Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Foodpuma.com" Google redirect and site blocking


  • This topic is locked This topic is locked
2 replies to this topic

#1 Well

Well

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 11 February 2012 - 02:08 AM

I'm nearing the end of a twice-over cleanup of some type of redirect virus that affected me. I'm not why it disappeared the first time, why it came back, and how it was removed the second time. I'm not currently having symptoms, but I fear a reinfection, although I am taking more precautions and will not be revisiting suspicious sites. Is there any hint of infection remaining?

Here is a brief timeline of events:
1. Infection, most sites unreachable except for google, which redirected a majority of the links to foodpuma.com which redirected to numerous useless sites. Attempted fixes. System Restore did not fix problem.
2. Ran MBAM in safemode, no infections found. Ran TDSSKiller and removed a suspicious driver, no success in finding or removal.
3. Ran aswMBR, success! Not sure how though.
4. Reinfection 1-2 days later after starting computer. System failed to start after manual shutdown, automatically restored to unknown date, which resolved the infection (not sure why). Ran further programs to make sure, including LSPFix, GMER, DDS, TDSSKiller, FFS, and ComboFix (I know, the warnings).
5. No sign of any symptoms.

Current Logs:

HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:55:57 AM, on 2/11/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\Desktop\lbplkwk7.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O2 - BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O4 - HKLM\..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [SnipSo] C:\Program Files (x86)\SnipSo\snipso.exe
O4 - HKUS\S-1-5-21-888085959-2499073465-3016758540-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-888085959-2499073465-3016758540-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DirMngr - Unknown owner - C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10684 bytes

TDSSKiller:

00:56:47.0579 3540 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
00:56:48.0148 3540 ============================================================
00:56:48.0148 3540 Current date / time: 2012/02/11 00:56:48.0148
00:56:48.0148 3540 SystemInfo:
00:56:48.0148 3540
00:56:48.0148 3540 OS Version: 6.1.7600 ServicePack: 0.0
00:56:48.0148 3540 Product type: Workstation
00:56:48.0149 3540 ComputerName: STATION22
00:56:48.0149 3540 UserName: dKorps
00:56:48.0149 3540 Windows directory: C:\Windows
00:56:48.0149 3540 System windows directory: C:\Windows
00:56:48.0149 3540 Running under WOW64
00:56:48.0149 3540 Processor architecture: Intel x64
00:56:48.0149 3540 Number of processors: 2
00:56:48.0149 3540 Page size: 0x1000
00:56:48.0149 3540 Boot type: Normal boot
00:56:48.0149 3540 ============================================================
00:56:50.0378 3540 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:56:50.0398 3540 \Device\Harddisk0\DR0:
00:56:50.0398 3540 MBR used
00:56:50.0398 3540 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
00:56:50.0545 3540 Initialize success
00:56:50.0545 3540 ============================================================
00:56:55.0363 4424 ============================================================
00:56:55.0364 4424 Scan started
00:56:55.0364 4424 Mode: Manual; SigCheck; TDLFS;
00:56:55.0364 4424 ============================================================
00:56:57.0802 4424 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
00:56:58.0030 4424 1394ohci - ok
00:56:58.0553 4424 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
00:56:58.0576 4424 ACPI - ok
00:56:59.0063 4424 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
00:56:59.0118 4424 AcpiPmi - ok
00:56:59.0613 4424 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:56:59.0643 4424 adp94xx - ok
00:57:00.0158 4424 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:57:00.0186 4424 adpahci - ok
00:57:00.0537 4424 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:57:00.0557 4424 adpu320 - ok
00:57:01.0178 4424 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
00:57:01.0291 4424 AFD - ok
00:57:01.0845 4424 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
00:57:01.0864 4424 agp440 - ok
00:57:02.0193 4424 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
00:57:02.0211 4424 aliide - ok
00:57:02.0848 4424 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
00:57:02.0867 4424 amdide - ok
00:57:03.0354 4424 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:57:03.0565 4424 AmdK8 - ok
00:57:04.0113 4424 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:57:04.0194 4424 AmdPPM - ok
00:57:04.0643 4424 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
00:57:04.0666 4424 amdsata - ok
00:57:04.0918 4424 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:57:04.0942 4424 amdsbs - ok
00:57:05.0406 4424 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
00:57:05.0422 4424 amdxata - ok
00:57:05.0961 4424 ApfiltrService - ok
00:57:06.0510 4424 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
00:57:06.0564 4424 AppID - ok
00:57:07.0148 4424 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:57:07.0166 4424 arc - ok
00:57:07.0342 4424 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:57:07.0363 4424 arcsas - ok
00:57:08.0201 4424 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:57:08.0287 4424 AsyncMac - ok
00:57:08.0776 4424 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
00:57:08.0807 4424 atapi - ok
00:57:09.0268 4424 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
00:57:09.0319 4424 avgntflt - ok
00:57:09.0743 4424 avipbb (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
00:57:09.0766 4424 avipbb - ok
00:57:10.0216 4424 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
00:57:10.0233 4424 avkmgr - ok
00:57:10.0725 4424 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:57:10.0810 4424 b06bdrv - ok
00:57:11.0254 4424 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:57:11.0331 4424 b57nd60a - ok
00:57:11.0875 4424 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:57:11.0968 4424 Beep - ok
00:57:12.0462 4424 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:57:12.0554 4424 blbdrive - ok
00:57:12.0978 4424 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
00:57:13.0129 4424 bowser - ok
00:57:13.0649 4424 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:57:13.0673 4424 BrFiltLo - ok
00:57:14.0011 4424 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:57:14.0069 4424 BrFiltUp - ok
00:57:14.0486 4424 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:57:14.0719 4424 BridgeMP - ok
00:57:15.0141 4424 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:57:15.0249 4424 Brserid - ok
00:57:15.0552 4424 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:57:15.0651 4424 BrSerWdm - ok
00:57:16.0276 4424 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:57:16.0336 4424 BrUsbMdm - ok
00:57:16.0597 4424 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:57:16.0665 4424 BrUsbSer - ok
00:57:17.0054 4424 Btcsrusb (24613567251f96330479302e091ae12e) C:\Windows\system32\Drivers\btcusb.sys
00:57:17.0071 4424 Btcsrusb - ok
00:57:17.0460 4424 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:57:17.0520 4424 BTHMODEM - ok
00:57:17.0905 4424 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
00:57:17.0944 4424 BTHPORT - ok
00:57:18.0277 4424 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
00:57:18.0335 4424 BTHUSB - ok
00:57:18.0450 4424 catchme - ok
00:57:18.0892 4424 cbfs3 (dc019d8622c213a7fa8d87b8e57446ca) C:\Windows\system32\drivers\cbfs3.sys
00:57:18.0918 4424 cbfs3 - ok
00:57:19.0428 4424 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:57:19.0502 4424 cdfs - ok
00:57:19.0914 4424 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
00:57:20.0022 4424 cdrom - ok
00:57:20.0475 4424 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:57:20.0567 4424 circlass - ok
00:57:20.0881 4424 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:57:20.0905 4424 CLFS - ok
00:57:21.0474 4424 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:57:21.0533 4424 CmBatt - ok
00:57:21.0765 4424 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
00:57:21.0782 4424 cmdide - ok
00:57:22.0055 4424 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
00:57:22.0087 4424 CNG - ok
00:57:22.0586 4424 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:57:22.0602 4424 Compbatt - ok
00:57:22.0781 4424 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:57:22.0960 4424 CompositeBus - ok
00:57:23.0362 4424 cpuz134 - ok
00:57:23.0500 4424 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:57:23.0517 4424 crcdisk - ok
00:57:24.0066 4424 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
00:57:24.0216 4424 CSC - ok
00:57:25.0127 4424 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
00:57:25.0269 4424 DfsC - ok
00:57:25.0695 4424 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:57:25.0777 4424 discache - ok
00:57:26.0185 4424 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:57:26.0202 4424 Disk - ok
00:57:26.0690 4424 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:57:26.0750 4424 drmkaud - ok
00:57:27.0159 4424 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
00:57:27.0203 4424 DXGKrnl - ok
00:57:27.0976 4424 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:57:28.0142 4424 ebdrv - ok
00:57:28.0615 4424 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:57:28.0645 4424 elxstor - ok
00:57:29.0060 4424 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys
00:57:29.0238 4424 enecir - ok
