Iexplorer audio in background/google redirects

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

8 Pages
1
2
3
→
Last »

You cannot start a new topic
This topic is locked

Iexplorer audio in background/google redirects Leftovers

#1 Patyfatycake

Member

Group: Members
Posts: 61
Joined: 01-February 12

Posted 01 February 2012 - 07:58 AM

Hey, this is pretty much the same as this one , i tried the instructions but it didn't work for me or i did it wrong.

I would attach a GMER but my os is W7 64bit

DDS

Quote

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Lewis Kwong at 1:54:12 on 2012-02-02
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8190.5559 [GMT 13:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\system32\mqsvc.exe
c:\xampp\mysql\bin\mysqld.exe
C:\Windows\SysWoW64\svchost.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files (x86)\Realtek\RTL8185 Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\Realtek\RTL8185 Wireless LAN Utility\RtWlan.exe
C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\mqtgsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\FlashGet Network\FlashGet 3\Flashget3.exe
C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe
C:\Users\Lewis Kwong\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
C:\Windows\splwow64.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWoW64\svchost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = local;*.local;127.0.0.1:9421;
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Lewis Kwong\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: TextAloud: {f053c368-5458-45b2-9b4d-d8914bdddbff} - C:\PROGRA~2\TEXTAL~1\TAForIE.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [FlashGet 3] "C:\Program Files (x86)\FlashGet Network\FlashGet 3\Flashget3.exe" -minimize
uRun: [ManyCam] "C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe"
uRun: [Octoshape Streaming Services] "C:\Users\Lewis Kwong\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Gadwin PrintScreen Pro] "C:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" /nosplash
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
StartupFolder: C:\Users\LEWISK~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\Users\LEWISK~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ROLLER~1.LNK - C:\Users\Lewis Kwong\AppData\Local\Temp\{46C303E0-9B9A-4E6B-8D82-ABBF089CB687}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: kuaiche.com\software
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} - hxxp://www.freetalker.com/VaxSIPUserAgentCAB.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{48C33E8C-A3D2-46C7-A216-35305E6FEBBF} : DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{51B25B49-E072-46CC-8F56-9385DB1C4AEC} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{BA30575C-5282-4BF3-AC11-C73441C94515} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~4\Office12\GRA32A~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Lewis Kwong\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
BHO-X64: FlashGetBHO - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: TextAloud: {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~2\TEXTAL~1\TAForIE.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lewis Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\8eb6968l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.nz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.ftp - 125.164.121.103
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 125.164.121.103
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 125.164.121.103
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 125.164.121.103
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 125.164.121.103
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: C:\Users\Lewis Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\8eb6968l.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Lewis Kwong\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Lewis Kwong\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Lewis Kwong\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Lewis Kwong\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-19 140672]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-1-25 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-1-25 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 cpuz133;cpuz133;\??\C:\Windows\system32\drivers\cpuz133_x64.sys --> C:\Windows\system32\drivers\cpuz133_x64.sys [?]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-12-17 8704]
R2 Realtek8185;Realtek8185;C:\Program Files (x86)\Realtek\RTL8185 Wireless LAN Utility\RtlService.exe [2010-3-11 36864]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2012-2-1 366840]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2012-2-1 1150936]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-15 2228008]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2010-7-4 139880]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-9-26 4924336]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;C:\Windows\system32\DRIVERS\Rtenic64.sys --> C:\Windows\system32\DRIVERS\Rtenic64.sys [?]
S3 sftfs;sftfs;C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\SftFSlh.sys [2009-9-23 712536]
S3 sftplay;sftplay;C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys [2009-9-23 261480]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
S3 sftvol;sftvol;C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\SftVollh.sys [2009-9-23 17752]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-9-23 203608]
S4 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2009-9-26 819600]
S4 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-9-23 447848]
.
=============== Created Last 30 ================
.
2012-02-01 12:34:14 6832 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
2012-02-01 12:33:14 838 ----a-w- C:\ProgramData\gjuobaa.tmp
2012-02-01 12:32:34 793 ----a-w- C:\ProgramData\kjuobaa.tmp
2012-02-01 12:32:29 871 ----a-w- C:\ProgramData\jjuobaa.tmp
2012-02-01 12:32:23 841 ----a-w- C:\ProgramData\ijuobaa.tmp
2012-02-01 12:32:19 807 ----a-w- C:\ProgramData\hjuobaa.tmp
2012-02-01 12:24:27 -------- d-----w- C:\_OTM
2012-02-01 12:19:07 862 ----a-w- C:\ProgramData\ieaqbaa.tmp
2012-02-01 12:17:48 -------- d-----w- C:\Program Files (x86)\ESET
2012-02-01 12:02:38 822 ----a-w- C:\ProgramData\leaqbaa.tmp
2012-02-01 11:55:04 802 ----a-w- C:\ProgramData\keaqbaa.tmp
2012-02-01 11:39:20 857 ----a-w- C:\ProgramData\jeaqbaa.tmp
2012-02-01 11:22:17 839 ----a-w- C:\ProgramData\meaqbaa.tmp
