]
2 hkmsvc32; C:\Windows\system32\ole3232.exe [x]
2 RosettaStoneLtdController; "C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe" [x]

========================== Drivers (Whitelisted) =============

3 38931270; C:\Windows\System32\drivers\27232243.sys [111408 2011-12-06] (Kaspersky Lab, GERT)
3 53521978; C:\Windows\System32\drivers\67754965.sys [111408 2011-12-06] (Kaspersky Lab, GERT)
3 72012792; C:\Windows\System32\drivers\20143216.sys [111408 2011-12-06] (Kaspersky Lab, GERT)
3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-02-23] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-02-23] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-11-28] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [817496 2012-02-23] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [335704 2012-02-23] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-02-23] (AVAST Software)
3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [19968 2010-11-20] (Microsoft Corporation)
3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [20752 2011-05-22] (Mobile Stream)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69152 2010-08-12] (Lavasoft AB)
0 lullaby; C:\Windows\System32\Drivers\lullaby.sys [15928 2009-06-18] (Windows ® Win 7 DDK provider)
3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1799680 2009-08-11] ()
3 ssadbus; C:\Windows\System32\Drivers\ssadbus.sys [157672 2011-05-13] (MCCI Corporation)
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
3 tmlwf; [x]
3 tmwfp; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-28 09:11 - 2012-05-28 10:23 - 0000000 ____D C:\FRST
2012-05-28 07:39 - 2012-05-28 07:39 - 0001841 ____A C:\Users\Dogfish1980\Desktop\aswMBR.txt
2012-05-28 07:31 - 2012-05-28 07:31 - 0046696 ____A C:\Users\Dogfish1980\Desktop\tds.docx
2012-05-28 07:29 - 2012-05-28 07:31 - 0126184 ____A C:\TDSSKiller.2.7.38.0_28.05.2012_08.29.51_log.txt
2012-05-28 06:49 - 2012-05-28 06:54 - 0000000 ___SD C:\ComboFix
2012-05-27 20:35 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-05-27 20:35 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-05-27 20:33 - 2012-05-27 20:33 - 0000000 ____D C:\Qoobox
2012-05-27 20:33 - 2011-06-25 22:45 - 0256000 ___RA C:\Windows\PEV.exe
2012-05-27 20:33 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-05-27 20:33 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-05-27 20:33 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-05-27 20:33 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-05-27 20:33 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-05-27 20:32 - 2012-05-27 20:32 - 0001138 ____A C:\Users\Dogfish1980\Desktop\checkup.txt
2012-05-27 19:12 - 2012-05-27 19:12 - 0087428 ____A C:\Users\Dogfish1980\Desktop\ark.log
2012-05-27 18:44 - 2012-05-27 18:44 - 0012093 ____A C:\Users\Dogfish1980\Desktop\Attach.txt
2012-05-27 18:43 - 2012-05-27 18:43 - 0021179 ____A C:\Users\Dogfish1980\Desktop\DDS.txt
2012-05-27 18:36 - 2012-05-27 18:36 - 0000000 ____A C:\Users\Dogfish1980\defogger_reenable
2012-05-27 18:28 - 2012-05-27 18:30 - 0000000 ____D C:\Program Files (x86)\PC Speed Maximizer
2012-05-27 18:27 - 2012-05-28 09:10 - 0000000 ____D C:\Users\All Users\Anti-phishing Domain Advisor
2012-05-27 18:27 - 2012-05-27 18:27 - 0000000 ____D C:\Users\Dogfish1980\AppData\Local\antiphishing-vmninternethelper1_1dn
2012-05-27 18:27 - 2012-05-27 18:27 - 0000000 ____D C:\Program Files (x86)\blekkotb_soc
2012-05-26 17:18 - 2012-05-26 17:18 - 0000000 ____D C:\Users\Dogfish1980\AppData\Roaming\XemiComputers
2012-05-26 17:08 - 2012-05-27 18:27 - 0000000 ____D C:\Users\All Users\blekko toolbars
2012-05-26 17:08 - 2012-05-26 17:13 - 0000000 ____D C:\Users\Dogfish1980\AppData\Local\blekkotb_031
2012-05-26 17:08 - 2012-05-26 17:08 - 5762800 ____A (XemiComputers ) C:\Users\Dogfish1980\Downloads\adc.exe
2012-05-26 17:08 - 2012-05-26 17:08 - 0001249 ____A C:\Users\Dogfish1980\Desktop\Active Desktop Calendar.lnk
2012-05-26 17:08 - 2012-05-26 17:08 - 0000000 ____D C:\Program Files (x86)\XemiComputers
2012-05-19 16:37 - 2012-05-19 16:37 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2012-05-09 16:36 - 2012-03-30 22:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-09 16:36 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-09 16:36 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-09 16:36 - 2012-03-30 19:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-09 16:36 - 2012-03-02 22:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-09 16:36 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-09 16:34 - 2012-03-30 03:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-09 16:34 - 2012-03-16 23:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-03 18:48 - 2012-05-03 18:48 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-03 18:48 - 2012-05-03 18:48 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