00:57:29.0566 4424 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
00:57:29.0633 4424 ErrDev - ok
00:57:30.0230 4424 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:57:30.0369 4424 exfat - ok
00:57:30.0714 4424 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:57:30.0849 4424 fastfat - ok
00:57:31.0124 4424 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:57:31.0162 4424 fdc - ok
00:57:31.0346 4424 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:57:31.0373 4424 FileInfo - ok
00:57:31.0500 4424 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:57:31.0587 4424 Filetrace - ok
00:57:31.0914 4424 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:57:31.0956 4424 flpydisk - ok
00:57:32.0315 4424 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
00:57:32.0335 4424 FltMgr - ok
00:57:32.0511 4424 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:57:32.0534 4424 FsDepends - ok
00:57:32.0612 4424 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:57:32.0630 4424 Fs_Rec - ok
00:57:33.0232 4424 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:57:33.0259 4424 fvevol - ok
00:57:33.0513 4424 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:57:33.0531 4424 gagp30kx - ok
00:57:33.0890 4424 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:57:33.0916 4424 GEARAspiWDM - ok
00:57:34.0651 4424 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:57:34.0698 4424 hcw85cir - ok
00:57:35.0142 4424 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
00:57:35.0207 4424 HdAudAddService - ok
00:57:35.0920 4424 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:57:36.0000 4424 HDAudBus - ok
00:57:36.0541 4424 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:57:36.0607 4424 HidBatt - ok
00:57:37.0029 4424 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:57:37.0154 4424 HidBth - ok
00:57:38.0369 4424 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:57:38.0494 4424 HidIr - ok
00:57:38.0935 4424 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
00:57:39.0017 4424 HidUsb - ok
00:57:39.0374 4424 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
00:57:39.0391 4424 HpSAMD - ok
00:57:39.0955 4424 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
00:57:40.0014 4424 HTTP - ok
00:57:40.0301 4424 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
00:57:40.0317 4424 hwpolicy - ok
00:57:40.0753 4424 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:57:40.0773 4424 i8042prt - ok
00:57:41.0437 4424 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
00:57:41.0507 4424 iaStorV - ok
00:57:41.0952 4424 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:57:41.0969 4424 iirsp - ok
00:57:42.0962 4424 IntcAzAudAddService (26407a11d7e222afb7ce32700abbd9d1) C:\Windows\system32\drivers\RTKVHD64.sys
00:57:43.0057 4424 IntcAzAudAddService - ok
00:57:43.0376 4424 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
00:57:43.0393 4424 intelide - ok
00:57:43.0993 4424 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:57:44.0068 4424 intelppm - ok
00:57:44.0350 4424 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:57:44.0405 4424 IpFilterDriver - ok
00:57:44.0620 4424 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
00:57:44.0645 4424 IPMIDRV - ok
00:57:44.0781 4424 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:57:44.0932 4424 IPNAT - ok
00:57:45.0390 4424 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:57:45.0705 4424 IRENUM - ok
00:57:46.0138 4424 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
00:57:46.0155 4424 isapnp - ok
00:57:46.0422 4424 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
00:57:46.0636 4424 iScsiPrt - ok
00:57:47.0088 4424 JMCR (4ead106f130782aa990ff7f3b0e4e5d1) C:\Windows\system32\DRIVERS\jmcr.sys
00:57:47.0115 4424 JMCR - ok
00:57:47.0698 4424 johci (c54fa746f0e7061526f10fd396de7d19) C:\Windows\system32\DRIVERS\johci.sys
00:57:47.0714 4424 johci - ok
00:57:47.0952 4424 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:57:47.0971 4424 kbdclass - ok
00:57:48.0298 4424 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
00:57:48.0353 4424 kbdhid - ok
00:57:48.0834 4424 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
00:57:48.0862 4424 KL1 - ok
00:57:49.0265 4424 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
00:57:49.0280 4424 kl2 - ok
00:57:49.0658 4424 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
00:57:49.0689 4424 KLIF - ok
00:57:50.0062 4424 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
00:57:50.0078 4424 KLIM6 - ok
00:57:50.0549 4424 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
00:57:50.0565 4424 klmouflt - ok
00:57:50.0674 4424 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
00:57:50.0691 4424 KSecDD - ok
00:57:50.0877 4424 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
00:57:50.0901 4424 KSecPkg - ok
00:57:51.0600 4424 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:57:51.0699 4424 ksthunk - ok
00:57:52.0421 4424 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:57:52.0495 4424 lltdio - ok
00:57:53.0102 4424 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:57:53.0124 4424 LSI_FC - ok
00:57:53.0338 4424 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:57:53.0359 4424 LSI_SAS - ok
00:57:53.0602 4424 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:57:53.0624 4424 LSI_SAS2 - ok
00:57:53.0743 4424 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:57:53.0761 4424 LSI_SCSI - ok
00:57:54.0318 4424 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:57:54.0458 4424 luafv - ok
00:57:54.0949 4424 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
00:57:54.0965 4424 MBAMProtector - ok
00:57:55.0125 4424 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:57:55.0144 4424 megasas - ok
00:57:55.0468 4424 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:57:55.0514 4424 MegaSR - ok
00:57:56.0250 4424 MEMSWEEP2 (d70476ad02d6fd75282b196d3b58831d) C:\Windows\system32\3E2A.tmp
00:57:56.0385 4424 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - warning
00:57:56.0385 4424 MEMSWEEP2 - detected UnsignedFile.Multi.Generic (1)
00:57:57.0222 4424 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:57:57.0276 4424 Modem - ok
00:57:58.0139 4424 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:57:58.0234 4424 monitor - ok
00:57:58.0782 4424 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:57:58.0844 4424 mouclass - ok
00:57:59.0636 4424 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:57:59.0664 4424 mouhid - ok
00:57:59.0837 4424 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
00:57:59.0855 4424 mountmgr - ok
00:58:00.0474 4424 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
00:58:00.0501 4424 mpio - ok
00:58:00.0962 4424 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:58:01.0048 4424 mpsdrv - ok
00:58:01.0778 4424 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
00:58:01.0811 4424 MRxDAV - ok
00:58:02.0179 4424 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:58:02.0251 4424 mrxsmb - ok
00:58:02.0535 4424 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:58:02.0614 4424 mrxsmb10 - ok
00:58:03.0153 4424 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:58:03.0236 4424 mrxsmb20 - ok
00:58:04.0036 4424 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
00:58:04.0057 4424 msahci - ok
00:58:04.0653 4424 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
00:58:04.0709 4424 msdsm - ok
00:58:05.0083 4424 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:58:05.0142 4424 Msfs - ok
00:58:05.0876 4424 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:58:05.0942 4424 mshidkmdf - ok