2012-02-01 11:13:30 -------- d-----w- C:\$RECYCLE.BIN
2012-02-01 10:24:44 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{83765BFB-EAA6-4A4C-9879-CE84E92891ED}
2012-02-01 09:40:33 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\TSVNCache
2012-02-01 09:20:40 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2012-02-01 09:20:40 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2012-02-01 09:20:32 331368 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2012-02-01 09:20:32 136168 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2012-02-01 09:20:20 257232 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2012-02-01 09:20:10 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2012-02-01 09:19:58 -------- d-----w- C:\Users\Lewis Kwong\AppData\Roaming\PC Tools
2012-02-01 09:19:58 -------- d-----w- C:\ProgramData\PC Tools
2012-02-01 09:19:58 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2012-02-01 09:19:58 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-02-01 07:14:35 73216 ----a-w- C:\Windows\SysWow64\osktray.dll
2012-01-31 09:57:17 -------- d-----w- C:\ProgramData\Media Center Programs
2012-01-31 09:57:13 310984 ----a-w- C:\Windows\System32\drivers\atksgt.sys
2012-01-31 09:57:12 42696 ----a-w- C:\Windows\System32\drivers\lirsgt.sys
2012-01-31 06:01:50 -------- d-----w- C:\Program Files (x86)\Atari
2012-01-31 06:01:18 -------- d-----w- C:\Users\Lewis Kwong\AppData\Roaming\Atari
2012-01-31 06:01:00 692224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-01-31 06:01:00 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-01-31 06:01:00 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-01-31 06:01:00 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-01-31 06:01:00 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-01-31 06:01:00 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-01-31 06:01:00 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-01-31 01:25:56 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{A4953A0A-4DCE-4FEE-A7DE-C59D9C16196D}
2012-01-31 00:10:35 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{FB766D93-124D-4DEF-9484-1AAEEA0CFAA1}
2012-01-30 12:10:35 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{A7852753-187C-4AAF-8A70-5CD12569EC48}
2012-01-30 00:10:35 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{1E7BBB8B-DDAD-469E-9AA4-EAEF6B8E37C5}
2012-01-29 12:10:36 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{16740E53-9E2E-45A0-9F1B-47478F73870C}
2012-01-29 00:11:06 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{057A0FAC-CB80-4DC3-AC07-6766C291951B}
2012-01-28 12:11:06 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{A07EDDC2-060B-4911-A522-2AB549736479}
2012-01-28 00:11:06 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{4AE50A9F-1604-46C9-8E1B-74F9B866D4C1}
2012-01-27 12:11:06 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{079B7EEB-0344-4DBC-BF62-A9147AA1F960}
2012-01-27 00:11:06 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{4B22DFD5-1D0F-491F-9936-E2E16A3321E4}
2012-01-26 12:11:06 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{20FA1717-0671-465F-889B-9642B383829E}
2012-01-26 07:53:59 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2012-01-26 07:48:54 -------- d-----w- C:\Program Files (x86)\EA Sports
2012-01-26 00:11:06 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{44A1CD69-EFC7-47B4-B0C1-7B5B7381AD6E}
2012-01-25 12:11:06 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{370F35C3-99C8-424D-9783-4A97D071BE4B}
2012-01-25 00:11:06 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{7E4F7888-1D40-416A-A153-7A3C350EA8FD}
2012-01-24 12:11:06 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{8968583A-7C85-421D-A4C1-CCF7A6591744}
2012-01-24 01:33:03 -------- d-----w- C:\Users\Lewis Kwong\AppData\Roaming\.tribot
2012-01-24 00:11:06 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{5380DB49-7F5C-4646-AD5D-B297C0026A10}
2012-01-23 12:11:06 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{79BB4856-DE1D-4D44-B07A-07C110CF8A75}
2012-01-23 00:11:06 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{B34CC5C2-ACCF-461B-91DF-78AC472F72EB}
2012-01-22 12:11:06 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{D2D1E109-B3F9-47D9-8012-2462E4838F15}
2012-01-22 00:11:15 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{8F6BEB96-4F12-4332-8414-A992C7FF832C}
2012-01-21 12:11:15 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{21143511-92F6-474A-9DF1-6BED5B8D599D}
2012-01-21 00:11:15 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{A2B74A56-5E14-4AD4-B0B4-DABF756BD7FB}
2012-01-19 00:11:15 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{4A568E2C-3DC6-47A4-8A6F-041F01FE80A2}
2012-01-11 00:32:40 -------- d-----w- C:\Program Files (x86)\Wondershare
2012-01-11 00:29:09 -------- d-----w- C:\Program Files (x86)\PDF Password Remover v3.1
2012-01-11 00:21:53 -------- d-----w- C:\Program Files (x86)\PlotSoft
2012-01-10 22:12:46 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{DDFCB4D8-DD0D-4AAC-BCEA-BC1269350186}
2012-01-07 08:24:54 -------- d-----w- C:\Program Files (x86)\raidcall
2012-01-05 02:17:10 -------- d-----w- C:\Windyzone
2012-01-05 02:11:40 -------- d-----w- C:\Perfect World Entertainment
2012-01-04 22:31:16 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{6BE1468B-585C-4971-8679-F5E14EE8A572}
2012-01-04 05:40:40 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{9DD8BD68-F257-4948-8D1C-A503F8FEA877}
2012-01-03 23:24:57 -------- d-----w- C:\Users\Lewis Kwong\AppData\Roaming\Ubisoft
2012-01-03 17:41:03 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{C8E08538-5F8F-4318-B5F5-714290C97948}
2012-01-03 08:41:46 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{3595E372-27F1-4EF8-8A85-DD5CC593FC7C}
2012-01-03 05:48:58 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\Oblivion
2012-01-02 20:41:46 -------- d-----w- C:\Users\Lewis Kwong\AppData\Local\{FB9FC6A9-1F6B-4B94-A510-FC95F7ADB872}
.
==================== Find3M ====================
.
2011-12-10 02:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-02 10:45:29 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll
2011-12-02 09:48:00 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-12-01 20:12:44 377344 ----a-w- C:\Windows\System32\hpb64.dll
2011-12-01 20:11:56 309760 ----a-w- C:\Windows\SysWow64\hpb.dll
2011-11-08 12:50:29 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 1:55:18.58 ===============