============ 3 Months Modified Files and Folders =============

2012-05-28 09:10 - 2012-05-27 18:27 - 0000000 ____D C:\Users\All Users\Anti-phishing Domain Advisor
2012-05-28 09:10 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-28 09:09 - 2010-05-21 11:08 - 3193765888 __ASH C:\hiberfil.sys
2012-05-28 09:09 - 2009-07-13 20:51 - 0110284 ____A C:\Windows\setupact.log
2012-05-28 09:08 - 2010-03-08 06:42 - 1290260 ____A C:\Windows\WindowsUpdate.log
2012-05-28 08:44 - 2011-07-04 20:13 - 0000932 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2661811157-3886790852-175892617-1001UA.job
2012-05-28 08:35 - 2011-12-09 17:34 - 0000350 ____A C:\Windows\Tasks\At20.job
2012-05-28 08:35 - 2011-12-09 17:34 - 0000348 ____A C:\Windows\Tasks\At19.job
2012-05-28 07:39 - 2012-05-28 07:39 - 0001841 ____A C:\Users\Dogfish1980\Desktop\aswMBR.txt
2012-05-28 07:35 - 2011-12-09 17:34 - 0000350 ____A C:\Windows\Tasks\At18.job
2012-05-28 07:35 - 2011-12-09 17:34 - 0000348 ____A C:\Windows\Tasks\At17.job
2012-05-28 07:31 - 2012-05-28 07:31 - 0046696 ____A C:\Users\Dogfish1980\Desktop\tds.docx
2012-05-28 07:31 - 2012-05-28 07:29 - 0126184 ____A C:\TDSSKiller.2.7.38.0_28.05.2012_08.29.51_log.txt
2012-05-28 07:05 - 2009-07-13 20:45 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-28 07:05 - 2009-07-13 20:45 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-28 06:58 - 2010-05-20 21:40 - 0071324 ____A C:\Windows\PFRO.log
2012-05-28 06:57 - 2010-05-20 22:20 - 2740610 ____A C:\Windows\ntbtlog.txt
2012-05-28 06:54 - 2012-05-28 06:49 - 0000000 ___SD C:\ComboFix
2012-05-28 06:26 - 2011-12-09 17:34 - 0000350 ____A C:\Windows\Tasks\At8.job
2012-05-28 06:26 - 2011-12-09 17:34 - 0000350 ____A C:\Windows\Tasks\At48.job
2012-05-28 06:26 - 2011-12-09 17:34 - 0000350 ____A C:\Windows\Tasks\At46.job
2012-05-28 06:26 - 2011-12-09 17:34 - 0000350 ____A C:\Windows\Tasks\At14.job
2012-05-28 06:26 - 2011-12-09 17:34 - 0000350 ____A C:\Windows\Tasks\At12.job
2012-05-28 06:26 - 2011-12-09 17:34 - 0000350 ____A C:\Windows\Tasks\At10.job
2012-05-28 06:26 - 2011-12-09 17:34 - 0000348 ____A C:\Windows\Tasks\At9.job
2012-05-28 06:26 - 2011-12-09 17:34 - 0000348 ____A C:\Windows\Tasks\At7.job
2012-05-28 06:26 - 2011-12-09 17:34 - 0000348 ____A C:\Windows\Tasks\At47.job
2012-05-28 06:26 - 2011-12-09 17:34 - 0000348 ____A C:\Windows\Tasks\At45.job
2012-05-28 06:26 - 2011-12-09 17:34 - 0000348 ____A C:\Windows\Tasks\At13.job
2012-05-28 06:26 - 2011-12-09 17:34 - 0000348 ____A C:\Windows\Tasks\At11.job
2012-05-28 06:26 - 2011-12-09 17:33 - 0000350 ____A C:\Windows\Tasks\At6.job
2012-05-28 06:26 - 2011-12-09 17:33 - 0000350 ____A C:\Windows\Tasks\At4.job
2012-05-28 06:26 - 2011-12-09 17:33 - 0000350 ____A C:\Windows\Tasks\At2.job
2012-05-28 06:26 - 2011-12-09 17:33 - 0000348 ____A C:\Windows\Tasks\At5.job
2012-05-28 06:26 - 2011-12-09 17:33 - 0000348 ____A C:\Windows\Tasks\At3.job
2012-05-28 06:26 - 2011-12-09 17:33 - 0000348 ____A C:\Windows\Tasks\At1.job
2012-05-27 20:35 - 2011-12-09 17:34 - 0000350 ____A C:\Windows\Tasks\At44.job
2012-05-27 20:35 - 2011-12-09 17:34 - 0000348 ____A C:\Windows\Tasks\At43.job
2012-05-27 20:33 - 2012-05-27 20:33 - 0000000 ____D C:\Qoobox
2012-05-27 20:33 - 2011-07-09 14:11 - 0000000 ____D C:\Windows\ERDNT
2012-05-27 20:32 - 2012-05-27 20:32 - 0001138 ____A C:\Users\Dogfish1980\Desktop\checkup.txt
2012-05-27 19:35 - 2011-12-09 17:34 - 0000350 ____A C:\Windows\Tasks\At42.job
2012-05-27 19:35 - 2011-12-09 17:34 - 0000348 ____A C:\Windows\Tasks\At41.job
2012-05-27 19:12 - 2012-05-27 19:12 - 0087428 ____A C:\Users\Dogfish1980\Desktop\ark.log
