Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • This topic is locked This topic is locked
25 replies to this topic

#1 GKCzar

GKCzar

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 29 October 2011 - 09:06 PM

Hello I have the redirect virus. Only thing I noticed is sometimes its there. Other times it is not. I use chrome. And that when it does redirect it takes me 4 attempts at clicking the link before It lets me go to the website I want.

Here is DDS log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Gleb Kalmykov at 21:52:21 on 2011-10-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.5521 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\SysWOW64\UMonit.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Users\Gleb Kalmykov\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
D:\Itunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Users\Gleb Kalmykov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gleb Kalmykov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gleb Kalmykov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gleb Kalmykov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gleb Kalmykov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Gleb Kalmykov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Gleb Kalmykov\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
mRun: [BiosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "D:\Itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
StartupFolder: C:\Users\GLEBKA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Gleb Kalmykov\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\GLEBKA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{0768585B-40D7-4B33-9F8E-3A3631743446} : DhcpNameServer = 68.87.64.150 68.87.75.198
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [BiosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "D:\Itunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Gleb Kalmykov\AppData\Roaming\Mozilla\Firefox\Profiles\a6h7bza4.default\
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Gleb Kalmykov\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: D:\Itunes\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2011-8-17 14136]
R1 BS_I2cIo;BS_I2cIo;\??\C:\Windows\system32\drivers\BS_I2c64.sys --> C:\Windows\system32\drivers\BS_I2c64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-9-12 5265248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-18 2255464]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-16 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-10-29 23:25:26 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7D45BEAF-34A1-484A-A6B8-88BB26AA8058}\offreg.dll
2011-10-29 20:32:36 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7D45BEAF-34A1-484A-A6B8-88BB26AA8058}\mpengine.dll
2011-10-29 15:42:57 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-10-29 15:42:56 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-10-29 12:56:02 -------- d-----w- C:\ProgramData\STOPzilla!
2011-10-29 12:38:48 -------- d-----w- C:\ProgramData\Hitman Pro
2011-10-26 02:09:07 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Local\Dropbox_Folder_Sync
2011-10-26 02:08:11 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Roaming\Dropbox Folder Sync
2011-10-26 01:55:04 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Roaming\Dropbox
2011-10-25 22:37:23 -------- d-----w- C:\Program Files (x86)\Foxit Software
2011-10-23 23:32:20 -------- d-----w- C:\Program Files (x86)\Solveig Multimedia
2011-10-23 23:32:20 -------- d-----w- C:\Program Files (x86)\Common Files\Solveig Multimedia
2011-10-23 00:15:58 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2011-10-23 00:03:40 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2011-10-20 02:57:06 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2011-10-17 23:01:44 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2011-10-16 22:48:33 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Roaming\SUPERAntiSpyware.com
2011-10-16 22:48:17 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-10-16 22:48:17 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-10-16 22:46:48 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Roaming\QuickScan
2011-10-16 22:27:53 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-10-16 21:51:54 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Roaming\AVG2012
2011-10-16 21:51:06 -------- d--h--w- C:\ProgramData\Common Files
2011-10-16 21:50:55 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-10-16 21:50:39 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-10-16 21:50:39 -------- d-----w- C:\ProgramData\AVG2012
2011-10-16 21:50:24 -------- d-----w- C:\Program Files (x86)\AVG
2011-10-16 21:47:40 -------- d-----w- C:\ProgramData\MFAData
2011-10-16 21:09:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-16 12:21:13 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Local\{313DC32C-9255-4B2E-AB6A-D807C4EE4915}
2011-10-16 12:21:03 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Local\{7E500F1D-0C52-411D-9EB6-A7F76B760DBC}
2011-10-16 12:16:32 -------- d-----w- C:\Windows\en
2011-10-16 12:13:52 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-10-16 12:11:56 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2011-10-16 12:11:35 -------- d-----w- C:\Windows\PCHEALTH
2011-10-16 12:10:29 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-10-16 12:10:21 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\919f60c91cc8bfc04\bingbarsetup.exe
2011-10-16 12:10:03 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\88362b751cc8bfc03\MeshBetaRemover.exe
2011-10-16 12:10:00 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\84be9c7c1cc8bfc02\DSETUP.dll
2011-10-16 12:10:00 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\84be9c7c1cc8bfc02\DXSETUP.exe
2011-10-16 12:10:00 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\84be9c7c1cc8bfc02\dsetup32.dll
2011-10-16 12:09:52 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\81a6b7bf1cc8bfc01\DSETUP.dll
2011-10-16 12:09:52 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\81a6b7bf1cc8bfc01\DXSETUP.exe
2011-10-16 12:09:52 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\81a6b7bf1cc8bfc01\dsetup32.dll
2011-10-16 12:09:35 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Local\Windows Live
2011-10-16 12:09:33 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-10-16 02:13:00 -------- d-----w- C:\rscache
2011-10-16 01:44:42 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Local\SlimWare Utilities Inc
2011-10-16 01:44:27 -------- d-----w- C:\Program Files (x86)\DriverUpdate
2011-10-16 00:43:16 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-10-16 00:17:48 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C87F40DC-679D-45B4-88B8-C9618E8DF63D}\gapaengine.dll
2011-10-16 00:10:47 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-16 00:10:34 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-16 00:10:34 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-16 00:10:34 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-16 00:10:33 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-16 00:10:06 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-16 00:10:06 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-16 00:10:06 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-16 00:10:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-15 22:22:15 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Local\Microsoft Games
2011-10-15 21:54:12 -------- d-----w- C:\Program Files\CCleaner
2011-10-15 21:48:39 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-10-15 21:48:26 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2011-10-15 20:42:42 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Roaming\Malwarebytes
2011-10-15 20:42:38 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-13 23:48:54 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
2011-10-13 23:48:52 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2011-10-13 23:30:59 -------- d-----w- C:\Temp
2011-10-13 22:48:22 -------- d-----w- C:\Program Files (x86)\DownVision
2011-10-13 22:17:51 -------- d-----w- C:\Program Files (x86)\Common Files\ZealMediaCodec
2011-10-13 22:17:48 -------- d-----w- C:\Program Files (x86)\RealZeal Soft
2011-09-30 17:57:44 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-09-30 17:32:29 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Roaming\.minecraft
2011-09-30 04:44:34 -------- d-----w- C:\ProgramData\Tarma Installer
2011-09-30 03:54:32 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Roaming\NVIDIA
2011-09-30 03:13:41 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-09-30 03:13:38 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Local\PunkBuster
2011-09-30 03:12:57 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2011-09-30 03:11:50 -------- d-----w- C:\ProgramData\EA Core
2011-09-30 03:11:39 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2011-09-30 03:11:14 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-09-30 03:11:14 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-09-30 03:11:13 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
.
==================== Find3M ====================
.
2011-10-24 00:53:49 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 09:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-18 02:12:51 4435968 ----a-w- C:\Windows\System32\GeneIcon.dll
2011-09-18 02:12:51 36864 ----a-w- C:\Windows\SysWow64\UMonit.exe
2011-09-18 02:12:51 180224 ----a-w- C:\Windows\SysWow64\ustor.dll
2011-09-17 20:02:48 73216 ----a-w- C:\Windows\ST6UNST.EXE
2011-09-17 20:02:48 249856 ------w- C:\Windows\Setup1.exe
2011-09-13 10:30:08 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2011-08-31 03:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-31 03:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-31 03:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-31 03:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-31 03:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-31 03:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-31 03:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-08-19 09:27:30 769312 ----a-w- C:\Windows\System32\LVUI64.dll
2011-08-19 09:27:30 561440 ----a-w- C:\Windows\System32\LVUIRC64.dll
2011-08-19 09:27:30 4869024 ----a-w- C:\Windows\System32\drivers\lvuvc64.sys
2011-08-19 09:27:30 351136 ----a-w- C:\Windows\System32\drivers\lvrs64.sys
2011-08-19 09:27:22 263456 ----a-w- C:\Windows\System32\lvco13301394.dll
2011-08-19 09:27:22 176416 ----a-w- C:\Windows\System32\lvcod64.dll
2011-08-19 09:26:50 545056 ----a-w- C:\Windows\SysWow64\LVUI2.dll
2011-08-19 09:26:50 540960 ----a-w- C:\Windows\SysWow64\LVUI2RC.dll
2011-08-19 09:26:46 307488 ----a-w- C:\Windows\SysWow64\lvcodec2.dll
2011-08-19 09:26:20 336408 ----a-w- C:\Windows\SysWow64\DevManagerCore.dll
2011-08-19 09:26:20 336408 ----a-w- C:\Windows\System32\DevManagerCore.dll
2011-08-19 09:26:20 10898456 ----a-w- C:\Windows\SysWow64\LogiDPP.dll
2011-08-19 09:26:20 10898456 ----a-w- C:\Windows\System32\LogiDPP.dll
2011-08-19 09:26:20 104472 ----a-w- C:\Windows\SysWow64\LogiDPPApp.exe
2011-08-19 09:26:20 104472 ----a-w- C:\Windows\System32\LogiDPPApp.exe
2011-08-18 01:18:44 270912 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-08-12 16:19:40 16920 ----a-w- C:\Windows\System32\drivers\iKeyLFT264.dll
2011-08-08 10:08:58 46672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2011-08-03 07:31:54 311912 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
============= FINISH: 21:59:50.14 ===============
I have 64bit. When I run Gmer I can only check (services, registries, and files)All the other boxes are grayed out.
Hope you guys can help me :)