Attached File(s)

Attach.txt (15.14K)
Number of downloads: 0

#2 Patyfatycake

Member

Group: Members
Posts: 61
Joined: 01-February 12

Posted 01 February 2012 - 04:35 PM

Quote

ComboFix 12-02-01.01 - Lewis Kwong 02/02/2012 9:56.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8190.5942 [GMT 13:00]
Running from: c:\users\Lewis Kwong\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\awsobaa.tmp
c:\programdata\eipqbaa.tmp
c:\programdata\fipqbaa.tmp
c:\programdata\gipqbaa.tmp
c:\programdata\gjuobaa.tmp
c:\programdata\gtbreaa.tmp
c:\programdata\hipqbaa.tmp
c:\programdata\hjuobaa.tmp
c:\programdata\htbreaa.tmp
c:\programdata\ieaqbaa.tmp
c:\programdata\iipqbaa.tmp
c:\programdata\ijuobaa.tmp
c:\programdata\itbreaa.tmp
c:\programdata\jeaqbaa.tmp
c:\programdata\jjuobaa.tmp
c:\programdata\jtbreaa.tmp
c:\programdata\keaqbaa.tmp
c:\programdata\kjuobaa.tmp
c:\programdata\ktbreaa.tmp
c:\programdata\leaqbaa.tmp
c:\programdata\meaqbaa.tmp
c:\programdata\wvsobaa.tmp
c:\programdata\xvsobaa.tmp
c:\programdata\yvsobaa.tmp
c:\programdata\zvsobaa.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRV2
-------\Service_srv2
.
.
((((((((((((((((((((((((( Files Created from 2012-01-01 to 2012-02-01 )))))))))))))))))))))))))))))))
.
.
2012-02-01 21:09 . 2012-02-01 21:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-01 20:33 . 2012-02-01 20:33 6832 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-02-01 20:19 . 2012-02-01 20:19 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2012-02-01 12:24 . 2012-02-01 12:24 -------- d-----w- C:\_OTM
2012-02-01 12:17 . 2012-02-01 12:17 -------- d-----w- c:\program files (x86)\ESET
2012-02-01 09:40 . 2012-02-01 21:15 -------- d-----w- c:\users\Lewis Kwong\AppData\Local\TSVNCache
2012-02-01 09:20 . 2010-07-16 01:53 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-02-01 09:20 . 2010-06-28 21:35 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-02-01 09:20 . 2010-11-16 21:20 331368 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-02-01 09:20 . 2010-11-16 21:20 136168 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-02-01 09:20 . 2010-11-24 21:43 257232 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-02-01 09:20 . 2010-11-24 21:42 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-02-01 09:19 . 2012-02-01 21:14 -------- d-----w- c:\program files (x86)\PC Tools Security
2012-02-01 09:19 . 2012-02-01 09:23 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-02-01 09:19 . 2012-02-01 09:20 -------- d-----w- c:\programdata\PC Tools
2012-02-01 09:19 . 2012-02-01 09:19 -------- d-----w- c:\users\Lewis Kwong\AppData\Roaming\PC Tools
2012-02-01 07:14 . 2012-02-01 07:14 73216 ----a-w- c:\windows\SysWow64\osktray.dll
2012-01-31 09:57 . 2012-01-31 09:57 -------- d-----w- c:\programdata\Media Center Programs
2012-01-31 09:57 . 2012-01-31 10:01 310984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-01-31 09:57 . 2012-01-31 09:57 42696 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-01-31 06:01 . 2012-01-31 06:01 -------- d-----w- c:\program files (x86)\Atari
2012-01-31 06:01 . 2012-01-31 06:01 -------- d-----w- c:\users\Lewis Kwong\AppData\Roaming\Atari
2012-01-31 06:01 . 2012-01-31 06:01 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-01-31 06:01 . 2012-01-31 06:01 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-01-31 06:01 . 2002-12-05 01:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-01-31 06:01 . 2002-12-05 01:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-01-31 06:01 . 2002-12-02 02:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-01-31 06:01 . 2002-12-02 00:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-01-31 06:01 . 2002-12-02 00:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-01-26 07:54 . 2012-01-26 07:54 -------- d-----r- c:\users\Lewis Kwong\AppData\Roaming\SecuROM
2012-01-26 07:53 . 2012-01-26 07:53 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-01-26 07:48 . 2012-01-26 07:48 -------- d-----w- c:\program files (x86)\EA Sports
2012-01-24 01:33 . 2012-01-24 01:39 -------- d-----w- c:\users\Lewis Kwong\AppData\Roaming\.tribot
2012-01-11 00:32 . 2012-01-11 00:32 -------- d-----w- c:\program files (x86)\Wondershare
2012-01-11 00:29 . 2012-01-11 00:29 -------- d-----w- c:\program files (x86)\PDF Password Remover v3.1
2012-01-11 00:21 . 2012-01-11 00:21 -------- d-----w- c:\program files (x86)\PlotSoft
2012-01-07 08:24 . 2012-01-07 08:26 -------- d-----w- c:\program files (x86)\raidcall
2012-01-05 02:17 . 2012-01-05 02:17 -------- d-----w- C:\Windyzone
2012-01-05 02:11 . 2012-01-20 02:24 -------- d-----w- C:\Perfect World Entertainment
2012-01-03 23:24 . 2012-01-03 23:24 -------- d-----w- c:\users\Lewis Kwong\AppData\Roaming\Ubisoft
2012-01-03 23:24 . 2012-01-03 23:24 -------- d-----w- c:\programdata\Ubisoft
2012-01-03 05:48 . 2012-01-03 05:48 -------- d-----w- c:\users\Lewis Kwong\AppData\Local\Oblivion
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-01 21:18 . 2012-02-01 21:18 810 ----a-w- c:\programdata\yisqbaa.tmp
2012-02-01 21:17 . 2012-02-01 21:17 854 ----a-w- c:\programdata\cjsqbaa.tmp
2012-02-01 21:17 . 2012-02-01 21:17 848 ----a-w- c:\programdata\bjsqbaa.tmp
2012-02-01 21:17 . 2012-02-01 21:17 873 ----a-w- c:\programdata\ajsqbaa.tmp
2012-02-01 21:17 . 2012-02-01 21:17 836 ----a-w- c:\programdata\zisqbaa.tmp
2012-02-01 21:13 . 2010-12-20 23:42 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2011-12-10 02:24 . 2010-03-27 03:21 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-02 10:45 . 2011-12-02 02:49 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2011-12-02 09:48 . 2011-12-02 09:48 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-01 20:12 . 2011-12-13 22:28 377344 ----a-w- c:\windows\system32\hpb64.dll
2011-12-01 20:11 . 2011-12-13 22:28 309760 ----a-w- c:\windows\SysWow64\hpb.dll
2011-11-08 12:50 . 2011-07-09 10:53 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . B133FDA5CD4E5E3A8900216B76FA804C . 858112 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-12-14 02:51 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-12-14 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FlashGet 3"="c:\program files (x86)\FlashGet Network\FlashGet 3\Flashget3.exe" [2009-12-22 2127408]
"ManyCam"="c:\program files (x86)\ManyCam 2.4\ManyCam.exe" [2010-04-21 1824040]
"Octoshape Streaming Services"="c:\users\Lewis Kwong\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-03-12 319792]
"Gadwin PrintScreen Pro"="c:\program files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2010-10-14 507904]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-18 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-12 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Diamondback"="c:\program files (x86)\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-12-14 1398440]
"ISTray"="c:\program files (x86)\PC Tools Security\pctsGui.exe" [2010-12-01 1589208]
.
c:\users\Lewis Kwong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-10-13 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AtiDCM;AtiDCM;c:\users\Lewis Kwong\AppData\Local\Temp\atdcm64a.sys [x]
R3 BlackBox;BlackBox SR2; [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-25 4924336]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 sftfs;sftfs;c:\program files (x86)\Microsoft Application Virtualization Client\drivers\sftfslh.sys [2009-09-23 712536]
R3 sftplay;sftplay;c:\program files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys [2009-09-23 261480]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 sftvol;sftvol;c:\program files (x86)\Microsoft Application Virtualization Client\drivers\sftvollh.sys [2009-09-23 17752]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-09-23 203608]
R3 X6va005;X6va005;c:\users\LEWISK~1\AppData\Local\Temp\005265B.tmp [x]
R4 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2009-09-25 819600]
R4 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-09-23 447848]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-09-25 140672]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-01-17 8704]
S2 Realtek8185;Realtek8185;c:\program files (x86)\Realtek\RTL8185 Wireless LAN Utility\RtlService.exe [2009-07-09 36864]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver64
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1183503601-1514928044-3675566121-1001Core.job
- c:\users\Lewis Kwong\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-14 21:01]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1183503601-1514928044-3675566121-1001UA.job
- c:\users\Lewis Kwong\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-14 21:01]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 20:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 20:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 20:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 20:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 20:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 20:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 20:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 20:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 20:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
"MsmqIntCert"="mqrt.dll" [2009-07-14 247808]
"combofix"="c:\combofix\CF5545.3XE" [2009-07-14 344576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = local;*.local;127.0.0.1:9421;
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: kuaiche.com\software
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} - hxxp://www.freetalker.com/VaxSIPUserAgentCAB.cab
FF - ProfilePath - c:\users\Lewis Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\8eb6968l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.nz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.ftp - 125.164.121.103
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 125.164.121.103
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 125.164.121.103
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 125.164.121.103
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 125.164.121.103
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EAX™ Unified (SHELL) - c:\program files (x86)\Creative Labs\EAX™ Unified (SHELL)\Uninst.isu
AddRemove-MetaFrame Presentation Server Web Client for Win32 - c:\windows\system32\ctxsetup.exe
AddRemove-Payday The Heist © OVERKILL Software_is1 - c:\program files (x86)\Payday The Heist\unins000.exe
AddRemove-{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23} - c:\program files (x86)\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\LEWISK~1\AppData\Local\Temp\005265B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,b4,5f,3a,9e,74,07,4b,92,6a,c8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,b4,5f,3a,9e,74,07,4b,92,6a,c8,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\xampp\mysql\bin\mysqld.exe
c:\program files (x86)\Realtek\RTL8185 Wireless LAN Utility\RtWlan.exe
c:\program files (x86)\PC Tools Security\pctsSvc.exe
c:\program files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
c:\program files (x86)\Razer\Diamondback 3G\razerofa.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2012-02-02 10:23:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-01 21:23
.
Pre-Run: 73,134,141,440 bytes free
Post-Run: 73,161,785,344 bytes free
.
- - End Of File - - 3C39E71E9CD153C93E19DB6A55BB27D1