2012-05-27 18:44 - 2012-05-27 18:44 - 0012093 ____A C:\Users\Dogfish1980\Desktop\Attach.txt
2012-05-27 18:43 - 2012-05-27 18:43 - 0021179 ____A C:\Users\Dogfish1980\Desktop\DDS.txt
2012-05-27 18:36 - 2012-05-27 18:36 - 0000000 ____A C:\Users\Dogfish1980\defogger_reenable
2012-05-27 18:36 - 2010-05-20 19:09 - 0000000 ____D C:\users\Dogfish1980
2012-05-27 18:35 - 2011-12-09 17:34 - 0000350 ____A C:\Windows\Tasks\At40.job
2012-05-27 18:35 - 2011-12-09 17:34 - 0000348 ____A C:\Windows\Tasks\At39.job
2012-05-27 18:30 - 2012-05-27 18:28 - 0000000 ____D C:\Program Files (x86)\PC Speed Maximizer
2012-05-27 18:27 - 2012-05-27 18:27 - 0000000 ____D C:\Users\Dogfish1980\AppData\Local\antiphishing-vmninternethelper1_1dn
2012-05-27 18:27 - 2012-05-27 18:27 - 0000000 ____D C:\Program Files (x86)\blekkotb_soc
2012-05-27 18:27 - 2012-05-26 17:08 - 0000000 ____D C:\Users\All Users\blekko toolbars
2012-05-27 18:27 - 2010-05-20 19:09 - 0000000 ____D C:\Users\Dogfish1980\AppData\LocalLow
2012-05-27 17:35 - 2011-12-09 17:34 - 0000350 ____A C:\Windows\Tasks\At38.job
2012-05-27 17:35 - 2011-12-09 17:34 - 0000348 ____A C:\Windows\Tasks\At37.job
2012-05-27 16:35 - 2011-12-09 17:34 - 0000350 ____A C:\Windows\Tasks\At36.job
2012-05-27 16:35 - 2011-12-09 17:34 - 0000348 ____A C:\Windows\Tasks\At35.job
2012-05-27 15:55 - 2011-12-09 17:34 - 0000350 ____A C:\Windows\Tasks\At34.job
2012-05-27 15:55 - 2011-12-09 17:34 - 0000348 ____A C:\Windows\Tasks\At33.job
2012-05-27 15:55 - 2011-07-04 20:13 - 0000880 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2661811157-3886790852-175892617-1001Core.job
2012-05-27 09:35 - 2011-12-09 17:34 - 0000350 ____A C:\Windows\Tasks\At22.job
2012-05-27 09:35 - 2011-12-09 17:34 - 0000348 ____A C:\Windows\Tasks\At21.job
2012-05-27 09:06 - 2010-03-08 07:11 - 0002432 ____A C:\Windows\System32\AutoRunFilter.ini
2012-05-27 06:35 - 2011-12-09 17:34 - 0000350 ____A C:\Windows\Tasks\At16.job
2012-05-27 06:35 - 2011-12-09 17:34 - 0000348 ____A C:\Windows\Tasks\At15.job
2012-05-26 18:41 - 2012-04-25 14:06 - 0000000 ____D C:\Users\Dogfish1980\AppData\Roaming\MyPhoneExplorer
2012-05-26 17:18 - 2012-05-26 17:18 - 0000000 ____D C:\Users\Dogfish1980\AppData\Roaming\XemiComputers
2012-05-26 17:13 - 2012-05-26 17:08 - 0000000 ____D C:\Users\Dogfish1980\AppData\Local\blekkotb_031
2012-05-26 17:08 - 2012-05-26 17:08 - 5762800 ____A (XemiComputers ) C:\Users\Dogfish1980\Downloads\adc.exe
2012-05-26 17:08 - 2012-05-26 17:08 - 0001249 ____A C:\Users\Dogfish1980\Desktop\Active Desktop Calendar.lnk
2012-05-26 17:08 - 2012-05-26 17:08 - 0000000 ____D C:\Program Files (x86)\XemiComputers
2012-05-26 14:35 - 2011-12-09 17:34 - 0000350 ____A C:\Windows\Tasks\At32.job
2012-05-26 14:35 - 2011-12-09 17:34 - 0000348 ____A C:\Windows\Tasks\At31.job
2012-05-26 13:35 - 2011-12-09 17:34 - 0000350 ____A C:\Windows\Tasks\At30.job
2012-05-26 13:35 - 2011-12-09 17:34 - 0000348 ____A C:\Windows\Tasks\At29.job
2012-05-26 12:35 - 2011-12-09 17:34 - 0000350 ____A C:\Windows\Tasks\At28.job
2012-05-26 12:35 - 2011-12-09 17:34 - 0000348 ____A C:\Windows\Tasks\At27.job
2012-05-26 11:35 - 2011-12-09 17:34 - 0000350 ____A C:\Windows\Tasks\At26.job
2012-05-26 11:35 - 2011-12-09 17:34 - 0000348 ____A C:\Windows\Tasks\At25.job
2012-05-26 10:35 - 2011-12-09 17:34 - 0000350 ____A C:\Windows\Tasks\At24.job
2012-05-26 10:35 - 2011-12-09 17:34 - 0000348 ____A C:\Windows\Tasks\At23.job
2012-05-19 20:03 - 2009-07-13 21:13 - 0730448 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-19 16:37 - 2012-05-19 16:37 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2012-05-10 18:17 - 2010-03-08 07:11 - 0001280 ____A C:\Windows\System32\ServiceFilter.ini