I was referred here from this link.
http://www.bleepingcomputer.com/forums/topic425541.html/page__p__2457911__fromsearch__1#entry2457911

Attached Files


Edited by GKCzar, 30 October 2011 - 12:19 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:16 PM

Posted 02 November 2011 - 02:07 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 GKCzar

GKCzar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 04 November 2011 - 06:14 PM

Another thing I have noticed is that internet explorer is always open in the background. And it is taking up my ram.
Here is the dds report


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Gleb Kalmykov at 19:03:04 on 2011-11-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.5543 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\SysWOW64\UMonit.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Users\Gleb Kalmykov\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
D:\Itunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
D:\Gleb's Games\Warcraft 3\Warcraft III\DotaToolKit.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Windows\Explorer.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\Gleb Kalmykov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gleb Kalmykov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gleb Kalmykov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gleb Kalmykov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gleb Kalmykov\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Gleb Kalmykov\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
mRun: [BiosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "D:\Itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
StartupFolder: C:\Users\GLEBKA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Gleb Kalmykov\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\GLEBKA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{0768585B-40D7-4B33-9F8E-3A3631743446} : DhcpNameServer = 68.87.64.150 68.87.75.198
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [BiosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "D:\Itunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Gleb Kalmykov\AppData\Roaming\Mozilla\Firefox\Profiles\a6h7bza4.default\
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Gleb Kalmykov\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: D:\Itunes\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2011-8-17 14136]
R1 BS_I2cIo;BS_I2cIo;\??\C:\Windows\system32\drivers\BS_I2c64.sys --> C:\Windows\system32\drivers\BS_I2c64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-18 2255464]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-16 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 USTOR2K;USB Mass Storage Windows Driver;C:\Windows\system32\DRIVERS\ustor2k.sys --> C:\Windows\system32\DRIVERS\ustor2k.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-04 10:52:23 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F8A50449-947A-4185-9229-DE0F74C94112}\offreg.dll
2011-11-04 10:52:21 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F8A50449-947A-4185-9229-DE0F74C94112}\mpengine.dll
2011-11-01 01:06:09 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Local\{CAAB6A85-38B7-4F19-8718-9FA0EBB5ED2B}
2011-11-01 01:05:58 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Local\{E3067A82-A90C-4ADD-BB86-608ABF062F07}
2011-11-01 01:05:58 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Local\{CA066CD7-2C56-4595-9230-98F1180357B3}
2011-10-29 15:42:57 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-10-29 15:42:56 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-10-29 12:56:02 -------- d-----w- C:\ProgramData\STOPzilla!
2011-10-29 12:38:48 -------- d-----w- C:\ProgramData\Hitman Pro
2011-10-26 02:09:07 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Local\Dropbox_Folder_Sync
2011-10-26 02:08:11 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Roaming\Dropbox Folder Sync
2011-10-26 01:55:04 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Roaming\Dropbox
2011-10-25 22:37:23 -------- d-----w- C:\Program Files (x86)\Foxit Software
2011-10-23 23:32:20 -------- d-----w- C:\Program Files (x86)\Solveig Multimedia
2011-10-23 23:32:20 -------- d-----w- C:\Program Files (x86)\Common Files\Solveig Multimedia
2011-10-23 00:15:58 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2011-10-23 00:03:40 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2011-10-20 02:57:06 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2011-10-17 23:01:44 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2011-10-16 22:48:33 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Roaming\SUPERAntiSpyware.com
2011-10-16 22:48:17 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-10-16 22:48:17 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-10-16 22:46:48 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Roaming\QuickScan
2011-10-16 22:27:53 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-10-16 21:51:54 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Roaming\AVG2012
2011-10-16 21:51:06 -------- d--h--w- C:\ProgramData\Common Files
2011-10-16 21:50:55 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-10-16 21:50:39 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-10-16 21:50:39 -------- d-----w- C:\ProgramData\AVG2012
2011-10-16 21:50:24 -------- d-----w- C:\Program Files (x86)\AVG
2011-10-16 21:47:40 -------- d-----w- C:\ProgramData\MFAData
2011-10-16 21:09:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-16 12:21:13 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Local\{313DC32C-9255-4B2E-AB6A-D807C4EE4915}
2011-10-16 12:21:03 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Local\{7E500F1D-0C52-411D-9EB6-A7F76B760DBC}
2011-10-16 12:16:32 -------- d-----w- C:\Windows\en
2011-10-16 12:13:52 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-10-16 12:11:56 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2011-10-16 12:11:35 -------- d-----w- C:\Windows\PCHEALTH
2011-10-16 12:10:29 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-10-16 12:10:21 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\919f60c91cc8bfc04\bingbarsetup.exe
2011-10-16 12:10:03 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\88362b751cc8bfc03\MeshBetaRemover.exe
2011-10-16 12:10:00 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\84be9c7c1cc8bfc02\DSETUP.dll
2011-10-16 12:10:00 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\84be9c7c1cc8bfc02\DXSETUP.exe
2011-10-16 12:10:00 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\84be9c7c1cc8bfc02\dsetup32.dll
2011-10-16 12:09:52 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\81a6b7bf1cc8bfc01\DSETUP.dll
2011-10-16 12:09:52 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\81a6b7bf1cc8bfc01\DXSETUP.exe
2011-10-16 12:09:52 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\81a6b7bf1cc8bfc01\dsetup32.dll
2011-10-16 12:09:35 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Local\Windows Live
2011-10-16 12:09:33 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-10-16 02:13:00 -------- d-----w- C:\rscache
2011-10-16 01:44:42 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Local\SlimWare Utilities Inc
2011-10-16 01:44:27 -------- d-----w- C:\Program Files (x86)\DriverUpdate
2011-10-16 00:43:16 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-10-16 00:17:48 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C87F40DC-679D-45B4-88B8-C9618E8DF63D}\gapaengine.dll
2011-10-16 00:10:47 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-16 00:10:34 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-16 00:10:34 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-16 00:10:34 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-16 00:10:33 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-16 00:10:06 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-16 00:10:06 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-16 00:10:06 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-16 00:10:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-15 22:22:15 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Local\Microsoft Games
2011-10-15 21:54:12 -------- d-----w- C:\Program Files\CCleaner
2011-10-15 21:48:39 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-10-15 21:48:26 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2011-10-15 20:42:42 -------- d-----w- C:\Users\Gleb Kalmykov\AppData\Roaming\Malwarebytes
2011-10-15 20:42:38 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-13 23:48:54 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
2011-10-13 23:48:52 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2011-10-13 23:30:59 -------- d-----w- C:\Temp
2011-10-13 22:48:22 -------- d-----w- C:\Program Files (x86)\DownVision
2011-10-13 22:17:51 -------- d-----w- C:\Program Files (x86)\Common Files\ZealMediaCodec
2011-10-13 22:17:48 -------- d-----w- C:\Program Files (x86)\RealZeal Soft
2011-10-07 10:23:46 283728 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
.
==================== Find3M ====================
.
2011-10-24 00:53:49 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 09:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-30 17:57:41 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-09-30 03:13:42 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-09-30 03:13:42 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-09-30 03:11:21 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-09-30 03:11:13 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-09-18 02:12:51 4435968 ----a-w- C:\Windows\System32\GeneIcon.dll
2011-09-18 02:12:51 36864 ----a-w- C:\Windows\SysWow64\UMonit.exe
2011-09-18 02:12:51 34048 ----a-w- C:\Windows\System32\drivers\ustor2k.sys
2011-09-18 02:12:51 180224 ----a-w- C:\Windows\SysWow64\ustor.dll
2011-09-17 20:02:48 73216 ----a-w- C:\Windows\ST6UNST.EXE
2011-09-17 20:02:48 249856 ------w- C:\Windows\Setup1.exe
2011-09-13 10:30:08 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2011-08-31 03:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-31 03:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-31 03:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-31 03:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-31 03:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-31 03:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-31 03:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-08-19 09:27:30 769312 ----a-w- C:\Windows\System32\LVUI64.dll
2011-08-19 09:27:30 561440 ----a-w- C:\Windows\System32\LVUIRC64.dll
2011-08-19 09:27:30 4869024 ----a-w- C:\Windows\System32\drivers\lvuvc64.sys
2011-08-19 09:27:30 351136 ----a-w- C:\Windows\System32\drivers\lvrs64.sys
2011-08-19 09:27:22 263456 ----a-w- C:\Windows\System32\lvco13301394.dll
2011-08-19 09:27:22 176416 ----a-w- C:\Windows\System32\lvcod64.dll
2011-08-19 09:26:50 545056 ----a-w- C:\Windows\SysWow64\LVUI2.dll
2011-08-19 09:26:50 540960 ----a-w- C:\Windows\SysWow64\LVUI2RC.dll
2011-08-19 09:26:46 307488 ----a-w- C:\Windows\SysWow64\lvcodec2.dll
2011-08-19 09:26:20 336408 ----a-w- C:\Windows\SysWow64\DevManagerCore.dll
2011-08-19 09:26:20 336408 ----a-w- C:\Windows\System32\DevManagerCore.dll
2011-08-19 09:26:20 10898456 ----a-w- C:\Windows\SysWow64\LogiDPP.dll
2011-08-19 09:26:20 10898456 ----a-w- C:\Windows\System32\LogiDPP.dll
2011-08-19 09:26:20 104472 ----a-w- C:\Windows\SysWow64\LogiDPPApp.exe
2011-08-19 09:26:20 104472 ----a-w- C:\Windows\System32\LogiDPPApp.exe
2011-08-18 01:18:44 270912 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-08-12 16:19:40 16920 ----a-w- C:\Windows\System32\drivers\iKeyLFT264.dll
2011-08-08 10:08:58 46672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
.
============= FINISH: 19:10:35.36 ===============
I shall also attach the other file.