00:58:06.0400 4424 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
00:58:06.0422 4424 msisadrv - ok
00:58:07.0033 4424 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:58:07.0106 4424 MSKSSRV - ok
00:58:07.0716 4424 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:58:07.0766 4424 MSPCLOCK - ok
00:58:08.0480 4424 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:58:08.0589 4424 MSPQM - ok
00:58:09.0262 4424 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
00:58:09.0285 4424 MsRPC - ok
00:58:10.0027 4424 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
00:58:10.0042 4424 mssmbios - ok
00:58:10.0885 4424 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:58:10.0990 4424 MSTEE - ok
00:58:12.0041 4424 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:58:12.0171 4424 MTConfig - ok
00:58:13.0053 4424 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:58:13.0228 4424 Mup - ok
00:58:14.0078 4424 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:58:14.0141 4424 NativeWifiP - ok
00:58:15.0254 4424 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
00:58:15.0297 4424 NDIS - ok
00:58:15.0963 4424 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:58:16.0032 4424 NdisCap - ok
00:58:16.0590 4424 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:58:16.0720 4424 NdisTapi - ok
00:58:17.0432 4424 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
00:58:17.0511 4424 Ndisuio - ok
00:58:17.0933 4424 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:58:18.0083 4424 NdisWan - ok
00:58:18.0509 4424 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
00:58:18.0573 4424 NDProxy - ok
00:58:18.0999 4424 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:58:19.0208 4424 NetBIOS - ok
00:58:19.0640 4424 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
00:58:19.0828 4424 NetBT - ok
00:58:21.0143 4424 netr28x (336a9164be14da360a7e95dba26fcc30) C:\Windows\system32\DRIVERS\netr28x.sys
00:58:21.0198 4424 netr28x - ok
00:58:21.0620 4424 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:58:21.0637 4424 nfrd960 - ok
00:58:22.0135 4424 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:58:22.0208 4424 Npfs - ok
00:58:22.0666 4424 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:58:22.0795 4424 nsiproxy - ok
00:58:23.0385 4424 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
00:58:23.0441 4424 Ntfs - ok
00:58:24.0220 4424 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:58:24.0270 4424 Null - ok
00:58:25.0530 4424 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
00:58:25.0730 4424 NVENETFD - ok
00:58:26.0469 4424 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
00:58:26.0500 4424 NVHDA - ok
00:58:30.0303 4424 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:58:30.0875 4424 nvlddmkm - ok
00:58:31.0593 4424 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
00:58:31.0618 4424 NVNET - ok
00:58:32.0085 4424 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
00:58:32.0105 4424 nvraid - ok
00:58:32.0536 4424 nvsmu (61a59fb62864eb3f32d24985a505ce03) C:\Windows\system32\DRIVERS\nvsmu.sys
00:58:32.0552 4424 nvsmu - ok
00:58:32.0894 4424 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
00:58:32.0916 4424 nvstor - ok
00:58:33.0075 4424 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
00:58:33.0096 4424 nvstor64 - ok
00:58:33.0637 4424 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
00:58:33.0657 4424 nv_agp - ok
00:58:33.0722 4424 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
00:58:33.0765 4424 ohci1394 - ok
00:58:34.0459 4424 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:58:34.0484 4424 Parport - ok
00:58:34.0907 4424 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
00:58:34.0923 4424 partmgr - ok
00:58:35.0317 4424 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
00:58:35.0337 4424 pci - ok
00:58:35.0410 4424 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
00:58:35.0428 4424 pciide - ok
00:58:35.0637 4424 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:58:35.0660 4424 pcmcia - ok
00:58:35.0701 4424 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:58:35.0718 4424 pcw - ok
00:58:36.0220 4424 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:58:36.0307 4424 PEAUTH - ok
00:58:36.0851 4424 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
00:58:37.0007 4424 PptpMiniport - ok
00:58:37.0299 4424 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:58:37.0383 4424 Processor - ok
00:58:37.0895 4424 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
00:58:38.0133 4424 Psched - ok
00:58:38.0626 4424 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:58:38.0704 4424 ql2300 - ok
00:58:39.0081 4424 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:58:39.0110 4424 ql40xx - ok
00:58:39.0564 4424 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:58:39.0662 4424 QWAVEdrv - ok
00:58:40.0107 4424 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:58:40.0156 4424 RasAcd - ok
00:58:40.0711 4424 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:58:40.0764 4424 RasAgileVpn - ok
00:58:41.0464 4424 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:58:41.0519 4424 Rasl2tp - ok
00:58:42.0624 4424 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:58:42.0696 4424 RasPppoe - ok
00:58:43.0384 4424 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:58:43.0495 4424 RasSstp - ok
00:58:44.0225 4424 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
00:58:44.0379 4424 rdbss - ok
00:58:44.0893 4424 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:58:45.0017 4424 rdpbus - ok
00:58:45.0631 4424 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:58:45.0896 4424 RDPCDD - ok
00:58:46.0380 4424 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
00:58:46.0439 4424 RDPDR - ok
00:58:46.0972 4424 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:58:47.0033 4424 RDPENCDD - ok
00:58:47.0443 4424 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:58:47.0501 4424 RDPREFMP - ok
00:58:47.0625 4424 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
00:58:47.0707 4424 RDPWD - ok
00:58:48.0234 4424 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
00:58:48.0252 4424 rdyboost - ok
00:58:48.0734 4424 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:58:48.0816 4424 rspndr - ok
00:58:49.0380 4424 RTCore64 (2e887e52e45bba3c47ccd0e75fc5266f) C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
00:58:49.0396 4424 RTCore64 - ok
00:58:49.0901 4424 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
00:58:50.0018 4424 s3cap - ok
00:58:50.0703 4424 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
00:58:50.0735 4424 sbp2port - ok
00:58:51.0367 4424 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
00:58:51.0502 4424 scfilter - ok
00:58:51.0976 4424 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
00:58:52.0108 4424 sdbus - ok
00:58:53.0029 4424 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:58:53.0291 4424 secdrv - ok
00:58:54.0208 4424 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:58:54.0230 4424 Serenum - ok
00:58:54.0836 4424 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:58:55.0008 4424 Serial - ok
00:58:55.0424 4424 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:58:55.0472 4424 sermouse - ok
00:58:55.0757 4424 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
00:58:55.0820 4424 sffdisk - ok
00:58:56.0273 4424 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
00:58:56.0390 4424 sffp_mmc - ok
00:58:56.0892 4424 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:58:56.0911 4424 sffp_sd - ok