#3 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,115
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 05 February 2012 - 07:09 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#4 Patyfatycake

Member

Group: Members
Posts: 61
Joined: 01-February 12

Posted 05 February 2012 - 07:09 AM

Hey, im about to go to bed soon so i can run any scan before i go to bed.

Thanks

This post has been edited by Patyfatycake: 05 February 2012 - 07:10 AM

#5 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,115
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 05 February 2012 - 07:12 AM

Okay, a quick rootkit scan should do

Please download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#6 Patyfatycake

Member

Group: Members
Posts: 61
Joined: 01-February 12

Posted 05 February 2012 - 07:13 AM

m0le, on 05 February 2012 - 07:12 AM, said:

Okay, a quick rootkit scan should do

Please download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

I believe i have already fixed the audio background in the last few days(Havn't heard in awhile) but it seems to come back alot. Starting the scan now

Edit attaching

Attached File(s)

aswMBR.txt (1.57K)
Number of downloads: 8

This post has been edited by Patyfatycake: 05 February 2012 - 07:15 AM

#7 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,115
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 05 February 2012 - 07:21 AM

Yes, that looks fine. Please rerun Combofix, agree any update requests, and then post that log. There are things we need to check and one thing that needs fixing for sure.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#8 Patyfatycake

Member

Group: Members
Posts: 61
Joined: 01-February 12

Posted 05 February 2012 - 07:48 AM

Here is the log

Attached File(s)

ComboFix.txt (27.58K)
Number of downloads: 7

#9 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,115
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 05 February 2012 - 07:09 PM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

Quote

FCopy::
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll | c:\windows\SysWOW64\user32.dll

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#10 Patyfatycake

Member

Group: Members
Posts: 61
Joined: 01-February 12

Posted 05 February 2012 - 07:40 PM

here ya go

Attached File(s)

ComboFix.txt (24.17K)
Number of downloads: 6

#11 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,115
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 05 February 2012 - 07:50 PM

Can you now run TDSSKIller

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l report.txt
Now click Start Scan.
If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
Click Close
Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#12 Patyfatycake