2012-05-10 18:05 - 2009-07-13 20:45 - 4896880 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-10 05:31 - 2010-07-21 18:17 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-10 05:31 - 2010-03-08 06:39 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-10 05:16 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-09 18:48 - 2012-02-05 20:19 - 0001066 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2012-05-09 18:48 - 2012-02-05 20:19 - 0000000 ____D C:\Program Files (x86)\World of Warcraft
2012-05-03 18:48 - 2012-05-03 18:48 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-03 18:48 - 2012-05-03 18:48 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-03 18:48 - 2010-05-20 20:54 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-01 06:15 - 2010-07-28 20:26 - 0000000 ____D C:\Users\Dogfish1980\AppData\Roaming\Azureus
2012-04-25 16:03 - 2010-05-20 21:39 - 0000537 ____A C:\Windows\WININIT.INI
2012-04-25 14:19 - 2012-04-04 06:09 - 0001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-25 14:19 - 2011-07-31 16:11 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-25 14:06 - 2012-04-25 14:06 - 0002059 ____A C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2012-04-25 14:06 - 2012-03-11 08:03 - 0000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2012-04-23 16:21 - 2012-04-23 16:21 - 0770384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2012-04-23 16:21 - 2012-04-23 16:21 - 0421200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2012-04-23 16:21 - 2012-04-23 16:21 - 0138056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\atl100.dll
2012-04-04 14:56 - 2011-07-04 20:09 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-01 09:20 - 2011-07-02 13:05 - 0000000 ____D C:\Users\Dogfish1980\AppData\Local\ElevatedDiagnostics
2012-03-30 22:05 - 2012-05-09 16:36 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-09 16:36 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-09 16:36 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-09 16:36 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-09 16:34 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-16 23:58 - 2012-05-09 16:34 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-11 08:03 - 2012-03-11 08:03 - 0000000 ____D C:\Users\Dogfish1980\AppData\Roaming\DefaultTab
2012-03-11 07:54 - 2010-07-28 20:27 - 0000000 ____D C:\Users\Dogfish1980\Documents\Vuze Downloads
2012-03-02 22:35 - 2012-05-09 16:36 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-02 21:31 - 2012-05-09 16:36 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-29 22:46 - 2012-04-11 06:09 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-04-11 06:09 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-04-11 06:09 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-04-11 06:09 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-04-11 06:09 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-04-11 06:09 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-04-11 06:09 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 4061.09 MB
Available physical RAM: 3507.34 MB
Total Pagefile: 4059.23 MB
Available Pagefile: 3496.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.11 GB) (Free:309.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:0.47 GB) (Free:0.47 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 486 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 1024 KB
Partition 2 Primary 451 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 451 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 486 MB 0 B