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:16 PM

Posted 04 November 2011 - 08:31 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 GKCzar

GKCzar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 04 November 2011 - 10:20 PM

ComboFix 11-11-04.04 - Gleb Kalmykov 11/04/2011 22:17:32.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.6117 [GMT -4:00]
Running from: c:\users\Gleb Kalmykov\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setup.dll
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.dat
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico
c:\users\Gleb Kalmykov\AppData\Roaming\chrtmp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-05 to 2011-11-05 )))))))))))))))))))))))))))))))
.
.
2011-11-05 02:54 . 2011-11-05 02:54 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8A50449-947A-4185-9229-DE0F74C94112}\offreg.dll
2011-11-05 02:50 . 2011-11-05 02:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-05 02:50 . 2011-11-05 02:50 -------- d-----w- c:\users\Mama and Papa\AppData\Local\temp
2011-11-05 02:50 . 2011-11-05 02:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-04 10:52 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8A50449-947A-4185-9229-DE0F74C94112}\mpengine.dll
2011-10-29 15:42 . 2011-10-29 15:42 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-10-29 15:42 . 2011-10-29 15:42 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-10-29 12:56 . 2011-10-29 15:43 -------- d-----w- c:\programdata\STOPzilla!
2011-10-29 12:38 . 2011-10-29 12:38 -------- d-----w- c:\programdata\Hitman Pro
2011-10-27 09:54 . 2011-10-27 10:01 -------- d-----w- c:\users\Gleb Kalmykov\AppData\Roaming\U3
2011-10-26 02:09 . 2011-10-26 02:09 -------- d-----w- c:\users\Gleb Kalmykov\AppData\Local\Dropbox_Folder_Sync
2011-10-26 02:08 . 2011-10-26 02:08 -------- d-----w- c:\users\Gleb Kalmykov\AppData\Roaming\Dropbox Folder Sync
2011-10-26 01:55 . 2011-11-05 02:55 -------- d-----w- c:\users\Gleb Kalmykov\AppData\Roaming\Dropbox
2011-10-25 22:37 . 2011-10-25 22:37 -------- d-----w- c:\program files (x86)\Foxit Software
2011-10-23 23:32 . 2011-10-23 23:32 -------- d-----w- c:\program files (x86)\Common Files\Solveig Multimedia
2011-10-23 23:32 . 2011-10-23 23:32 -------- d-----w- c:\program files (x86)\Solveig Multimedia
2011-10-23 04:06 . 2011-10-23 04:06 -------- d-----w- c:\users\Mama and Papa\AppData\Roaming\AVG2012
2011-10-23 00:15 . 2011-10-23 00:15 -------- d-----w- c:\programdata\Blizzard Entertainment
2011-10-23 00:03 . 2011-10-23 00:03 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2011-10-20 02:57 . 2011-10-20 02:57 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-17 23:01 . 2011-10-19 19:05 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-10-16 22:48 . 2011-10-16 22:48 -------- d-----w- c:\users\Gleb Kalmykov\AppData\Roaming\SUPERAntiSpyware.com
2011-10-16 22:48 . 2011-10-17 23:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-16 22:48 . 2011-10-16 22:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-16 22:46 . 2011-10-19 00:51 -------- d-----w- c:\users\Gleb Kalmykov\AppData\Roaming\QuickScan
2011-10-16 22:27 . 2011-10-16 22:29 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-10-16 21:51 . 2011-10-16 21:51 -------- d-----w- c:\users\Gleb Kalmykov\AppData\Roaming\AVG2012
2011-10-16 21:51 . 2011-10-16 21:51 -------- d--h--w- c:\programdata\Common Files
2011-10-16 21:50 . 2011-10-16 21:50 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-10-16 21:50 . 2011-11-04 22:48 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-16 21:50 . 2011-10-24 03:07 -------- d-----w- c:\programdata\AVG2012
2011-10-16 21:50 . 2011-10-16 21:50 -------- d-----w- c:\program files (x86)\AVG
2011-10-16 21:47 . 2011-11-04 22:48 -------- d-----w- c:\programdata\MFAData
2011-10-16 21:09 . 2011-10-16 21:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-16 12:16 . 2011-10-16 12:16 -------- d-----w- c:\windows\en
2011-10-16 12:13 . 2011-10-16 12:13 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-10-16 12:11 . 2011-05-13 19:37 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-10-16 12:11 . 2011-10-16 12:16 -------- d-----w- c:\program files (x86)\Windows Live
2011-10-16 12:11 . 2011-10-16 12:11 -------- d-----w- c:\windows\PCHEALTH
2011-10-16 12:11 . 2011-10-16 12:11 -------- d-----w- c:\program files\Windows Live
2011-10-16 12:10 . 2011-10-16 22:36 -------- d-----w- c:\program files (x86)\Microsoft
2011-10-16 12:09 . 2011-11-01 01:08 -------- d-----w- c:\users\Gleb Kalmykov\AppData\Local\Windows Live
2011-10-16 12:09 . 2011-10-16 12:09 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-10-16 02:13 . 2011-10-23 14:38 -------- d-----w- C:\rscache
2011-10-16 01:44 . 2011-10-16 01:44 -------- d-----w- c:\users\Gleb Kalmykov\AppData\Local\SlimWare Utilities Inc
2011-10-16 01:44 . 2011-10-16 12:06 -------- d-----w- c:\program files (x86)\DriverUpdate
2011-10-16 01:35 . 2011-10-16 01:35 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-16 00:43 . 2011-10-16 00:43 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-16 00:17 . 2011-10-16 00:17 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C87F40DC-679D-45B4-88B8-C9618E8DF63D}\gapaengine.dll
2011-10-16 00:10 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-16 00:10 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-16 00:10 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-16 00:10 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-16 00:10 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-16 00:10 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-16 00:10 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-16 00:10 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-16 00:10 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-15 22:22 . 2011-10-15 22:22 -------- d-----w- c:\users\Gleb Kalmykov\AppData\Local\Microsoft Games
2011-10-15 21:54 . 2011-10-29 18:18 -------- d-----w- c:\program files\CCleaner
2011-10-15 21:48 . 2011-10-24 03:09 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-15 21:48 . 2011-10-16 00:04 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2011-10-15 20:42 . 2011-10-15 20:42 -------- d-----w- c:\users\Gleb Kalmykov\AppData\Roaming\Malwarebytes
2011-10-15 20:42 . 2011-10-15 20:42 -------- d-----w- c:\programdata\Malwarebytes
2011-10-14 18:14 . 2011-10-16 00:04 -------- d-----w- c:\users\Mama and Papa\AppData\Roaming\ZumoDrive
2011-10-14 18:14 . 2011-10-14 18:14 -------- d-----w- c:\users\Mama and Papa\AppData\Roaming\Origin
2011-10-14 18:14 . 2011-10-14 18:14 -------- d-----w- c:\users\Mama and Papa\AppData\Local\Origin
2011-10-13 23:48 . 2011-07-16 14:17 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2011-10-13 23:48 . 2011-10-16 00:04 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2011-10-13 23:30 . 2011-10-15 21:23 -------- d-----w- C:\Temp
2011-10-13 22:48 . 2011-10-13 23:34 -------- d-----w- c:\program files (x86)\DownVision