00:58:57.0350 4424 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:58:57.0371 4424 sfloppy - ok
00:58:57.0947 4424 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:58:57.0964 4424 SiSRaid2 - ok
00:58:58.0586 4424 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:58:58.0606 4424 SiSRaid4 - ok
00:58:59.0305 4424 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:58:59.0355 4424 Smb - ok
00:59:00.0312 4424 smserial (af13245e29b328b88ef1cf0f67203610) C:\Windows\system32\DRIVERS\smserial.sys
00:59:00.0505 4424 smserial - ok
00:59:00.0648 4424 speedfan - ok
00:59:01.0292 4424 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:59:01.0310 4424 spldr - ok
00:59:01.0895 4424 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
00:59:02.0100 4424 srv - ok
00:59:02.0534 4424 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
00:59:02.0656 4424 srv2 - ok
00:59:03.0075 4424 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
00:59:03.0188 4424 srvnet - ok
00:59:03.0858 4424 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:59:03.0882 4424 stexstor - ok
00:59:04.0192 4424 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
00:59:04.0210 4424 storflt - ok
00:59:04.0324 4424 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
00:59:04.0343 4424 storvsc - ok
00:59:04.0421 4424 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
00:59:04.0439 4424 swenum - ok
00:59:04.0448 4424 szkg5 - ok
00:59:04.0894 4424 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
00:59:05.0016 4424 Tcpip - ok
00:59:05.0855 4424 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
00:59:05.0912 4424 TCPIP6 - ok
00:59:06.0424 4424 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
00:59:06.0613 4424 tcpipreg - ok
00:59:07.0405 4424 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:59:07.0811 4424 TDPIPE - ok
00:59:08.0457 4424 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
00:59:08.0512 4424 TDTCP - ok
00:59:09.0204 4424 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
00:59:09.0371 4424 tdx - ok
00:59:09.0825 4424 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
00:59:09.0846 4424 TermDD - ok
00:59:10.0336 4424 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
00:59:10.0487 4424 TIEHDUSB - ok
00:59:11.0135 4424 truecrypt (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys
00:59:11.0169 4424 truecrypt - ok
00:59:11.0330 4424 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:59:11.0428 4424 tssecsrv - ok
00:59:12.0389 4424 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
00:59:12.0464 4424 tunnel - ok
00:59:13.0128 4424 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:59:13.0149 4424 uagp35 - ok
00:59:13.0995 4424 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
00:59:14.0053 4424 udfs - ok
00:59:14.0647 4424 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
00:59:14.0666 4424 uliagpkx - ok
00:59:15.0102 4424 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
00:59:15.0220 4424 umbus - ok
00:59:15.0621 4424 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:59:15.0842 4424 UmPass - ok
00:59:16.0529 4424 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
00:59:16.0679 4424 USBAAPL64 - ok
00:59:17.0075 4424 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
00:59:17.0134 4424 usbccgp - ok
00:59:17.0772 4424 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
00:59:17.0832 4424 usbcir - ok
00:59:18.0232 4424 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
00:59:18.0258 4424 usbehci - ok
00:59:18.0796 4424 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys
00:59:18.0832 4424 usbhub - ok
00:59:19.0317 4424 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
00:59:19.0366 4424 usbohci - ok
00:59:19.0810 4424 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:59:19.0864 4424 usbprint - ok
00:59:20.0798 4424 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:59:20.0838 4424 usbscan - ok
00:59:21.0207 4424 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:59:21.0291 4424 USBSTOR - ok
00:59:21.0785 4424 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
00:59:21.0863 4424 usbuhci - ok
00:59:22.0583 4424 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
00:59:22.0636 4424 usbvideo - ok
00:59:22.0881 4424 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
00:59:22.0928 4424 VClone - ok
00:59:23.0501 4424 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
00:59:23.0522 4424 vdrvroot - ok
00:59:24.0127 4424 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:59:24.0170 4424 vga - ok
00:59:24.0420 4424 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:59:24.0535 4424 VgaSave - ok
00:59:24.0690 4424 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
00:59:24.0713 4424 vhdmp - ok
00:59:24.0760 4424 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
00:59:24.0777 4424 viaide - ok
00:59:24.0858 4424 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
00:59:24.0880 4424 vmbus - ok
00:59:24.0911 4424 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
00:59:24.0963 4424 VMBusHID - ok
00:59:25.0084 4424 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
00:59:25.0102 4424 volmgr - ok
00:59:25.0267 4424 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
00:59:25.0314 4424 volmgrx - ok
00:59:25.0540 4424 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
00:59:25.0566 4424 volsnap - ok
00:59:25.0684 4424 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:59:25.0708 4424 vsmraid - ok
00:59:25.0765 4424 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:59:25.0797 4424 vwifibus - ok
00:59:26.0392 4424 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:59:26.0444 4424 vwififlt - ok
00:59:26.0566 4424 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:59:26.0587 4424 WacomPen - ok
00:59:27.0155 4424 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
00:59:27.0232 4424 WANARP - ok
00:59:27.0311 4424 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
00:59:27.0396 4424 Wanarpv6 - ok
00:59:27.0716 4424 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:59:27.0750 4424 Wd - ok
00:59:27.0825 4424 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:59:27.0867 4424 Wdf01000 - ok
00:59:27.0966 4424 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:59:28.0026 4424 WfpLwf - ok
00:59:28.0078 4424 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:59:28.0097 4424 WIMMount - ok
00:59:28.0761 4424 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
00:59:28.0844 4424 WinUsb - ok
00:59:29.0357 4424 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:59:29.0382 4424 WmiAcpi - ok
00:59:29.0825 4424 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:59:29.0898 4424 ws2ifsl - ok
00:59:30.0459 4424 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
00:59:30.0536 4424 WudfPf - ok
00:59:31.0215 4424 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:59:31.0304 4424 WUDFRd - ok
00:59:31.0664 4424 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:59:35.0027 4424 \Device\Harddisk0\DR0 - ok
00:59:35.0050 4424 Boot (0x1200) (60608ee66d8f62f952dd726519d765d1) \Device\Harddisk0\DR0\Partition0
00:59:35.0078 4424 \Device\Harddisk0\DR0\Partition0 - ok
00:59:35.0079 4424 ============================================================
00:59:35.0079 4424 Scan finished
00:59:35.0079 4424 ============================================================
00:59:35.0083 3024 Detected object count: 1
00:59:35.0083 3024 Actual detected object count: 1
01:00:26.0838 3024 C:\Windows\system32\3E2A.tmp - copied to quarantine
01:00:26.0839 3024 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine

DDS:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by dKorps at 0:57:55 on 2012-02-11
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4092.1826 [GMT -5:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtblfs.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\Desktop\lbplkwk7.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dKorps\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\dKorps\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\dKorps\Desktop\tdsskiller.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
BHO: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
uRun: [SnipSo] C:\Program Files (x86)\SnipSo\snipso.exe
mRun: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D68D45CD-672B-4C32-81B4-ADADF2951AC0} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D68D45CD-672B-4C32-81B4-ADADF2951AC0}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{ECA71BA3-92AC-4A2B-9309-D0CBF1978B5F} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
BHO-X64: Virtual Storage Mount Notification - No File
BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
BHO-X64: link filter bho - No File
mRun-x64: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SSODL-X64: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\dKorps\AppData\Roaming\Mozilla\Firefox\Profiles\sx30d49a.default\
.
============= SERVICES / DRIVERS ===============
.
R0 johci;JMicron 1394 Filter Driver;C:\Windows\system32\DRIVERS\johci.sys --> C:\Windows\system32\DRIVERS\johci.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 cbfs3;cbfs3;\??\C:\Windows\system32\drivers\cbfs3.sys --> C:\Windows\system32\drivers\cbfs3.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [2011-4-24 202296]
R2 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2011-3-2 224256]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-10 652360]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-8 2253120]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-13 2337144]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-22 86224]
S2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-22 110032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-28 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-28 136176]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\3E2A.tmp --> C:\Windows\system32\3E2A.tmp [?]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-02-11 04:32:40 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-11 04:22:33 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-11 04:02:50 98816 ----a-w- C:\Windows\sed.exe
2012-02-11 04:02:50 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-11 04:02:50 256000 ----a-w- C:\Windows\PEV.exe
2012-02-11 04:02:50 208896 ----a-w- C:\Windows\MBR.exe
2012-02-10 20:03:52 -------- d-----w- C:\ProgramData\STOPzilla!
2012-02-10 20:03:52 -------- d-----w- C:\Program Files (x86)\STOPzilla!
2012-02-10 20:03:52 -------- d-----w- C:\Program Files (x86)\Common Files\iS3
2012-02-09 20:54:41 -------- d-----w- C:\Users\dKorps\AppData\Roaming\BigHugeEngine
2012-02-09 20:54:35 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2012-02-09 20:54:35 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2012-02-09 20:54:35 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2012-02-09 20:54:35 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2012-02-09 20:54:34 176984 ----a-w- C:\Windows\System32\xactengine3_7.dll
2012-02-08 02:07:13 239960 ----a-w- C:\Windows\SysWow64\xactengine3_7.dll
2012-02-08 02:07:12 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2012-02-08 02:07:10 1907552 ----a-w- C:\Windows\System32\d3dcsx_43.dll
2012-02-08 02:07:10 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll
2012-02-08 02:07:09 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2012-02-08 02:07:09 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2012-02-08 02:07:08 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2012-02-08 02:07:08 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2012-02-08 02:07:07 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2012-02-08 00:22:01 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-02-08 00:22:01 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-02-07 23:28:40 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2012-02-07 23:28:40 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-02-07 23:28:40 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-02-07 23:28:40 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-02-07 23:28:01 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-02-07 23:26:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2012-02-07 23:21:01 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-02-07 23:21:01 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-02-07 23:20:26 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2012-02-07 23:20:26 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2012-02-07 23:17:03 77312 ----a-w- C:\Windows\System32\packager.dll
2012-02-07 23:17:03 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-02-07 22:59:01 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-02-07 19:40:54 -------- d-----w- C:\Program Files\CCleaner
2012-02-07 02:46:22 -------- d-----w- C:\kleaner.tmp
2012-02-07 02:31:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-06 03:18:04 -------- d-----w- C:\Program Files (x86)\AMD
2012-02-04 20:20:35 -------- d-----w- C:\Users\dKorps\AppData\Local\Opera
2012-02-01 00:58:00 547880 ----a-r- C:\Windows\SysWow64\SZComp5.dll
2012-02-01 00:58:00 482344 ----a-r- C:\Windows\SysWow64\SZBase5.dll
2012-02-01 00:58:00 24616 ----a-r- C:\Windows\SysWow64\SZIO5.dll
2012-02-01 00:58:00 134184 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll
2012-02-01 00:57:58 68648 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll
2012-02-01 00:57:58 457768 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll
2012-02-01 00:57:58 392232 ----a-r- C:\Windows\SysWow64\IS3UI5.dll
2012-02-01 00:57:58 30248 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll
2012-02-01 00:57:58 105512 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll
2012-02-01 00:57:58 101416 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll
2012-02-01 00:57:56 810024 ----a-r- C:\Windows\SysWow64\IS3Base5.dll
2012-02-01 00:57:56 232488 ----a-r- C:\Windows\SysWow64\IS3Win325.dll
2012-01-20 21:47:30 -------- d-----w- C:\Users\dKorps\AppData\Local\Ubisoft Game Launcher
2012-01-20 21:45:14 -------- d-----w- C:\Users\dKorps\AppData\Roaming\Ubisoft
2012-01-19 20:49:57 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2012-01-19 00:27:19 -------- d-----w- C:\Users\dKorps\AppData\Roaming\LibreOffice
2012-01-19 00:23:44 -------- d-----w- C:\Program Files (x86)\LibreOffice 3.4
2012-01-18 21:47:17 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2012-01-18 21:47:17 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2012-01-18 21:47:16 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2012-01-18 21:40:12 -------- d-----w- C:\Riot Games
2012-01-13 20:05:11 -------- d-----w- C:\Program Files (x86)\WinDirStat
.
==================== Find3M ====================
.
2012-02-07 19:46:33 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-19 20:49:57 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-12-14 16:11:45 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-13 20:00:41 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2011-12-13 19:53:20 586240 ----a-w- C:\Windows\System32\sm56co85.dll
2011-12-13 19:53:20 1202688 ----a-w- C:\Windows\System32\drivers\smserial.sys
2011-12-13 19:52:02 920864 ----a-w- C:\Windows\System32\drivers\netr28x.sys
2011-12-13 19:52:02 311072 ----a-w- C:\Windows\System32\RaCoInstx.dll
2011-12-13 19:50:44 953344 ----a-w- C:\Windows\System32\fdco2.dll
2011-12-13 19:50:44 660072 ----a-w- C:\Windows\System32\NVUNINST.EXE
2011-12-13 19:50:44 350952 ----a-w- C:\Windows\System32\drivers\nvmf6264.sys
2011-12-13 19:50:44 263784 ----a-w- C:\Windows\System32\nvconrm.dll
2011-12-13 19:50:03 42888 ----a-w- C:\Windows\System32\drivers\btcusb.sys
2011-12-13 19:50:03 19464 ----a-w- C:\Windows\System32\btinstall.dll
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 07:17:03 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 07:17:02 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 07:15:08 460296 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 07:12:02 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 07:11:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 07:11:33 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 07:11:02 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 07:10:58 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 07:08:18 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 07:05:16 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:39:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:39:21 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:39:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:35:13 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 0:59:27.72 ===============