======================================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

==========================================================

Last Boot: 2012-05-19 12:41

======================= End Of Log ==========================

#10 gringo_pr

Bleepin Gringo

Malware Response Team
120,668 posts

Gender:Male
Location:Puerto rico

Posted 28 May 2012 - 01:11 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

2 hkmsvc32; C:\Windows\system32\ole3232.exe [x]
CMD: Del /q C:\Windows\Tasks\At*.job

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]

#11 dogfish1980

Member

Members
49 posts

Posted 28 May 2012 - 02:33 PM

Here is the log you requested.

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 25-05-2012
Ran by SYSTEM at 2012-05-28 12:25:52 Run:1
Running from E:\

==============================================

hkmsvc32 service deleted successfully.

========= Del /q C:\Windows\Tasks\At*.job =========

========= End of CMD: =========

==== End of Fixlog ====

#12 gringo_pr

Bleepin Gringo

Malware Response Team
120,668 posts

Gender:Male
Location:Puerto rico

Posted 28 May 2012 - 04:27 PM

Hello

how are things running now?

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened and the that I need posted back here
- Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
Please post the contents of OTL.txt in your next reply.

Gringo

#13 dogfish1980

Member

Members
49 posts

Posted 28 May 2012 - 04:44 PM

Hi

The internet browser is still really bad. It keeps kicking me off websites, popping up errors and redirecting sites.