2011-10-13 22:17 . 2011-10-13 22:17 -------- d-----w- c:\program files (x86)\Common Files\ZealMediaCodec
2011-10-13 22:17 . 2011-10-13 22:17 -------- d-----w- c:\program files (x86)\RealZeal Soft
2011-10-07 10:23 . 2011-10-07 10:23 283728 ----a-w- c:\windows\system32\drivers\avgldx64.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 00:53 . 2011-08-18 17:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-16 12:11 . 2011-03-28 22:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-07 04:16 . 2011-08-19 17:44 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 09:06 . 2011-08-18 04:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-30 17:57 . 2011-09-30 17:57 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-30 03:13 . 2011-09-30 03:13 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-09-30 03:13 . 2011-09-30 03:11 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-09-30 03:11 . 2011-09-30 03:11 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-09-30 03:11 . 2011-09-30 03:11 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-09-18 02:12 . 2011-09-18 02:13 4435968 ----a-w- c:\windows\system32\GeneIcon.dll
2011-09-18 02:12 . 2011-09-18 02:13 36864 ----a-w- c:\windows\SysWow64\UMonit.exe
2011-09-18 02:12 . 2011-09-18 02:13 180224 ----a-w- c:\windows\SysWow64\ustor.dll
2011-09-18 02:12 . 2011-09-18 02:12 34048 ----a-w- c:\windows\system32\drivers\ustor2k.sys
2011-09-17 20:02 . 2011-09-17 20:02 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-09-17 20:02 . 2011-09-17 20:02 249856 ------w- c:\windows\Setup1.exe
2011-09-13 10:30 . 2011-09-13 10:30 37456 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2011-08-31 03:05 . 2011-08-31 03:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-08-19 09:27 . 2011-08-19 09:27 769312 ----a-w- c:\windows\system32\LVUI64.dll
2011-08-19 09:27 . 2011-08-19 09:27 561440 ----a-w- c:\windows\system32\LVUIRC64.dll
2011-08-19 09:27 . 2011-08-19 09:27 4869024 ----a-w- c:\windows\system32\drivers\lvuvc64.sys
2011-08-19 09:27 . 2011-08-19 09:27 351136 ----a-w- c:\windows\system32\drivers\lvrs64.sys
2011-08-19 09:27 . 2011-08-19 09:27 263456 ----a-w- c:\windows\system32\lvco13301394.dll
2011-08-19 09:27 . 2011-08-19 09:27 176416 ----a-w- c:\windows\system32\lvcod64.dll
2011-08-19 09:26 . 2011-08-19 09:26 545056 ----a-w- c:\windows\SysWow64\LVUI2.dll
2011-08-19 09:26 . 2011-08-19 09:26 540960 ----a-w- c:\windows\SysWow64\LVUI2RC.dll
2011-08-19 09:26 . 2011-08-19 09:26 307488 ----a-w- c:\windows\SysWow64\lvcodec2.dll
2011-08-19 09:26 . 2011-08-19 09:26 336408 ----a-w- c:\windows\SysWow64\DevManagerCore.dll
2011-08-19 09:26 . 2011-08-19 09:26 336408 ----a-w- c:\windows\system32\DevManagerCore.dll
2011-08-19 09:26 . 2011-08-19 09:26 10898456 ----a-w- c:\windows\SysWow64\LogiDPP.dll
2011-08-19 09:26 . 2011-08-19 09:26 10898456 ----a-w- c:\windows\system32\LogiDPP.dll
2011-08-19 09:26 . 2011-08-19 09:26 104472 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe
2011-08-19 09:26 . 2011-08-19 09:26 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe
2011-08-19 01:09 . 2011-08-19 01:09 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-08-19 01:09 . 2011-08-19 01:09 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-08-19 01:09 . 2011-08-19 01:09 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-08-19 01:09 . 2011-08-19 01:09 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-08-18 14:34 . 2011-09-09 01:06 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-18 14:24 . 2011-08-18 14:24 53248 ----a-r- c:\users\Gleb Kalmykov\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-08-18 01:18 . 2011-08-18 01:18 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-08-16 12:48 . 2011-08-18 14:25 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{23BACFFB-C2F6-4B34-8672-767B3CEFAF48}\mpengine.dll
2011-08-12 16:19 . 2011-08-12 16:19 16920 ----a-w- c:\windows\system32\drivers\iKeyLFT264.dll
2011-08-08 10:08 . 2011-08-08 10:08 46672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Gleb Kalmykov\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Gleb Kalmykov\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Gleb Kalmykov\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 5500800]
"InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-08-09 1176064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BiosNotice"="c:\program files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe" [2010-10-13 1003008]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-06-11 1349632]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2011-10-09 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
.
c:\users\Gleb Kalmykov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Gleb Kalmykov\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [x]
R0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 USTOR2K;USB Mass Storage Windows Driver;c:\windows\system32\DRIVERS\ustor2k.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2009-07-15 14136]
S1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2c64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-122441246-2124929187-3678946359-1000Core.job
- c:\users\Gleb Kalmykov\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-17 20:32]
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-122441246-2124929187-3678946359-1000UA.job
- c:\users\Gleb Kalmykov\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-17 20:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Gleb Kalmykov\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Gleb Kalmykov\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Gleb Kalmykov\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Gleb Kalmykov\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024]
"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"UMonit"="c:\windows\SysWOW64\UMonit.exe" [2011-09-18 36864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
FF - ProfilePath - c:\users\Gleb Kalmykov\AppData\Roaming\Mozilla\Firefox\Profiles\a6h7bza4.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-122441246-2124929187-3678946359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-122441246-2124929187-3678946359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2011-11-04 23:16:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-05 03:16
.
Pre-Run: 9,286,561,792 bytes free
Post-Run: 9,366,949,888 bytes free
.
- - End Of File - - 638B8127258706340E9922A6D2DB2374
Internet explorer is still running in the background. I am not sure if redirecting is gone. Right now it seems too. However there have been periods before where it didn't redirect for a little and then it came back.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:16 PM

Posted 04 November 2011 - 11:39 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 GKCzar

GKCzar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 05 November 2011 - 05:26 AM