Member

Group: Members
Posts: 61
Joined: 01-February 12

Posted 05 February 2012 - 07:56 PM

13:56:07.0077 16144 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
13:56:07.0788 16144 ============================================================
13:56:07.0788 16144 Current date / time: 2012/02/06 13:56:07.0788
13:56:07.0788 16144 SystemInfo:
13:56:07.0788 16144
13:56:07.0788 16144 OS Version: 6.1.7600 ServicePack: 0.0
13:56:07.0788 16144 Product type: Workstation
13:56:07.0788 16144 ComputerName: LEWISKWONG-PC
13:56:07.0788 16144 UserName: Lewis Kwong
13:56:07.0788 16144 Windows directory: C:\Windows
13:56:07.0788 16144 System windows directory: C:\Windows
13:56:07.0788 16144 Running under WOW64
13:56:07.0788 16144 Processor architecture: Intel x64
13:56:07.0788 16144 Number of processors: 4
13:56:07.0788 16144 Page size: 0x1000
13:56:07.0788 16144 Boot type: Normal boot
13:56:07.0788 16144 ============================================================
13:56:08.0807 16144 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:56:08.0811 16144 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:56:08.0815 16144 \Device\Harddisk0\DR0:
13:56:08.0815 16144 MBR used
13:56:08.0815 16144 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
13:56:08.0815 16144 \Device\Harddisk1\DR1:
13:56:08.0819 16144 MBR used
13:56:08.0819 16144 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C41
13:56:08.0842 16144 Initialize success
13:56:08.0842 16144 ============================================================
13:56:09.0850 14340 ============================================================
13:56:09.0850 14340 Scan started
13:56:09.0850 14340 Mode: Manual;
13:56:09.0850 14340 ============================================================
13:56:10.0905 14340 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:56:10.0905 14340 1394ohci - ok
13:56:10.0928 14340 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:56:10.0932 14340 ACPI - ok
13:56:10.0948 14340 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:56:10.0948 14340 AcpiPmi - ok
13:56:10.0987 14340 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
13:56:10.0991 14340 adfs - ok
13:56:11.0057 14340 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:56:11.0057 14340 adp94xx - ok
13:56:11.0077 14340 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:56:11.0081 14340 adpahci - ok
13:56:11.0108 14340 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:56:11.0108 14340 adpu320 - ok
13:56:11.0428 14340 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
13:56:11.0432 14340 AFD - ok
13:56:11.0452 14340 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:56:11.0452 14340 agp440 - ok
13:56:11.0506 14340 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:56:11.0506 14340 aliide - ok
13:56:11.0549 14340 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:56:11.0549 14340 amdide - ok
13:56:11.0577 14340 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:56:11.0577 14340 AmdK8 - ok
13:56:11.0756 14340 amdkmdag (74687c33c4ad25a975bbb1ea1e8b3884) C:\Windows\system32\DRIVERS\atikmdag.sys
13:56:11.0792 14340 amdkmdag - ok
13:56:11.0838 14340 amdkmdap (c7f56ed86327a78e7f8a5cc503a98bd6) C:\Windows\system32\DRIVERS\atikmpag.sys
13:56:11.0838 14340 amdkmdap - ok
13:56:11.0862 14340 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:56:11.0862 14340 AmdPPM - ok
13:56:11.0885 14340 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
13:56:11.0885 14340 amdsata - ok
13:56:11.0909 14340 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:56:11.0913 14340 amdsbs - ok
13:56:11.0936 14340 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
13:56:11.0940 14340 amdxata - ok
13:56:12.0026 14340 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:56:12.0030 14340 AppID - ok
13:56:12.0069 14340 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:56:12.0073 14340 arc - ok
13:56:12.0092 14340 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:56:12.0092 14340 arcsas - ok
13:56:12.0128 14340 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:56:12.0131 14340 AsyncMac - ok
13:56:12.0147 14340 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
13:56:12.0147 14340 atapi - ok
13:56:12.0233 14340 athr (cca705cdf038d5bc243203ce4416b345) C:\Windows\system32\DRIVERS\athrx.sys
13:56:12.0241 14340 athr - ok
13:56:12.0292 14340 AtiDCM - ok
13:56:12.0374 14340 atksgt (f88ef61bcd43addf2c9555430c16cd96) C:\Windows\system32\DRIVERS\atksgt.sys
13:56:12.0378 14340 atksgt - ok
13:56:12.0436 14340 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
13:56:12.0436 14340 avgntflt - ok
13:56:12.0456 14340 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
13:56:12.0460 14340 avipbb - ok
13:56:12.0526 14340 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:56:12.0530 14340 b06bdrv - ok
13:56:12.0588 14340 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:56:12.0592 14340 b57nd60a - ok
13:56:12.0674 14340 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
13:56:12.0682 14340 BCM43XX - ok
13:56:12.0710 14340 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:56:12.0710 14340 Beep - ok
13:56:12.0760 14340 BlackBox - ok
13:56:12.0799 14340 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:56:12.0799 14340 blbdrive - ok
13:56:12.0815 14340 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
13:56:12.0815 14340 bowser - ok
13:56:12.0835 14340 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:56:12.0838 14340 BrFiltLo - ok
13:56:12.0846 14340 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:56:12.0850 14340 BrFiltUp - ok
13:56:12.0932 14340 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:56:12.0932 14340 BridgeMP - ok
13:56:12.0960 14340 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:56:12.0960 14340 Brserid - ok
13:56:12.0987 14340 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:56:12.0987 14340 BrSerWdm - ok
13:56:13.0264 14340 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:56:13.0264 14340 BrUsbMdm - ok
13:56:13.0276 14340 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:56:13.0280 14340 BrUsbSer - ok
13:56:13.0311 14340 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:56:13.0311 14340 BTHMODEM - ok
13:56:13.0335 14340 catchme - ok
13:56:13.0385 14340 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:56:13.0385 14340 cdfs - ok
13:56:13.0428 14340 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
13:56:13.0432 14340 cdrom - ok
13:56:13.0467 14340 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:56:13.0467 14340 circlass - ok
13:56:13.0503 14340 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:56:13.0506 14340 CLFS - ok
13:56:13.0592 14340 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:56:13.0596 14340 CmBatt - ok
13:56:13.0604 14340 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
13:56:13.0604 14340 cmdide - ok
13:56:13.0659 14340 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
13:56:13.0659 14340 CNG - ok
13:56:13.0678 14340 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:56:13.0678 14340 Compbatt - ok
13:56:13.0713 14340 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:56:13.0713 14340 CompositeBus - ok
13:56:14.0003 14340 cpuz132 - ok
13:56:14.0057 14340 cpuz133 (641243746597fbd650e5000d95811ea3) C:\Windows\system32\drivers\cpuz133_x64.sys
13:56:14.0057 14340 cpuz133 - ok
13:56:14.0073 14340 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:56:14.0077 14340 crcdisk - ok
13:56:14.0135 14340 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
13:56:14.0139 14340 CSC - ok
13:56:14.0194 14340 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
13:56:14.0198 14340 DfsC - ok
13:56:14.0210 14340 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:56:14.0213 14340 discache - ok
13:56:14.0272 14340 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:56:14.0272 14340 Disk - ok
13:56:14.0413 14340 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:56:14.0413 14340 drmkaud - ok
13:56:14.0542 14340 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:56:14.0542 14340 dtsoftbus01 - ok
13:56:14.0588 14340 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
13:56:14.0592 14340 DXGKrnl - ok
13:56:14.0628 14340 EagleX64 - ok
13:56:14.0784 14340 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:56:14.0803 14340 ebdrv - ok
13:56:14.0835 14340 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:56:14.0835 14340 elxstor - ok