OTL logfile created on: 5/28/2012 2:33:38 PM - Run 1
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\Dogfish1980\Desktop\Dogfish\Download
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 61.27% Memory free
7.93 Gb Paging File | 6.37 Gb Available in Paging File | 80.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.11 Gb Total Space | 309.18 Gb Free Space | 68.54% Space Free | Partition Type: NTFS
Drive D: | 486.36 Mb Total Space | 484.95 Mb Free Space | 99.71% Space Free | Partition Type: FAT

Computer Name: DOGFISH1980-PC | User Name: Dogfish1980 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dogfish1980\Desktop\Dogfish\Download\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\XemiComputers\Active Desktop Calendar\ADC.exe (XemiComputers ltd.)
PRC - C:\Program Files (x86)\MyPhoneExplorer\MyPhoneExplorer.exe (F.J. Wechselberger)
PRC - C:\Program Files (x86)\MyPhoneExplorer\DLL\adb.exe ()
PRC - C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\XemiComputers\Active Desktop Calendar\MouseHook.dll ()
MOD - C:\Program Files (x86)\MyPhoneExplorer\DLL\adb.exe ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\MyPhoneExplorer\IconLib.dll ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (72012792) -- C:\Windows\SysNative\drivers\20143216.sys (Kaspersky Lab, GERT)
DRV:64bit: - (38931270) -- C:\Windows\SysNative\drivers\27232243.sys (Kaspersky Lab, GERT)
DRV:64bit: - (53521978) -- C:\Windows\SysNative\drivers\67754965.sys (Kaspersky Lab, GERT)
DRV:64bit: - (easytether) -- C:\Windows\SysNative\drivers\easytthr.sys (Mobile Stream)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E1 77 EA 01 B1 36 4B 45 8B 84 19 6F E9 3A FC B8 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E1 77 EA 01 B1 36 4B 45 8B 84 19 6F E9 3A FC B8 [binary data]

IE - HKU\S-1-5-21-2661811157-3886790852-175892617-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-2661811157-3886790852-175892617-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blekkosearch.mystart.com/blekkotb_soc/?source=a545ea26&toolbarid=blekkotb_soc&u=D4ECA4086CB1CA43127A824FC2E27D0F&tbp=homepage&v=2_0
IE - HKU\S-1-5-21-2661811157-3886790852-175892617-1001\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E1 77 EA 01 B1 36 4B 45 8B 84 19 6F E9 3A FC B8 [binary data]
IE - HKU\S-1-5-21-2661811157-3886790852-175892617-1001\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-2661811157-3886790852-175892617-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=VUZTDF&PC=VUZE&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-2661811157-3886790852-175892617-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch.mystart.com/blekkotb_soc/?source=a545ea26&tbp=rbox&toolbarid=blekkotb_soc&u=D4ECA4086CB1CA43127A824FC2E27D0F&q={searchTerms}
IE - HKU\S-1-5-21-2661811157-3886790852-175892617-1001\..\SearchScopes\{93B71502-06EC-4A41-BA2B-98386394ED62}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20110727,6900,0,6,0
IE - HKU\S-1-5-21-2661811157-3886790852-175892617-1001\..\SearchScopes\{E8C138EE-FDEA-44DD-AA65-7C8AA1C1AAA0}: "URL" = http://search.avg.com/route/?d=4dbc65cc&v=6.103.18.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKU\S-1-5-21-2661811157-3886790852-175892617-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Blekko"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=VUZTDF&PC=VUZE&q="
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.selectedEngine: "Blekko"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.3.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..keyword.URL: "http://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_soc&u=USERGUID&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dogfish1980\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dogfish1980\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/13 13:20:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/02/26 08:57:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/27 19:27:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 07:11:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/13 13:20:57 | 000,000,000 | ---D | M]