06:24:11.0312 1204 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
06:24:12.0590 1204 ============================================================
06:24:12.0591 1204 Current date / time: 2011/11/05 06:24:12.0590
06:24:12.0591 1204 SystemInfo:
06:24:12.0591 1204
06:24:12.0591 1204 OS Version: 6.1.7601 ServicePack: 1.0
06:24:12.0591 1204 Product type: Workstation
06:24:12.0591 1204 ComputerName: GLEBKALMYKOV-PC
06:24:12.0591 1204 UserName: Gleb Kalmykov
06:24:12.0591 1204 Windows directory: C:\Windows
06:24:12.0591 1204 System windows directory: C:\Windows
06:24:12.0591 1204 Running under WOW64
06:24:12.0591 1204 Processor architecture: Intel x64
06:24:12.0591 1204 Number of processors: 4
06:24:12.0591 1204 Page size: 0x1000
06:24:12.0591 1204 Boot type: Normal boot
06:24:12.0591 1204 ============================================================
06:24:15.0215 1204 Initialize success
06:24:17.0775 5372 ============================================================
06:24:17.0775 5372 Scan started
06:24:17.0775 5372 Mode: Manual;
06:24:17.0775 5372 ============================================================
06:24:20.0068 5372 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
06:24:20.0068 5372 1394ohci - ok
06:24:20.0099 5372 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
06:24:20.0099 5372 ACPI - ok
06:24:20.0130 5372 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
06:24:20.0130 5372 AcpiPmi - ok
06:24:20.0146 5372 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
06:24:20.0146 5372 adp94xx - ok
06:24:20.0177 5372 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
06:24:20.0177 5372 adpahci - ok
06:24:20.0193 5372 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
06:24:20.0193 5372 adpu320 - ok
06:24:20.0239 5372 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
06:24:20.0239 5372 AFD - ok
06:24:20.0255 5372 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
06:24:20.0255 5372 agp440 - ok
06:24:20.0271 5372 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
06:24:20.0271 5372 aliide - ok
06:24:20.0286 5372 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
06:24:20.0286 5372 amdide - ok
06:24:20.0286 5372 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
06:24:20.0286 5372 AmdK8 - ok
06:24:20.0302 5372 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
06:24:20.0302 5372 AmdPPM - ok
06:24:20.0333 5372 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
06:24:20.0333 5372 amdsata - ok
06:24:20.0349 5372 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
06:24:20.0349 5372 amdsbs - ok
06:24:20.0364 5372 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
06:24:20.0380 5372 amdxata - ok
06:24:20.0380 5372 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
06:24:20.0380 5372 AppID - ok
06:24:20.0427 5372 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
06:24:20.0427 5372 arc - ok
06:24:20.0442 5372 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
06:24:20.0442 5372 arcsas - ok
06:24:20.0458 5372 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
06:24:20.0458 5372 AsyncMac - ok
06:24:20.0473 5372 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
06:24:20.0473 5372 atapi - ok
06:24:20.0536 5372 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
06:24:20.0536 5372 AVGIDSDriver - ok
06:24:20.0551 5372 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
06:24:20.0551 5372 AVGIDSEH - ok
06:24:20.0567 5372 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
06:24:20.0567 5372 AVGIDSFilter - ok
06:24:20.0614 5372 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
06:24:20.0614 5372 Avgldx64 - ok
06:24:20.0645 5372 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
06:24:20.0645 5372 Avgmfx64 - ok
06:24:20.0692 5372 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
06:24:20.0692 5372 Avgrkx64 - ok
06:24:20.0707 5372 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
06:24:20.0707 5372 Avgtdia - ok
06:24:20.0754 5372 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
06:24:20.0754 5372 b06bdrv - ok
06:24:20.0785 5372 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
06:24:20.0785 5372 b57nd60a - ok
06:24:20.0817 5372 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
06:24:20.0817 5372 Beep - ok
06:24:20.0848 5372 BIOS (00cadb1bc2d0030f0b2a1063618b6bd7) C:\Windows\system32\drivers\BIOS64.sys
06:24:20.0848 5372 BIOS - ok
06:24:20.0863 5372 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
06:24:20.0863 5372 blbdrive - ok
06:24:20.0910 5372 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
06:24:20.0910 5372 bowser - ok
06:24:20.0926 5372 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
06:24:20.0926 5372 BrFiltLo - ok
06:24:20.0941 5372 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
06:24:20.0941 5372 BrFiltUp - ok
06:24:20.0973 5372 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
06:24:20.0973 5372 Brserid - ok
06:24:20.0988 5372 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
06:24:20.0988 5372 BrSerWdm - ok
06:24:21.0004 5372 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
06:24:21.0004 5372 BrUsbMdm - ok
06:24:21.0035 5372 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
06:24:21.0035 5372 BrUsbSer - ok
06:24:21.0066 5372 BS_I2cIo (83601bbe5563d92c1fdb4e960d84dc77) C:\Windows\system32\drivers\BS_I2c64.sys
06:24:21.0066 5372 BS_I2cIo - ok
06:24:21.0082 5372 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
06:24:21.0082 5372 BTHMODEM - ok
06:24:21.0129 5372 catchme - ok
06:24:21.0160 5372 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
06:24:21.0160 5372 cdfs - ok
06:24:21.0175 5372 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
06:24:21.0191 5372 cdrom - ok
06:24:21.0207 5372 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
06:24:21.0207 5372 circlass - ok
06:24:21.0238 5372 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
06:24:21.0238 5372 CLFS - ok
06:24:21.0285 5372 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
06:24:21.0285 5372 CmBatt - ok
06:24:21.0300 5372 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
06:24:21.0300 5372 cmdide - ok
06:24:21.0331 5372 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
06:24:21.0331 5372 CNG - ok
06:24:21.0347 5372 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
06:24:21.0347 5372 Compbatt - ok
06:24:21.0378 5372 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
06:24:21.0378 5372 CompositeBus - ok
06:24:21.0394 5372 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
06:24:21.0394 5372 crcdisk - ok
06:24:21.0441 5372 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
06:24:21.0441 5372 DfsC - ok
06:24:21.0456 5372 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
06:24:21.0456 5372 discache - ok
06:24:21.0472 5372 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
06:24:21.0472 5372 Disk - ok
06:24:21.0503 5372 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
06:24:21.0503 5372 drmkaud - ok
06:24:21.0550 5372 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
06:24:21.0550 5372 dtsoftbus01 - ok
06:24:21.0581 5372 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
06:24:21.0597 5372 DXGKrnl - ok
06:24:21.0659 5372 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
06:24:21.0675 5372 ebdrv - ok
06:24:21.0721 5372 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
06:24:21.0721 5372 elxstor - ok
06:24:21.0737 5372 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
06:24:21.0737 5372 ErrDev - ok
06:24:21.0768 5372 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
06:24:21.0768 5372 exfat - ok
06:24:21.0784 5372 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
06:24:21.0799 5372 fastfat - ok
06:24:21.0815 5372 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
06:24:21.0815 5372 fdc - ok
06:24:21.0846 5372 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
06:24:21.0846 5372 FileInfo - ok
06:24:21.0862 5372 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
06:24:21.0862 5372 Filetrace - ok
06:24:21.0877 5372 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
06:24:21.0877 5372 flpydisk - ok
06:24:21.0909 5372 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
06:24:21.0909 5372 FltMgr - ok
06:24:21.0909 5372 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
06:24:21.0924 5372 FsDepends - ok
06:24:21.0955 5372 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
06:24:21.0971 5372 fssfltr - ok
06:24:21.0987 5372 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
06:24:21.0987 5372 Fs_Rec - ok
06:24:22.0018 5372 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
06:24:22.0033 5372 fvevol - ok
06:24:22.0065 5372 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
06:24:22.0065 5372 gagp30kx - ok
06:24:22.0096 5372 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:24:22.0096 5372 GEARAspiWDM - ok
06:24:22.0111 5372 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
06:24:22.0127 5372 hcw85cir - ok
06:24:22.0158 5372 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
06:24:22.0174 5372 HdAudAddService - ok
06:24:22.0189 5372 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
06:24:22.0189 5372 HDAudBus - ok
06:24:22.0205 5372 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
06:24:22.0221 5372 HidBatt - ok
06:24:22.0236 5372 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
06:24:22.0236 5372 HidBth - ok
06:24:22.0252 5372 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
06:24:22.0252 5372 HidIr - ok
06:24:22.0267 5372 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
06:24:22.0267 5372 HidUsb - ok
06:24:22.0314 5372 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
06:24:22.0314 5372 HpSAMD - ok
06:24:22.0345 5372 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
06:24:22.0361 5372 HTTP - ok