ComboFix:


ComboFix 12-02-10.03 - dKorps 02/10/2012 23:05:35.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4092.2840 [GMT -5:00]
Running from: c:\users\dKorps\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\dKorps\AppData\Roaming\Bitcoin
c:\users\dKorps\AppData\Roaming\Bitcoin\.lock
c:\users\dKorps\AppData\Roaming\Bitcoin\__db.001
c:\users\dKorps\AppData\Roaming\Bitcoin\__db.002
c:\users\dKorps\AppData\Roaming\Bitcoin\__db.003
c:\users\dKorps\AppData\Roaming\Bitcoin\__db.004
c:\users\dKorps\AppData\Roaming\Bitcoin\__db.005
c:\users\dKorps\AppData\Roaming\Bitcoin\__db.006
c:\users\dKorps\AppData\Roaming\Bitcoin\addr.dat
c:\users\dKorps\AppData\Roaming\Bitcoin\blk0001.dat
c:\users\dKorps\AppData\Roaming\Bitcoin\blkindex.dat
c:\users\dKorps\AppData\Roaming\Bitcoin\database\log.0000000028
c:\users\dKorps\AppData\Roaming\Bitcoin\db.log
c:\users\dKorps\AppData\Roaming\Bitcoin\debug.log
c:\users\dKorps\AppData\Roaming\Bitcoin\wallet.dat
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-11 04:19 . 2012-02-11 04:19 -------- d-----w- c:\users\UpdatusUser.Station22\AppData\Local\temp
2012-02-11 04:19 . 2012-02-11 04:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-11 04:02 . 2012-02-11 04:02 16712 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2012-02-10 20:03 . 2012-02-11 04:21 -------- d-----w- c:\programdata\STOPzilla!
2012-02-10 20:03 . 2012-02-10 20:03 -------- d-----w- c:\program files (x86)\STOPzilla!
2012-02-10 20:03 . 2012-02-10 20:03 -------- d-----w- c:\program files (x86)\Common Files\iS3
2012-02-09 20:54 . 2012-02-09 20:54 -------- d-----w- c:\users\dKorps\AppData\Roaming\BigHugeEngine
2012-02-09 20:54 . 2010-06-02 09:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-02-09 20:54 . 2010-06-02 09:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2012-02-09 20:54 . 2010-06-02 09:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2012-02-09 20:54 . 2010-06-02 09:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-02-09 20:54 . 2010-06-02 09:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-02-08 02:07 . 2010-06-02 09:55 239960 ----a-w- c:\windows\SysWow64\xactengine3_7.dll
2012-02-08 02:07 . 2010-05-26 16:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-02-08 02:07 . 2010-05-26 16:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-02-08 02:07 . 2010-05-26 16:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2012-02-08 02:07 . 2010-05-26 16:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-02-08 02:07 . 2010-05-26 16:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2012-02-08 02:07 . 2010-05-26 16:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-02-08 02:07 . 2010-05-26 16:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2012-02-08 02:07 . 2010-05-26 16:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-02-08 00:22 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-02-08 00:22 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-02-07 23:28 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
2012-02-07 23:28 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-02-07 23:28 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-02-07 23:28 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-02-07 23:28 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-02-07 23:26 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-02-07 23:21 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-02-07 23:21 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-02-07 23:20 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-02-07 23:20 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-02-07 23:17 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-02-07 23:17 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-02-07 22:59 . 2012-02-07 22:59 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-02-07 19:40 . 2012-02-07 23:12 -------- d-----w- c:\program files\CCleaner
2012-02-07 02:46 . 2012-02-07 22:55 -------- d-----w- C:\kleaner.tmp
2012-02-07 02:31 . 2012-02-07 02:31 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-06 03:18 . 2012-02-06 03:18 -------- d-----w- c:\program files (x86)\AMD
2012-02-04 20:20 . 2012-02-04 20:20 -------- d-----w- c:\users\dKorps\AppData\Local\Opera
2012-02-04 20:20 . 2012-02-06 20:54 -------- d-----w- c:\program files (x86)\Opera
2012-02-01 00:58 . 2012-02-01 00:58 547880 ----a-r- c:\windows\SysWow64\SZComp5.dll
2012-02-01 00:58 . 2012-02-01 00:58 482344 ----a-r- c:\windows\SysWow64\SZBase5.dll
2012-02-01 00:58 . 2012-02-01 00:58 24616 ----a-r- c:\windows\SysWow64\SZIO5.dll
2012-02-01 00:58 . 2012-02-01 00:58 134184 ----a-r- c:\windows\SysWow64\IS3HTUI5.dll
2012-02-01 00:57 . 2012-02-01 00:57 68648 ----a-r- c:\windows\SysWow64\IS3Hks5.dll
2012-02-01 00:57 . 2012-02-01 00:57 457768 ----a-r- c:\windows\SysWow64\IS3DBA5.dll
2012-02-01 00:57 . 2012-02-01 00:57 392232 ----a-r- c:\windows\SysWow64\IS3UI5.dll
2012-02-01 00:57 . 2012-02-01 00:57 30248 ----a-r- c:\windows\SysWow64\IS3XDat5.dll
2012-02-01 00:57 . 2012-02-01 00:57 105512 ----a-r- c:\windows\SysWow64\IS3Inet5.dll
2012-02-01 00:57 . 2012-02-01 00:57 101416 ----a-r- c:\windows\SysWow64\IS3Svc5.dll
2012-02-01 00:57 . 2012-02-01 00:57 810024 ----a-r- c:\windows\SysWow64\IS3Base5.dll
2012-02-01 00:57 . 2012-02-01 00:57 232488 ----a-r- c:\windows\SysWow64\IS3Win325.dll
2012-01-20 21:47 . 2012-01-20 23:14 -------- d-----w- c:\users\dKorps\AppData\Local\Ubisoft Game Launcher
2012-01-20 21:45 . 2012-02-07 19:30 -------- d-----w- c:\users\dKorps\AppData\Roaming\Ubisoft
2012-01-20 21:45 . 2012-01-20 21:45 -------- d-----w- c:\programdata\Ubisoft
2012-01-20 21:44 . 2012-01-20 21:44 -------- d-----w- c:\program files (x86)\Ubisoft
2012-01-19 20:49 . 2012-01-19 20:49 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-01-19 00:27 . 2012-01-19 00:27 -------- d-----w- c:\users\dKorps\AppData\Roaming\LibreOffice
2012-01-19 00:23 . 2012-01-19 00:25 -------- d-----w- c:\program files (x86)\LibreOffice 3.4
2012-01-18 21:47 . 2008-07-12 13:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-01-18 21:47 . 2008-07-12 13:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-01-18 21:47 . 2008-07-12 13:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-01-18 21:40 . 2012-01-18 21:40 -------- d-----w- C:\Riot Games
2012-01-13 20:05 . 2012-01-13 20:05 -------- d-----w- c:\program files (x86)\WinDirStat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-07 19:46 . 2011-05-22 02:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-14 16:11 . 2011-07-08 15:27 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-13 20:00 . 2011-12-13 20:00 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-12-13 19:53 . 2011-12-13 19:53 586240 ----a-w- c:\windows\system32\sm56co85.dll
2011-12-13 19:53 . 2011-12-13 19:53 1202688 ----a-w- c:\windows\system32\drivers\smserial.sys
2011-12-13 19:52 . 2011-12-13 19:52 920864 ----a-w- c:\windows\system32\drivers\netr28x.sys
2011-12-13 19:52 . 2011-12-13 19:52 311072 ----a-w- c:\windows\system32\RaCoInstx.dll
2011-12-13 19:50 . 2011-12-13 19:50 350952 ----a-w- c:\windows\system32\drivers\nvmf6264.sys
2011-12-13 19:50 . 2011-05-28 21:08 660072 ----a-w- c:\windows\system32\NVUNINST.EXE
2011-12-13 19:50 . 2010-03-04 22:05 953344 ----a-w- c:\windows\system32\fdco2.dll
2011-12-13 19:50 . 2010-03-04 05:49 263784 ----a-w- c:\windows\system32\nvconrm.dll
2011-12-13 19:50 . 2011-12-13 19:50 42888 ----a-w- c:\windows\system32\drivers\btcusb.sys
2011-12-13 19:50 . 2011-12-13 19:50 19464 ----a-w- c:\windows\system32\btinstall.dll
2011-12-08 23:39 . 2011-10-22 22:47 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-19 00:23 . 2011-11-19 00:23 119808 ----a-r- c:\users\dKorps\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2011-01-17 16:24 155416 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SnipSo"="c:\program files (x86)\SnipSo\snipso.exe" [2011-05-20 283648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Imperator Driver"="c:\program files (x86)\Razer\Imperator\RazerImperatorTray.exe" [2010-09-07 2787224]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-25 202296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 102912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R3 cpuz134;cpuz134; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\3E2A.tmp [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [x]
S0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [2011-09-26 74768]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [2011-03-02 224256]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\DriverScanner.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2011-12-13 19:43]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 22:19]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 22:19]
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-888085959-2499073465-3016758540-1000Core.job
- c:\users\dKorps\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-22 00:34]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-888085959-2499073465-3016758540-1000UA.job
- c:\users\dKorps\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-22 00:34]
.
2012-02-11 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-13 08:26]
.
2012-02-11 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-12-13 19:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2011-01-17 16:24 188696 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2011-12-13 1702400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\dKorps\AppData\Roaming\Mozilla\Firefox\Profiles\sx30d49a.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3E2A.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-02-10 23:28:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-11 04:28
.
Pre-Run: 56,738,394,112 bytes free
Post-Run: 56,513,155,072 bytes free
.
- - End Of File - - EC85853F5BC23B5D1AA1CB9741902618