[2010/05/20 21:54:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dogfish1980\AppData\Roaming\Mozilla\Extensions
[2012/05/27 21:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dogfish1980\AppData\Roaming\Mozilla\Firefox\Profiles\5g4kli1t.default\extensions
[2012/05/15 19:14:58 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Dogfish1980\AppData\Roaming\Mozilla\Firefox\Profiles\5g4kli1t.default\extensions\anttoolbar@ant.com
[2011/12/08 21:42:25 | 000,003,739 | ---- | M] () -- C:\Users\Dogfish1980\AppData\Roaming\Mozilla\Firefox\Profiles\5g4kli1t.default\searchplugins\avg-secure-search.xml
[2012/01/10 07:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/03 19:48:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/21 21:33:37 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/05 16:21:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/05/27 19:27:20 | 000,002,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
[2012/02/05 16:21:48 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dogfish1980\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Users\Dogfish1980\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dogfish1980\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Dogfish1980\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dogfish1980\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Dogfish1980\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Dogfish1980\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Dogfish1980\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\
CHR - Extension: Gmail = C:\Users\Dogfish1980\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Shop to Win) - {6AE00F2C-62F7-41B5-83A6-B0CC6959CBC4} - C:\Program Files (x86)\Shop to Win 21\Shop to Win 21.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Blekko search bar) - {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll ()
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Dogfish1980\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (Fantapper) - {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Blekko search bar) - {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2661811157-3886790852-175892617-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot File not found
O4 - HKU\S-1-5-21-2661811157-3886790852-175892617-1001..\Run: [Active Desktop Calendar] C:\Program Files (x86)\XemiComputers\Active Desktop Calendar\ADC.exe (XemiComputers ltd.)
O4 - HKU\S-1-5-21-2661811157-3886790852-175892617-1001..\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2661811157-3886790852-175892617-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-2661811157-3886790852-175892617-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2661811157-3886790852-175892617-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2287DE97-332B-4251-9D09-A1366E26B826}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B766886-DD1B-4238-8F40-CCB377155137}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BE591E0-E416-469E-9179-D8750FADD067}: DhcpNameServer = 192.168.50.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/28 10:11:00 | 000,000,000 | ---D | C] -- C:\FRST
[2012/05/28 07:49:39 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/05/27 21:35:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/27 21:33:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/27 21:33:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/27 21:33:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/27 19:28:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Maximizer
[2012/05/27 19:27:52 | 000,000,000 | ---D | C] -- C:\Users\Dogfish1980\AppData\Local\antiphishing-vmninternethelper1_1dn
[2012/05/27 19:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2012/05/27 19:27:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\blekkotb_soc
[2012/05/26 18:18:57 | 000,000,000 | ---D | C] -- C:\Users\Dogfish1980\AppData\Roaming\XemiComputers
[2012/05/26 18:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active Desktop Calendar
[2012/05/26 18:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XemiComputers
[2012/05/26 18:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012/05/26 18:08:26 | 000,000,000 | ---D | C] -- C:\Users\Dogfish1980\AppData\Local\blekkotb_031
[2012/05/09 17:36:26 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/09 17:36:07 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/09 17:36:03 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/09 17:36:02 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/03 19:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/03 19:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

========== Files - Modified Within 30 Days ==========

[2012/05/28 13:44:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661811157-3886790852-175892617-1001UA.job
[2012/05/28 12:34:17 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/28 12:34:17 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/28 12:26:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/28 12:26:33 | 3193,765,888 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/27 19:36:21 | 000,000,000 | ---- | M] () -- C:\Users\Dogfish1980\defogger_reenable
[2012/05/27 16:55:24 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661811157-3886790852-175892617-1001Core.job
[2012/05/27 10:06:34 | 000,002,432 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/05/26 18:08:47 | 000,001,249 | ---- | M] () -- C:\Users\Dogfish1980\Desktop\Active Desktop Calendar.lnk
[2012/05/19 21:03:48 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/19 21:03:48 | 000,627,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/19 21:03:48 | 000,107,600 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/19 17:37:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2012/05/10 19:17:28 | 000,001,280 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/05/10 19:05:54 | 004,896,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/09 19:48:06 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