06:24:22.0377 5372 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
06:24:22.0377 5372 hwpolicy - ok
06:24:22.0408 5372 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
06:24:22.0408 5372 i8042prt - ok
06:24:22.0439 5372 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
06:24:22.0439 5372 iaStorV - ok
06:24:22.0470 5372 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
06:24:22.0470 5372 iirsp - ok
06:24:22.0564 5372 IntcAzAudAddService (c03463214d23b46b991f582821c8df69) C:\Windows\system32\drivers\RTKVHD64.sys
06:24:22.0579 5372 IntcAzAudAddService - ok
06:24:22.0595 5372 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
06:24:22.0595 5372 intelide - ok
06:24:22.0611 5372 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
06:24:22.0626 5372 intelppm - ok
06:24:22.0642 5372 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:24:22.0642 5372 IpFilterDriver - ok
06:24:22.0689 5372 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
06:24:22.0689 5372 IPMIDRV - ok
06:24:22.0704 5372 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
06:24:22.0704 5372 IPNAT - ok
06:24:22.0767 5372 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
06:24:22.0767 5372 IRENUM - ok
06:24:22.0782 5372 is3srv - ok
06:24:22.0798 5372 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
06:24:22.0798 5372 isapnp - ok
06:24:22.0829 5372 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
06:24:22.0829 5372 iScsiPrt - ok
06:24:22.0845 5372 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
06:24:22.0845 5372 kbdclass - ok
06:24:22.0860 5372 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
06:24:22.0860 5372 kbdhid - ok
06:24:22.0876 5372 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
06:24:22.0876 5372 KSecDD - ok
06:24:22.0891 5372 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
06:24:22.0891 5372 KSecPkg - ok
06:24:22.0907 5372 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
06:24:22.0907 5372 ksthunk - ok
06:24:22.0938 5372 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
06:24:22.0938 5372 lltdio - ok
06:24:22.0985 5372 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
06:24:22.0985 5372 LSI_FC - ok
06:24:23.0001 5372 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
06:24:23.0001 5372 LSI_SAS - ok
06:24:23.0001 5372 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
06:24:23.0001 5372 LSI_SAS2 - ok
06:24:23.0016 5372 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
06:24:23.0016 5372 LSI_SCSI - ok
06:24:23.0032 5372 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
06:24:23.0032 5372 luafv - ok
06:24:23.0079 5372 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
06:24:23.0094 5372 LVRS64 - ok
06:24:23.0219 5372 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
06:24:23.0235 5372 LVUVC64 - ok
06:24:23.0266 5372 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
06:24:23.0266 5372 MBfilt - ok
06:24:23.0281 5372 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
06:24:23.0281 5372 megasas - ok
06:24:23.0313 5372 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
06:24:23.0313 5372 MegaSR - ok
06:24:23.0344 5372 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
06:24:23.0344 5372 MEIx64 - ok
06:24:23.0375 5372 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
06:24:23.0375 5372 Modem - ok
06:24:23.0406 5372 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
06:24:23.0406 5372 monitor - ok
06:24:23.0422 5372 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
06:24:23.0422 5372 mouclass - ok
06:24:23.0437 5372 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
06:24:23.0437 5372 mouhid - ok
06:24:23.0469 5372 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
06:24:23.0469 5372 mountmgr - ok
06:24:23.0515 5372 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
06:24:23.0515 5372 MpFilter - ok
06:24:23.0531 5372 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
06:24:23.0531 5372 mpio - ok
06:24:23.0562 5372 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
06:24:23.0578 5372 MpNWMon - ok
06:24:23.0578 5372 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
06:24:23.0593 5372 mpsdrv - ok
06:24:23.0609 5372 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
06:24:23.0609 5372 MRxDAV - ok
06:24:23.0640 5372 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
06:24:23.0640 5372 mrxsmb - ok
06:24:23.0656 5372 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:24:23.0671 5372 mrxsmb10 - ok
06:24:23.0687 5372 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:24:23.0687 5372 mrxsmb20 - ok
06:24:23.0703 5372 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys
06:24:23.0703 5372 msahci - ok
06:24:23.0734 5372 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
06:24:23.0734 5372 msdsm - ok
06:24:23.0765 5372 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
06:24:23.0765 5372 Msfs - ok
06:24:23.0781 5372 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
06:24:23.0781 5372 mshidkmdf - ok
06:24:23.0796 5372 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
06:24:23.0796 5372 msisadrv - ok
06:24:23.0812 5372 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
06:24:23.0827 5372 MSKSSRV - ok
06:24:23.0843 5372 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
06:24:23.0843 5372 MSPCLOCK - ok
06:24:23.0874 5372 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
06:24:23.0874 5372 MSPQM - ok
06:24:23.0905 5372 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
06:24:23.0905 5372 MsRPC - ok
06:24:23.0921 5372 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
06:24:23.0921 5372 mssmbios - ok
06:24:23.0937 5372 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
06:24:23.0937 5372 MSTEE - ok
06:24:23.0952 5372 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
06:24:23.0952 5372 MTConfig - ok
06:24:23.0968 5372 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
06:24:23.0968 5372 Mup - ok
06:24:23.0999 5372 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
06:24:24.0015 5372 NativeWifiP - ok
06:24:24.0061 5372 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
06:24:24.0061 5372 NDIS - ok
06:24:24.0093 5372 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
06:24:24.0093 5372 NdisCap - ok
06:24:24.0124 5372 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
06:24:24.0124 5372 NdisTapi - ok
06:24:24.0139 5372 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
06:24:24.0139 5372 Ndisuio - ok
06:24:24.0171 5372 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
06:24:24.0171 5372 NdisWan - ok
06:24:24.0186 5372 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
06:24:24.0202 5372 NDProxy - ok
06:24:24.0202 5372 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
06:24:24.0202 5372 NetBIOS - ok
06:24:24.0233 5372 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
06:24:24.0233 5372 NetBT - ok
06:24:24.0280 5372 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
06:24:24.0280 5372 nfrd960 - ok
06:24:24.0311 5372 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
06:24:24.0311 5372 NisDrv - ok
06:24:24.0342 5372 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
06:24:24.0342 5372 Npfs - ok
06:24:24.0358 5372 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
06:24:24.0358 5372 nsiproxy - ok
06:24:24.0420 5372 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
06:24:24.0451 5372 Ntfs - ok
06:24:24.0467 5372 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
06:24:24.0467 5372 Null - ok
06:24:24.0514 5372 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
06:24:24.0514 5372 nusb3hub - ok
06:24:24.0545 5372 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
06:24:24.0545 5372 nusb3xhc - ok
06:24:24.0592 5372 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
06:24:24.0592 5372 NVHDA - ok
06:24:24.0919 5372 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
06:24:24.0951 5372 nvlddmkm - ok
06:24:24.0982 5372 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
06:24:24.0997 5372 nvraid - ok
06:24:25.0029 5372 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
06:24:25.0029 5372 nvstor - ok
06:24:25.0060 5372 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
06:24:25.0060 5372 nv_agp - ok
06:24:25.0075 5372 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
06:24:25.0075 5372 ohci1394 - ok
06:24:25.0107 5372 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
06:24:25.0107 5372 Parport - ok
06:24:25.0122 5372 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
06:24:25.0122 5372 partmgr - ok
06:24:25.0138 5372 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
06:24:25.0153 5372 pci - ok
06:24:25.0153 5372 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
06:24:25.0153 5372 pciide - ok
06:24:25.0185 5372 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
06:24:25.0185 5372 pcmcia - ok
06:24:25.0216 5372 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
06:24:25.0216 5372 pcw - ok
06:24:25.0231 5372 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
06:24:25.0247 5372 PEAUTH - ok
06:24:25.0325 5372 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
06:24:25.0325 5372 PptpMiniport - ok
06:24:25.0341 5372 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
06:24:25.0341 5372 Processor - ok
06:24:25.0387 5372 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
06:24:25.0387 5372 Psched - ok
06:24:25.0434 5372 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
06:24:25.0450 5372 ql2300 - ok
06:24:25.0465 5372 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
06:24:25.0465 5372 ql40xx - ok
06:24:25.0481 5372 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
06:24:25.0481 5372 QWAVEdrv - ok
06:24:25.0512 5372 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
06:24:25.0512 5372 RasAcd - ok