13:56:14.0858 14340 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
13:56:14.0858 14340 ErrDev - ok
13:56:14.0885 14340 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:56:14.0889 14340 exfat - ok
13:56:14.0909 14340 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:56:14.0909 14340 fastfat - ok
13:56:14.0924 14340 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:56:14.0924 14340 fdc - ok
13:56:14.0983 14340 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:56:14.0983 14340 FileInfo - ok
13:56:14.0999 14340 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:56:14.0999 14340 Filetrace - ok
13:56:15.0014 14340 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:56:15.0014 14340 flpydisk - ok
13:56:15.0042 14340 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:56:15.0042 14340 FltMgr - ok
13:56:15.0085 14340 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:56:15.0085 14340 FsDepends - ok
13:56:15.0096 14340 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:56:15.0096 14340 Fs_Rec - ok
13:56:15.0120 14340 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
13:56:15.0120 14340 fvevol - ok
13:56:15.0147 14340 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:56:15.0147 14340 gagp30kx - ok
13:56:15.0190 14340 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:56:15.0190 14340 GEARAspiWDM - ok
13:56:15.0206 14340 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:56:15.0206 14340 hcw85cir - ok
13:56:15.0249 14340 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
13:56:15.0253 14340 HdAudAddService - ok
13:56:15.0276 14340 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:56:15.0276 14340 HDAudBus - ok
13:56:15.0299 14340 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:56:15.0303 14340 HidBatt - ok
13:56:15.0323 14340 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:56:15.0323 14340 HidBth - ok
13:56:15.0346 14340 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:56:15.0346 14340 HidIr - ok
13:56:15.0421 14340 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:56:15.0421 14340 HidUsb - ok
13:56:15.0460 14340 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:56:15.0460 14340 HpSAMD - ok
13:56:15.0503 14340 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:56:15.0506 14340 HTTP - ok
13:56:15.0526 14340 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:56:15.0526 14340 hwpolicy - ok
13:56:15.0569 14340 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:56:15.0569 14340 i8042prt - ok
13:56:15.0600 14340 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
13:56:15.0604 14340 iaStorV - ok
13:56:15.0631 14340 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:56:15.0631 14340 iirsp - ok
13:56:15.0776 14340 IntcAzAudAddService (9297bc7fb61f58670ee176dd18f4dd92) C:\Windows\system32\drivers\RTKVHD64.sys
13:56:15.0788 14340 IntcAzAudAddService - ok
13:56:15.0811 14340 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
13:56:15.0811 14340 intelide - ok
13:56:15.0854 14340 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:56:15.0854 14340 intelppm - ok
13:56:15.0866 14340 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:56:15.0866 14340 IpFilterDriver - ok
13:56:15.0878 14340 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:56:15.0878 14340 IPMIDRV - ok
13:56:15.0897 14340 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:56:15.0897 14340 IPNAT - ok
13:56:15.0944 14340 irda (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys
13:56:15.0944 14340 irda - ok
13:56:15.0979 14340 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:56:15.0983 14340 IRENUM - ok
13:56:16.0042 14340 irsir (d2ca12736624ba636f8357dc3ef0757e) C:\Windows\system32\DRIVERS\irsir.sys
13:56:16.0042 14340 irsir - ok
13:56:16.0061 14340 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
13:56:16.0061 14340 isapnp - ok
13:56:16.0100 14340 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
13:56:16.0100 14340 iScsiPrt - ok
13:56:16.0135 14340 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:56:16.0135 14340 kbdclass - ok
13:56:16.0151 14340 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:56:16.0151 14340 kbdhid - ok
13:56:16.0167 14340 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
13:56:16.0167 14340 KSecDD - ok
13:56:16.0182 14340 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
13:56:16.0186 14340 KSecPkg - ok
13:56:16.0202 14340 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:56:16.0206 14340 ksthunk - ok
13:56:16.0276 14340 lirsgt (8e4ca9afd55ef6b509c80a8715abf8c6) C:\Windows\system32\DRIVERS\lirsgt.sys
13:56:16.0276 14340 lirsgt - ok
13:56:16.0303 14340 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:56:16.0303 14340 lltdio - ok
13:56:16.0358 14340 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:56:16.0358 14340 LSI_FC - ok
13:56:16.0374 14340 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:56:16.0378 14340 LSI_SAS - ok
13:56:16.0397 14340 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:56:16.0397 14340 LSI_SAS2 - ok
13:56:16.0409 14340 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:56:16.0409 14340 LSI_SCSI - ok
13:56:16.0694 14340 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:56:16.0694 14340 luafv - ok
13:56:16.0784 14340 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
13:56:16.0784 14340 ManyCam - ok
13:56:16.0850 14340 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
13:56:16.0854 14340 MarvinBus - ok
13:56:16.0905 14340 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
13:56:16.0905 14340 MBAMProtector - ok
13:56:16.0963 14340 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
13:56:16.0963 14340 mcdbus - ok
13:56:16.0987 14340 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:56:16.0987 14340 megasas - ok
13:56:17.0014 14340 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:56:17.0018 14340 MegaSR - ok
13:56:17.0065 14340 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:56:17.0065 14340 Modem - ok
13:56:17.0120 14340 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:56:17.0120 14340 monitor - ok
13:56:17.0159 14340 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:56:17.0159 14340 mouclass - ok
13:56:17.0202 14340 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:56:17.0202 14340 mouhid - ok
13:56:17.0217 14340 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:56:17.0217 14340 mountmgr - ok
13:56:17.0245 14340 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
13:56:17.0245 14340 mpio - ok
13:56:17.0272 14340 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:56:17.0272 14340 mpsdrv - ok
13:56:17.0592 14340 MQAC (cd22d2563039dda6793f7624719363a7) C:\Windows\system32\drivers\mqac.sys
13:56:17.0596 14340 MQAC - ok
13:56:17.0620 14340 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:56:17.0620 14340 MRxDAV - ok
13:56:17.0643 14340 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:56:17.0643 14340 mrxsmb - ok
13:56:17.0667 14340 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:56:17.0671 14340 mrxsmb10 - ok
13:56:17.0686 14340 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:56:17.0690 14340 mrxsmb20 - ok
13:56:17.0710 14340 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
13:56:17.0710 14340 msahci - ok
13:56:17.0737 14340 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
13:56:17.0741 14340 msdsm - ok
13:56:17.0776 14340 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:56:17.0776 14340 Msfs - ok
13:56:17.0811 14340 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:56:17.0815 14340 mshidkmdf - ok
13:56:17.0827 14340 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
13:56:17.0827 14340 msisadrv - ok
13:56:17.0870 14340 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:56:17.0870 14340 MSKSSRV - ok
13:56:17.0936 14340 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:56:17.0936 14340 MSPCLOCK - ok
13:56:17.0960 14340 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:56:17.0960 14340 MSPQM - ok
13:56:17.0991 14340 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:56:17.0991 14340 MsRPC - ok
13:56:18.0010 14340 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:56:18.0010 14340 mssmbios - ok
13:56:18.0022 14340 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:56:18.0022 14340 MSTEE - ok
13:56:18.0038 14340 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:56:18.0038 14340 MTConfig - ok