========== Files Created - No Company Name ==========

[2012/05/27 21:35:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/27 21:33:56 | 000,256,000 | R--- | C] () -- C:\Windows\PEV.exe
[2012/05/27 21:33:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/27 21:33:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/27 21:33:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/27 19:36:21 | 000,000,000 | ---- | C] () -- C:\Users\Dogfish1980\defogger_reenable
[2012/05/26 18:08:47 | 000,001,249 | ---- | C] () -- C:\Users\Dogfish1980\Desktop\Active Desktop Calendar.lnk
[2012/05/19 17:37:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2011/12/09 18:38:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\78L2U2B.com.b
[2011/12/09 18:34:10 | 000,000,112 | ---- | C] () -- C:\ProgramData\4E6236.dat
[2011/12/06 13:57:21 | 000,005,054 | -HS- | C] () -- C:\Users\Dogfish1980\AppData\Local\105818a8j030q312r082c0vio3s4
[2011/12/06 13:57:21 | 000,005,054 | -HS- | C] () -- C:\ProgramData\105818a8j030q312r082c0vio3s4
[2011/12/04 16:51:05 | 000,010,634 | -HS- | C] () -- C:\Users\Dogfish1980\AppData\Local\f0nn45b7dn1hjs
[2011/12/04 16:51:05 | 000,010,634 | -HS- | C] () -- C:\ProgramData\f0nn45b7dn1hjs
[2011/07/16 10:07:33 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/13 17:53:39 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/13 17:53:39 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/02/13 13:16:09 | 000,202,342 | ---- | C] () -- C:\Windows\hpoins18.dat
[2011/02/13 13:16:09 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >

#14 gringo_pr

Bleepin Gringo

Malware Response Team
120,668 posts

Gender:Male
Location:Puerto rico

Posted 28 May 2012 - 05:04 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

Double-click OTL.exe to start the program.

Copy and Paste the following code into the Posted Image

textbox. Do not include the word Code

:OTL
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
O2 - BHO: (Shop to Win) - {6AE00F2C-62F7-41B5-83A6-B0CC6959CBC4} - C:\Program Files (x86)\Shop to Win 21\Shop to Win 21.dll File not found
O2 - BHO: (Fantapper) - {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll File not found
O3 - HKU\S-1-5-21-2661811157-3886790852-175892617-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot File not found
O4 - HKU\S-1-5-21-2661811157-3886790852-175892617-1001..\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe" File not found
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point 
[2011/12/06 13:57:21 | 000,005,054 | -HS- | C] () -- C:\Users\Dogfish1980\AppData\Local\105818a8j030q312r082c0vio3s4
[2011/12/06 13:57:21 | 000,005,054 | -HS- | C] () -- C:\ProgramData\105818a8j030q312r082c0vio3s4
[2011/12/04 16:51:05 | 000,010,634 | -HS- | C] () -- C:\Users\Dogfish1980\AppData\Local\f0nn45b7dn1hjs
[2011/12/04 16:51:05 | 000,010,634 | -HS- | C] () -- C:\ProgramData\f0nn45b7dn1hjs
:Files
ipconfig /flushdns /c
:Commands
[PURITY]
[emptyjava]
[EMPTYFLASH]

Then click the Run Fix button at the top.
Click .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo

#15 dogfish1980

Member

Members
49 posts

Posted 28 May 2012 - 07:26 PM

It seems to be running a lot smoother now, thank you.

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6AE00F2C-62F7-41B5-83A6-B0CC6959CBC4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6AE00F2C-62F7-41B5-83A6-B0CC6959CBC4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A86D350-37AB-410A-8531-7D1363F317B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A86D350-37AB-410A-8531-7D1363F317B3}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2661811157-3886790852-175892617-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinPatrol deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2661811157-3886790852-175892617-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SPMTray deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
Mount Point C:\Windows\system64 removed successfully!
C:\Users\Dogfish1980\AppData\Local\105818a8j030q312r082c0vio3s4 moved successfully.
C:\ProgramData\105818a8j030q312r082c0vio3s4 moved successfully.
C:\Users\Dogfish1980\AppData\Local\f0nn45b7dn1hjs moved successfully.
C:\ProgramData\f0nn45b7dn1hjs moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dogfish1980\Desktop\Dogfish\Download\cmd.bat deleted successfully.
C:\Users\Dogfish1980\Desktop\Dogfish\Download\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Dogfish1980
->Java cache emptied: 6214219 bytes

User: Public

Total Java Files Cleaned = 6.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Dogfish1980
->Flash cache emptied: 43032 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.43.2 log created on 05282012_172350