aswMBR:


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-11 01:14:30
-----------------------------
01:14:30.265 OS Version: Windows x64 6.1.7600
01:14:30.265 Number of processors: 2 586 0x301
01:14:30.267 ComputerName: STATION22 UserName: dKorps
01:14:33.124 Initialze error C000010E - driver not loaded
01:14:39.474 AVAST engine defs: 12021001
01:14:46.628 Service scanning
01:14:52.486 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
01:14:52.491 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
01:14:52.498 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
01:14:52.503 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
01:14:53.304 Modules scanning
01:14:53.308 Disk 0 trace - called modules:
01:14:53.312
01:14:53.316 Scan finished successfully
01:15:09.195 The log file has been saved successfully to "C:\Users\dKorps\Desktop\aswMBR.txt"

MBAM:


Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.11.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
dKorps :: STATION22 [administrator]

Protection: Disabled

2/11/2012 12:02:00 AM
mbam-log-2012-02-11 (00-02-00).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 468707
Time elapsed: 1 hour(s), 56 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER:

No infections detected.

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:18 PM

Posted 14 February 2012 - 10:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

This file/process looks supicious.
C:\Users\dKorps\Desktop\lbplkwk7.exe

If you do not know what it is lets find out if it's bad.

>>> Run Jotti's malware scan: Please copy this line (in bold):
C:\Users\dKorps\Desktop\lbplkwk7.exe
  • Go to Jotti's malware scan and click the Browse button,
  • A window will open, right-click in the File name field and choose Paste.
  • Click the Submit button and let the scan run uninterrupted.
  • At the end right-click the Permalink button and choose "Copy the link". Posted Image
  • Open Notepad (Start => All Programs => Accessories) and click "Edition" => "Paste".
Please copy and paste these Permalink in your next reply.
If Jotti is busy, please go to http://www.virustotal.com

===

p.s.
This is the only thing I see as being problematic on all your logs.

===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:18 PM

Posted 20 February 2012 - 11:09 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users