13:56:18.0073 14340 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:56:18.0073 14340 Mup - ok
13:56:18.0135 14340 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:56:18.0135 14340 NativeWifiP - ok
13:56:18.0186 14340 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:56:18.0194 14340 NDIS - ok
13:56:18.0233 14340 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:56:18.0237 14340 NdisCap - ok
13:56:18.0272 14340 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:56:18.0272 14340 NdisTapi - ok
13:56:18.0299 14340 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:56:18.0303 14340 Ndisuio - ok
13:56:18.0323 14340 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:56:18.0323 14340 NdisWan - ok
13:56:18.0342 14340 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:56:18.0342 14340 NDProxy - ok
13:56:18.0362 14340 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:56:18.0362 14340 NetBIOS - ok
13:56:18.0413 14340 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:56:18.0417 14340 NetBT - ok
13:56:18.0460 14340 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:56:18.0460 14340 nfrd960 - ok
13:56:18.0479 14340 NLNdisMP - ok
13:56:18.0499 14340 NLNdisPT - ok
13:56:18.0526 14340 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:56:18.0526 14340 Npfs - ok
13:56:18.0546 14340 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:56:18.0546 14340 nsiproxy - ok
13:56:18.0588 14340 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
13:56:18.0600 14340 Ntfs - ok
13:56:18.0620 14340 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:56:18.0620 14340 Null - ok
13:56:18.0667 14340 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
13:56:18.0667 14340 nvraid - ok
13:56:18.0678 14340 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
13:56:18.0682 14340 nvstor - ok
13:56:18.0690 14340 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
13:56:18.0694 14340 nv_agp - ok
13:56:18.0737 14340 nxsIO32 - ok
13:56:18.0749 14340 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
13:56:18.0753 14340 ohci1394 - ok
13:56:18.0819 14340 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:56:18.0819 14340 Parport - ok
13:56:18.0838 14340 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
13:56:18.0838 14340 partmgr - ok
13:56:18.0862 14340 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
13:56:18.0862 14340 pci - ok
13:56:18.0901 14340 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
13:56:18.0901 14340 pciide - ok
13:56:18.0928 14340 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:56:18.0928 14340 pcmcia - ok
13:56:18.0983 14340 PCTCore (8f38fffa9e7b9d547b7921efa8edff3c) C:\Windows\system32\drivers\PCTCore64.sys
13:56:18.0987 14340 PCTCore - ok
13:56:19.0034 14340 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys
13:56:19.0038 14340 pctDS - ok
13:56:19.0120 14340 pctEFA (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys
13:56:19.0124 14340 pctEFA - ok
13:56:19.0139 14340 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:56:19.0139 14340 pcw - ok
13:56:19.0167 14340 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:56:19.0171 14340 PEAUTH - ok
13:56:19.0210 14340 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:56:19.0213 14340 PptpMiniport - ok
13:56:19.0233 14340 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:56:19.0233 14340 Processor - ok
13:56:19.0299 14340 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:56:19.0299 14340 Psched - ok
13:56:19.0346 14340 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:56:19.0354 14340 ql2300 - ok
13:56:19.0389 14340 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:56:19.0393 14340 ql40xx - ok
13:56:19.0417 14340 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:56:19.0417 14340 QWAVEdrv - ok
13:56:19.0432 14340 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:56:19.0432 14340 RasAcd - ok
13:56:19.0460 14340 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:56:19.0460 14340 RasAgileVpn - ok
13:56:19.0475 14340 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:56:19.0479 14340 Rasl2tp - ok
13:56:19.0495 14340 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:56:19.0495 14340 RasPppoe - ok
13:56:19.0530 14340 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:56:19.0534 14340 RasSstp - ok
13:56:19.0553 14340 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:56:19.0557 14340 rdbss - ok
13:56:19.0577 14340 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:56:19.0581 14340 rdpbus - ok
13:56:19.0600 14340 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:56:19.0600 14340 RDPCDD - ok
13:56:19.0624 14340 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
13:56:19.0624 14340 RDPDR - ok
13:56:19.0663 14340 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:56:19.0667 14340 RDPENCDD - ok
13:56:19.0690 14340 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:56:19.0690 14340 RDPREFMP - ok
13:56:19.0741 14340 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
13:56:19.0741 14340 RDPWD - ok
13:56:19.0764 14340 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:56:19.0768 14340 rdyboost - ok
13:56:19.0858 14340 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
13:56:19.0858 14340 Revoflt - ok
13:56:19.0893 14340 RMCAST (77b3b747eb2413072b8e4306018d0c9b) C:\Windows\system32\DRIVERS\RMCAST.sys
13:56:19.0893 14340 RMCAST - ok
13:56:19.0921 14340 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:56:19.0921 14340 rspndr - ok
13:56:19.0979 14340 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:56:19.0979 14340 RTL8167 - ok
13:56:19.0999 14340 RTLE8023x64 (f7fcc534eb2c95aa74e215ece65a875a) C:\Windows\system32\DRIVERS\Rtenic64.sys
13:56:19.0999 14340 RTLE8023x64 - ok
13:56:20.0022 14340 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
13:56:20.0022 14340 s3cap - ok
13:56:20.0092 14340 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
13:56:20.0092 14340 SASDIFSV - ok
13:56:20.0108 14340 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
13:56:20.0108 14340 SASKUTIL - ok
13:56:20.0155 14340 SbieDrv (035dd5d74ed74de036113cae60fe55b3) C:\Program Files\Sandboxie\SbieDrv.sys
13:56:20.0155 14340 SbieDrv - ok
13:56:20.0174 14340 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
13:56:20.0174 14340 sbp2port - ok
13:56:20.0225 14340 SCDEmu (07237c66e05da6778e9f3cb67fa00736) C:\Windows\system32\drivers\SCDEmu.sys
13:56:20.0229 14340 SCDEmu - ok
13:56:20.0276 14340 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:56:20.0276 14340 scfilter - ok
13:56:20.0288 14340 ScreamBAudioSvc - ok
13:56:20.0331 14340 Secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\SECDRV.SYS
13:56:20.0335 14340 Secdrv - ok
13:56:20.0378 14340 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:56:20.0381 14340 Serenum - ok
13:56:20.0421 14340 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:56:20.0424 14340 Serial - ok
13:56:20.0440 14340 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:56:20.0440 14340 sermouse - ok
13:56:20.0475 14340 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
13:56:20.0475 14340 sffdisk - ok
13:56:20.0499 14340 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:56:20.0503 14340 sffp_mmc - ok
13:56:20.0514 14340 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:56:20.0518 14340 sffp_sd - ok
13:56:20.0546 14340 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:56:20.0546 14340 sfloppy - ok
13:56:20.0620 14340 sftfs (6532f56e1bd7fe50e1352b909530c651) C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftfslh.sys
13:56:20.0624 14340 sftfs - ok
13:56:20.0643 14340 sftplay (e6ff02b1bd81ea2f6894066d5cb6d91e) C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys
13:56:20.0647 14340 sftplay - ok
13:56:20.0678 14340 Sftredir (cffb30b10c66f9a8c6a70d105bd4de8d) C:\Windows\system32\DRIVERS\Sftredirlh.sys
13:56:20.0682 14340 Sftredir - ok
13:56:20.0694 14340 sftvol (baf32ef413025559c23754afcabca90a) C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftvollh.sys
13:56:20.0694 14340 sftvol - ok
13:56:20.0737 14340 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:56:20.0737 14340 SiSRaid2 - ok
13:56:20.0768 14340 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:56:20.0772 14340 SiSRaid4 - ok
13:56:20.0788 14340 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:56:20.0788 14340 Smb - ok
13:56:20.0815 14340 speedfan - ok
13:56:20.0850 14340 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:56:20.0850 14340 spldr - ok