06:24:25.0528 5372 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
06:24:25.0528 5372 RasAgileVpn - ok
06:24:25.0543 5372 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
06:24:25.0559 5372 Rasl2tp - ok
06:24:25.0559 5372 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
06:24:25.0559 5372 RasPppoe - ok
06:24:25.0575 5372 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
06:24:25.0575 5372 RasSstp - ok
06:24:25.0590 5372 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
06:24:25.0606 5372 rdbss - ok
06:24:25.0621 5372 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
06:24:25.0621 5372 rdpbus - ok
06:24:25.0653 5372 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
06:24:25.0653 5372 RDPCDD - ok
06:24:25.0668 5372 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
06:24:25.0668 5372 RDPENCDD - ok
06:24:25.0684 5372 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
06:24:25.0684 5372 RDPREFMP - ok
06:24:25.0699 5372 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
06:24:25.0715 5372 RDPWD - ok
06:24:25.0731 5372 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
06:24:25.0731 5372 rdyboost - ok
06:24:25.0762 5372 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
06:24:25.0762 5372 rspndr - ok
06:24:25.0793 5372 RTL8167 (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
06:24:25.0809 5372 RTL8167 - ok
06:24:25.0887 5372 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
06:24:25.0887 5372 SASDIFSV - ok
06:24:25.0887 5372 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
06:24:25.0887 5372 SASKUTIL - ok
06:24:25.0918 5372 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
06:24:25.0918 5372 sbp2port - ok
06:24:25.0949 5372 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
06:24:25.0965 5372 scfilter - ok
06:24:25.0980 5372 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
06:24:25.0980 5372 secdrv - ok
06:24:26.0011 5372 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
06:24:26.0011 5372 Serenum - ok
06:24:26.0027 5372 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
06:24:26.0027 5372 Serial - ok
06:24:26.0058 5372 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
06:24:26.0058 5372 sermouse - ok
06:24:26.0074 5372 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
06:24:26.0074 5372 sffdisk - ok
06:24:26.0089 5372 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
06:24:26.0089 5372 sffp_mmc - ok
06:24:26.0105 5372 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
06:24:26.0105 5372 sffp_sd - ok
06:24:26.0121 5372 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
06:24:26.0121 5372 sfloppy - ok
06:24:26.0136 5372 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
06:24:26.0152 5372 SiSRaid2 - ok
06:24:26.0167 5372 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
06:24:26.0167 5372 SiSRaid4 - ok
06:24:26.0183 5372 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
06:24:26.0183 5372 Smb - ok
06:24:26.0230 5372 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
06:24:26.0230 5372 spldr - ok
06:24:26.0277 5372 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
06:24:26.0292 5372 srv - ok
06:24:26.0308 5372 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
06:24:26.0323 5372 srv2 - ok
06:24:26.0355 5372 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
06:24:26.0355 5372 srvnet - ok
06:24:26.0386 5372 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
06:24:26.0386 5372 stexstor - ok
06:24:26.0417 5372 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
06:24:26.0417 5372 StillCam - ok
06:24:26.0433 5372 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
06:24:26.0433 5372 swenum - ok
06:24:26.0448 5372 szkg5 - ok
06:24:26.0511 5372 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
06:24:26.0526 5372 Tcpip - ok
06:24:26.0557 5372 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
06:24:26.0573 5372 TCPIP6 - ok
06:24:26.0589 5372 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
06:24:26.0589 5372 tcpipreg - ok
06:24:26.0604 5372 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
06:24:26.0604 5372 TDPIPE - ok
06:24:26.0604 5372 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
06:24:26.0604 5372 TDTCP - ok
06:24:26.0620 5372 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
06:24:26.0620 5372 tdx - ok
06:24:26.0651 5372 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
06:24:26.0651 5372 TermDD - ok
06:24:26.0682 5372 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
06:24:26.0682 5372 tssecsrv - ok
06:24:26.0698 5372 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
06:24:26.0713 5372 TsUsbFlt - ok
06:24:26.0713 5372 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
06:24:26.0729 5372 TsUsbGD - ok
06:24:26.0745 5372 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
06:24:26.0745 5372 tunnel - ok
06:24:26.0760 5372 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
06:24:26.0760 5372 uagp35 - ok
06:24:26.0776 5372 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
06:24:26.0791 5372 udfs - ok
06:24:26.0823 5372 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
06:24:26.0823 5372 uliagpkx - ok
06:24:26.0838 5372 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
06:24:26.0838 5372 umbus - ok
06:24:26.0869 5372 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
06:24:26.0869 5372 UmPass - ok
06:24:26.0916 5372 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
06:24:26.0916 5372 USBAAPL64 - ok
06:24:26.0947 5372 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
06:24:26.0947 5372 usbaudio - ok
06:24:26.0994 5372 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
06:24:26.0994 5372 usbccgp - ok
06:24:27.0010 5372 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
06:24:27.0010 5372 usbcir - ok
06:24:27.0041 5372 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
06:24:27.0041 5372 usbehci - ok
06:24:27.0057 5372 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
06:24:27.0057 5372 usbhub - ok
06:24:27.0103 5372 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
06:24:27.0103 5372 usbohci - ok
06:24:27.0119 5372 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
06:24:27.0119 5372 usbprint - ok
06:24:27.0150 5372 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:24:27.0150 5372 USBSTOR - ok
06:24:27.0166 5372 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
06:24:27.0166 5372 usbuhci - ok
06:24:27.0197 5372 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
06:24:27.0197 5372 usbvideo - ok
06:24:27.0244 5372 USTOR2K (8599fb7060746d7b068b6432e4538176) C:\Windows\system32\DRIVERS\ustor2k.sys
06:24:27.0244 5372 USTOR2K - ok
06:24:27.0275 5372 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
06:24:27.0275 5372 vdrvroot - ok
06:24:27.0306 5372 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
06:24:27.0306 5372 vga - ok
06:24:27.0322 5372 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
06:24:27.0322 5372 VgaSave - ok
06:24:27.0337 5372 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
06:24:27.0337 5372 vhdmp - ok
06:24:27.0353 5372 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
06:24:27.0369 5372 viaide - ok
06:24:27.0400 5372 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
06:24:27.0400 5372 volmgr - ok
06:24:27.0415 5372 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
06:24:27.0415 5372 volmgrx - ok
06:24:27.0462 5372 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
06:24:27.0462 5372 volsnap - ok
06:24:27.0493 5372 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
06:24:27.0493 5372 vsmraid - ok
06:24:27.0509 5372 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
06:24:27.0525 5372 vwifibus - ok
06:24:27.0540 5372 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
06:24:27.0556 5372 WacomPen - ok
06:24:27.0571 5372 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
06:24:27.0571 5372 WANARP - ok
06:24:27.0571 5372 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
06:24:27.0571 5372 Wanarpv6 - ok
06:24:27.0603 5372 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
06:24:27.0603 5372 Wd - ok
06:24:27.0634 5372 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
06:24:27.0634 5372 Wdf01000 - ok
06:24:27.0665 5372 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
06:24:27.0665 5372 WfpLwf - ok
06:24:27.0681 5372 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
06:24:27.0681 5372 WIMMount - ok
06:24:27.0727 5372 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
06:24:27.0727 5372 WinUsb - ok
06:24:27.0759 5372 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
06:24:27.0774 5372 WmiAcpi - ok
06:24:27.0837 5372 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
06:24:27.0837 5372 ws2ifsl - ok
06:24:27.0868 5372 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
06:24:27.0868 5372 WudfPf - ok
06:24:27.0883 5372 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
06:24:27.0883 5372 WUDFRd - ok
06:24:27.0899 5372 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
06:24:27.0915 5372 \Device\Harddisk0\DR0 - ok
06:24:27.0915 5372 Boot (0x1200) (5e78a168c3629357ec5a4d5e1dec1af0) \Device\Harddisk0\DR0\Partition0
06:24:27.0915 5372 \Device\Harddisk0\DR0\Partition0 - ok
06:24:27.0930 5372 Boot (0x1200) (f6d16afea56678d58c51c15c7af8ac0c) \Device\Harddisk0\DR0\Partition1
06:24:27.0930 5372 \Device\Harddisk0\DR0\Partition1 - ok
06:24:27.0946 5372 Boot (0x1200) (405faeef55a70cc983ccd1e2c843f12b) \Device\Harddisk0\DR0\Partition2
06:24:27.0946 5372 \Device\Harddisk0\DR0\Partition2 - ok
06:24:27.0946 5372 ============================================================
06:24:27.0946 5372 Scan finished
06:24:27.0946 5372 ============================================================
06:24:27.0946 5392 Detected object count: 0
06:24:27.0946 5392 Actual detected object count: 0