13:56:20.0881 14340 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
13:56:20.0881 14340 srvnet - ok
13:56:20.0936 14340 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:56:20.0940 14340 stexstor - ok
13:56:20.0975 14340 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
13:56:20.0975 14340 storflt - ok
13:56:21.0010 14340 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
13:56:21.0010 14340 storvsc - ok
13:56:21.0053 14340 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:56:21.0053 14340 swenum - ok
13:56:21.0100 14340 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys
13:56:21.0100 14340 tap0901 - ok
13:56:21.0163 14340 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
13:56:21.0171 14340 Tcpip - ok
13:56:21.0245 14340 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
13:56:21.0253 14340 TCPIP6 - ok
13:56:21.0268 14340 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
13:56:21.0268 14340 tcpipreg - ok
13:56:21.0280 14340 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:56:21.0284 14340 TDPIPE - ok
13:56:21.0292 14340 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:56:21.0292 14340 TDTCP - ok
13:56:21.0311 14340 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:56:21.0311 14340 tdx - ok
13:56:21.0366 14340 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
13:56:21.0366 14340 TermDD - ok
13:56:21.0405 14340 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:56:21.0405 14340 tssecsrv - ok
13:56:21.0444 14340 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:56:21.0444 14340 tunnel - ok
13:56:21.0487 14340 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:56:21.0487 14340 uagp35 - ok
13:56:21.0542 14340 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
13:56:21.0542 14340 udfs - ok
13:56:21.0565 14340 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:56:21.0565 14340 uliagpkx - ok
13:56:21.0585 14340 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
13:56:21.0585 14340 umbus - ok
13:56:21.0604 14340 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:56:21.0604 14340 UmPass - ok
13:56:21.0659 14340 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
13:56:21.0659 14340 USBAAPL64 - ok
13:56:21.0682 14340 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
13:56:21.0682 14340 usbccgp - ok
13:56:21.0725 14340 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
13:56:21.0725 14340 usbcir - ok
13:56:21.0772 14340 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
13:56:21.0772 14340 usbehci - ok
13:56:21.0792 14340 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
13:56:21.0796 14340 usbhub - ok
13:56:21.0811 14340 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
13:56:21.0811 14340 usbohci - ok
13:56:21.0854 14340 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:56:21.0854 14340 usbprint - ok
13:56:21.0889 14340 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:56:21.0889 14340 usbscan - ok
13:56:21.0905 14340 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:56:21.0905 14340 USBSTOR - ok
13:56:21.0921 14340 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:56:21.0921 14340 usbuhci - ok
13:56:21.0983 14340 VBoxDrv (c40fecb0bd5da4e40690ef9ae4558a8c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
13:56:21.0983 14340 VBoxDrv - ok
13:56:22.0038 14340 VBoxNetAdp (b3fc2d5f35e05e12c28f786c140d1cbd) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
13:56:22.0038 14340 VBoxNetAdp - ok
13:56:22.0081 14340 VBoxNetFlt (91ef7f61587323cb1658fe919d091ec3) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
13:56:22.0081 14340 VBoxNetFlt - ok
13:56:22.0120 14340 VBoxUSBMon (cf8b6507670127041ca78ef82c56ee45) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
13:56:22.0120 14340 VBoxUSBMon - ok
13:56:22.0139 14340 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:56:22.0143 14340 vdrvroot - ok
13:56:22.0159 14340 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:56:22.0163 14340 vga - ok
13:56:22.0182 14340 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:56:22.0182 14340 VgaSave - ok
13:56:22.0206 14340 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
13:56:22.0206 14340 vhdmp - ok
13:56:22.0229 14340 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
13:56:22.0229 14340 viaide - ok
13:56:22.0256 14340 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
13:56:22.0256 14340 vmbus - ok
13:56:22.0276 14340 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
13:56:22.0276 14340 VMBusHID - ok
13:56:22.0346 14340 vmm (c117cedfb9bfeadb29106fdac1358470) C:\Windows\system32\Drivers\vmm.sys
13:56:22.0346 14340 vmm - ok
13:56:22.0362 14340 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
13:56:22.0366 14340 volmgr - ok
13:56:22.0424 14340 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:56:22.0424 14340 volmgrx - ok
13:56:22.0475 14340 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
13:56:22.0479 14340 volsnap - ok
13:56:22.0530 14340 VPCNetS2 (bc2ea40b98b5e866d9a4f98afb66b682) C:\Windows\system32\DRIVERS\VMNetSrv.sys
13:56:22.0530 14340 VPCNetS2 - ok
13:56:22.0577 14340 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:56:22.0581 14340 vsmraid - ok
13:56:22.0596 14340 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:56:22.0600 14340 vwifibus - ok
13:56:22.0635 14340 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:56:22.0635 14340 vwififlt - ok
13:56:22.0686 14340 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:56:22.0686 14340 WacomPen - ok
13:56:22.0733 14340 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:56:22.0733 14340 WANARP - ok
13:56:22.0737 14340 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:56:22.0741 14340 Wanarpv6 - ok
13:56:22.0764 14340 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:56:22.0768 14340 Wd - ok
13:56:22.0799 14340 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:56:22.0803 14340 Wdf01000 - ok
13:56:22.0854 14340 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:56:22.0854 14340 WfpLwf - ok
13:56:22.0866 14340 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:56:22.0866 14340 WIMMount - ok
13:56:22.0936 14340 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:56:22.0936 14340 WmiAcpi - ok
13:56:23.0065 14340 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:56:23.0065 14340 ws2ifsl - ok
13:56:23.0147 14340 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:56:23.0147 14340 WudfPf - ok
13:56:23.0167 14340 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:56:23.0167 14340 WUDFRd - ok
13:56:23.0245 14340 X6va005 - ok
13:56:23.0292 14340 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:56:23.0315 14340 \Device\Harddisk0\DR0 - ok
13:56:23.0319 14340 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR1
13:56:23.0374 14340 \Device\Harddisk1\DR1 - ok
13:56:23.0378 14340 Boot (0x1200) (171de11d02b1efc15d660c1ed5704821) \Device\Harddisk0\DR0\Partition0
13:56:23.0378 14340 \Device\Harddisk0\DR0\Partition0 - ok
13:56:23.0381 14340 Boot (0x1200) (7ac837e18f15223021a3577c0b55cef0) \Device\Harddisk1\DR1\Partition0
13:56:23.0381 14340 \Device\Harddisk1\DR1\Partition0 - ok
13:56:23.0381 14340 ============================================================
13:56:23.0381 14340 Scan finished
13:56:23.0381 14340 ============================================================
13:56:23.0393 14756 Detected object count: 0
13:56:23.0393 14756 Actual detected object count: 0

#13 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,115
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 05 February 2012 - 07:57 PM

Are you still getting redirects?

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#14 Patyfatycake

Member

Group: Members
Posts: 61
Joined: 01-February 12

Posted 05 February 2012 - 08:00 PM

Yes, only from search results though specifically on google.

This post has been edited by Patyfatycake: 05 February 2012 - 08:00 PM

#15 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,115
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 05 February 2012 - 08:02 PM

Please run OTL

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.

Please copy the following into the Custom Scans box at the bottom

/md5start
user32.dll
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
/md5stop

Now click the Run Scan button on the toolbar.
Let it run until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it