Edited by GKCzar, 05 November 2011 - 05:54 AM.


#8 GKCzar

GKCzar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 05 November 2011 - 05:30 AM

I am also still being redirected. And another issue I have found, is that in chrome any site that has the HTTPS with the security wont load. Like for gmail to open up in chrome I attempt to open it, and it just loads forever. I fire up Firefox, and load gmail, loads instantly. I then refresh chrome and it works O.O. Idk what the problem is.

Edited by GKCzar, 05 November 2011 - 05:57 AM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:16 PM

Posted 05 November 2011 - 07:56 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 GKCzar

GKCzar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 05 November 2011 - 12:08 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-05 12:51:21
-----------------------------
12:51:21.528 OS Version: Windows x64 6.1.7601 Service Pack 1
12:51:21.528 Number of processors: 4 586 0x2A07
12:51:21.528 ComputerName: GLEBKALMYKOV-PC UserName: Gleb Kalmykov
12:51:23.291 Initialize success
12:51:54.870 AVAST engine defs: 11110502
12:52:07.177 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
12:52:07.177 Disk 0 Vendor: WDC_WD6400AAKS-65Z7B0 01.03B01 Size: 610480MB BusType: 11
12:52:09.189 Disk 0 MBR read successfully
12:52:09.189 Disk 0 MBR scan
12:52:09.189 Disk 0 MBR:Alureon-I [Rtk]
12:52:09.189 Disk 0 TDL4@MBR code has been found
12:52:09.189 Disk 0 Windows 7 default MBR code found via API
12:52:09.205 Disk 0 MBR hidden
12:52:09.205 Disk 0 MBR [TDL4] **ROOTKIT**
12:52:09.205 Disk 0 trace - called modules:
12:52:09.205 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8007e27254]<<
12:52:09.220 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e13060]
12:52:09.220 3 CLASSPNP.SYS[fffff880019bf43f] -> nt!IofCallDriver -> [0xfffffa8007b47520]
12:52:09.220 5 ACPI.sys[fffff88000ef77a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007b43680]
12:52:09.236 \Driver\atapi[0xfffffa8007af0ab0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8007e27254
12:52:11.779 AVAST engine scan C:\Windows
12:52:13.152 AVAST engine scan C:\Windows\system32
12:53:08.509 AVAST engine scan C:\Windows\system32\drivers
12:53:14.099 AVAST engine scan C:\Users\Gleb Kalmykov
12:57:08.096 AVAST engine scan C:\ProgramData
12:57:34.948 Scan finished successfully
13:08:20.838 Disk 0 MBR has been saved successfully to "C:\Users\Gleb Kalmykov\Desktop\MBR.dat"
13:08:20.838 The log file has been saved successfully to "C:\Users\Gleb Kalmykov\Desktop\aswMBR.txt"

Am I supposed to press the fix button?

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:16 PM

Posted 05 November 2011 - 12:32 PM

Re-Run aswMBR

  • Click Scan
  • On completion of the scan, click the FIX button,
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 GKCzar

GKCzar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 05 November 2011 - 01:07 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-05 12:51:21
-----------------------------
12:51:21.528 OS Version: Windows x64 6.1.7601 Service Pack 1
12:51:21.528 Number of processors: 4 586 0x2A07
12:51:21.528 ComputerName: GLEBKALMYKOV-PC UserName: Gleb Kalmykov
12:51:23.291 Initialize success
12:51:54.870 AVAST engine defs: 11110502
12:52:07.177 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
12:52:07.177 Disk 0 Vendor: WDC_WD6400AAKS-65Z7B0 01.03B01 Size: 610480MB BusType: 11
12:52:09.189 Disk 0 MBR read successfully
12:52:09.189 Disk 0 MBR scan
12:52:09.189 Disk 0 MBR:Alureon-I [Rtk]
12:52:09.189 Disk 0 TDL4@MBR code has been found
12:52:09.189 Disk 0 Windows 7 default MBR code found via API
12:52:09.205 Disk 0 MBR hidden
12:52:09.205 Disk 0 MBR [TDL4] **ROOTKIT**
12:52:09.205 Disk 0 trace - called modules:
12:52:09.205 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8007e27254]<<
12:52:09.220 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e13060]
12:52:09.220 3 CLASSPNP.SYS[fffff880019bf43f] -> nt!IofCallDriver -> [0xfffffa8007b47520]
12:52:09.220 5 ACPI.sys[fffff88000ef77a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007b43680]
12:52:09.236 \Driver\atapi[0xfffffa8007af0ab0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8007e27254
12:52:11.779 AVAST engine scan C:\Windows
12:52:13.152 AVAST engine scan C:\Windows\system32
12:53:08.509 AVAST engine scan C:\Windows\system32\drivers
12:53:14.099 AVAST engine scan C:\Users\Gleb Kalmykov
12:57:08.096 AVAST engine scan C:\ProgramData
12:57:34.948 Scan finished successfully
13:08:20.838 Disk 0 MBR has been saved successfully to "C:\Users\Gleb Kalmykov\Desktop\MBR.dat"
13:08:20.838 The log file has been saved successfully to "C:\Users\Gleb Kalmykov\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-05 12:51:21
-----------------------------
12:51:21.528 OS Version: Windows x64 6.1.7601 Service Pack 1
12:51:21.528 Number of processors: 4 586 0x2A07
12:51:21.528 ComputerName: GLEBKALMYKOV-PC UserName: Gleb Kalmykov
12:51:23.291 Initialize success
12:51:54.870 AVAST engine defs: 11110502
12:52:07.177 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
12:52:07.177 Disk 0 Vendor: WDC_WD6400AAKS-65Z7B0 01.03B01 Size: 610480MB BusType: 11
12:52:09.189 Disk 0 MBR read successfully
12:52:09.189 Disk 0 MBR scan
12:52:09.189 Disk 0 MBR:Alureon-I [Rtk]
12:52:09.189 Disk 0 TDL4@MBR code has been found
12:52:09.189 Disk 0 Windows 7 default MBR code found via API
12:52:09.205 Disk 0 MBR hidden
12:52:09.205 Disk 0 MBR [TDL4] **ROOTKIT**
12:52:09.205 Disk 0 trace - called modules:
12:52:09.205 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8007e27254]<<
12:52:09.220 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e13060]
12:52:09.220 3 CLASSPNP.SYS[fffff880019bf43f] -> nt!IofCallDriver -> [0xfffffa8007b47520]
12:52:09.220 5 ACPI.sys[fffff88000ef77a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007b43680]
12:52:09.236 \Driver\atapi[0xfffffa8007af0ab0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8007e27254
12:52:11.779 AVAST engine scan C:\Windows
12:52:13.152 AVAST engine scan C:\Windows\system32
12:53:08.509 AVAST engine scan C:\Windows\system32\drivers
12:53:14.099 AVAST engine scan C:\Users\Gleb Kalmykov
12:57:08.096 AVAST engine scan C:\ProgramData
12:57:34.948 Scan finished successfully
13:08:20.838 Disk 0 MBR has been saved successfully to "C:\Users\Gleb Kalmykov\Desktop\MBR.dat"
13:08:20.838 The log file has been saved successfully to "C:\Users\Gleb Kalmykov\Desktop\aswMBR.txt"
14:03:56.440 Disk 0 MBR read successfully
14:03:56.440 Disk 0 MBR:Alureon-I [Rtk]
14:03:56.455 Disk 0 TDL4@MBR code has been found
14:03:56.455 Disk 0 fixing MBR ...
14:04:06.470 Disk 0 MBR restored successfully
14:04:06.502 Verifying disinfection
14:04:18.545 Infection fixed successfully - please reboot ASAP
14:04:27.532 Disk 0 MBR has been saved successfully to "C:\Users\Gleb Kalmykov\Desktop\MBR.dat"
14:04:27.532 The log file has been saved successfully to "C:\Users\Gleb Kalmykov\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:16 PM

Posted 05 November 2011 - 04:52 PM

System Recovery Environment

To access the System Recovery Environment in Windows 7, simply boot your PC,

  • just before the system loads the Windows operating system, hit the [F8] Function 8 key on your keyboard which will launch the Advanced Boot Options menu.
  • There you will see a new option 'Repair Your Computer', select this option and hit 'Enter' on your keyboard.
  • Now, from the System Recovery Options dialog, select the "Operating System" you want to repair, then click Next:
  • From the "Choose a Recovery Tool" dialog menu, select "Command Prompt":
  • Type the following into the "Command Prompt Window": and press enter

    bootrec.exe /fixmbr

If you have problems booting the computer after you have run that command boot back into the System Recovery Environment and Type the following into the "Command Prompt Window": and press enter

bootrec.exe /fixboot
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 GKCzar

GKCzar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 05 November 2011 - 09:50 PM

Ok, I have done that.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:16 PM

Posted 05 November 2011 - 10:09 PM

Hello


rerun with Aswmbr and send me the report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users