Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google searches redirecting to various sites


  • This topic is locked This topic is locked
21 replies to this topic

#1 kadjk

kadjk

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 30 March 2012 - 11:05 AM

Hello,

Happili.com
click.get-answers-fast.com
scour.com
topmarketsfinder.com

When I click on a search on google, these sites come up with ads and whatnot.

Without really looking anywhere, I used 2 antivirus software (malwarebytes and superantispyware) and they did catch something. I, like normal, just deleted them and rebooted. Still isn't working properly.

I have attached the required files. "GMER hasn't found any system modification" came up when GMER was run so the ark.txt was empty.

Thank you for your time

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Danny at 11:42:39 on 2012-03-30
Microsoft Windows 7 Professional 6.1.7601.1.949.82.1033.18.4087.2571 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Danny\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - C:\Program Files (x86)\FlashGet\getflash.dll
uRun: [googletalk] C:\Users\Danny\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4FC4C1A4-7D1E-4352-9E6F-74CB4AD1745C} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO-X64: flashget urlcatch - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
IE-X64: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\un1tukvc.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SwOffScheduler;Airytec Switch Off - Task Scheduler;C:\Program Files\Airytec\Switch Off\swoff.exe -service --> C:\Program Files\Airytec\Switch Off\swoff.exe -service [?]
S2 SwOffWeb;Airytec Switch Off - Web Interface;C:\Program Files\Airytec\Switch Off\swoff.exe -service --> C:\Program Files\Airytec\Switch Off\swoff.exe -service [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-30 15:19:58 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-30 14:48:08 98816 ----a-w- C:\Windows\sed.exe
2012-03-30 14:48:08 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-30 14:48:08 256000 ----a-w- C:\Windows\PEV.exe
2012-03-30 14:48:08 208896 ----a-w- C:\Windows\MBR.exe
2012-03-29 12:18:46 -------- d-----w- C:\$AVG
2012-03-23 10:02:05 -------- d-----w- C:\Program Files (x86)\MegaDev
2012-03-23 09:48:42 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-23 01:18:12 -------- d-----w- C:\Users\Danny\AppData\Roaming\Might & Magic Heroes VI
2012-03-23 00:21:58 489480 ----a-w- C:\Windows\System32\XAudio2_0.dll
2012-03-23 00:04:52 -------- d-----w- C:\Program Files (x86)\UltraISO
2012-03-23 00:04:52 -------- d-----w- C:\Program Files (x86)\Common Files\EZB Systems
2012-03-22 22:54:13 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
2012-03-22 22:54:12 696832 ----a-w- C:\Windows\System32\xvidcore.dll
2012-03-22 22:54:12 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2012-03-22 22:54:12 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2012-03-22 22:54:12 173568 ----a-w- C:\Windows\System32\xvid.ax
2012-03-22 22:54:12 153088 ----a-w- C:\Windows\SysWow64\xvid.ax
2012-03-22 22:54:05 -------- d-----w- C:\Program Files (x86)\Xvid
2012-03-22 22:43:39 -------- d-----w- C:\AVI Info
2012-03-22 22:43:34 249856 ------w- C:\Windows\Setup1.exe
2012-03-22 22:43:32 73216 ----a-w- C:\Windows\ST6UNST.EXE
2012-03-14 21:56:38 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 21:56:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 21:56:37 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 17:18:12 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 17:18:11 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 17:18:11 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 12:56:10 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 12:56:10 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 12:56:10 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 12:56:10 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 12:56:09 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 12:56:09 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 12:56:09 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-01 14:53:03 -------- d-----w- C:\ProgramData\Freemake
2012-03-01 14:52:58 -------- d-----w- C:\Program Files (x86)\Freemake
.
==================== Find3M ====================
.
2012-02-26 06:13:24 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-02-26 06:13:24 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-02-26 05:58:29 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-14 19:51:23 57344 ----a-w- C:\Windows\SSEUninstaller.exe
2012-02-14 19:51:17 32768 ----a-w- C:\Windows\SysWow64\ShellLnkSSE.dll
2012-02-14 19:51:16 44544 ----a-w- C:\Windows\SysWow64\Gif89.dll
2012-01-12 03:12:35 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-12 02:56:35 0 ----a-w- C:\Windows\ativpsrm.bin
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-04 00:48:42 354176 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
.
============= FINISH: 11:42:56.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:22 AM

Posted 31 March 2012 - 02:16 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 kadjk

kadjk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 31 March 2012 - 09:23 AM

Hello,

Thank you for taking your time to respond and help me!

I ran combofix without any problems except I wasn't able to turn off avgtray. I was able to disable while combofix ran though.

The problem is still occurring.

Thank you!

ComboFix 12-03-30.06 - Danny 1/2012 Sat 10:07:26.3.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.949.82.1033.18.4087.2916 [GMT -4:00]
Running from: c:\users\Danny\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
Error: Cfiles.dat
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-31 )))))))))))))))))))))))))))))))
.
.
2012-03-31 14:12 . 2012-03-31 14:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-29 12:18 . 2012-03-29 12:18 -------- d-----w- C:\$AVG
2012-03-23 10:02 . 2012-03-23 10:02 -------- d-----w- c:\program files (x86)\MegaDev
2012-03-23 09:48 . 2012-03-30 12:16 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-23 01:18 . 2012-03-25 21:06 -------- d-----w- c:\users\Danny\AppData\Roaming\Might & Magic Heroes VI
2012-03-23 00:37 . 2012-03-23 00:37 -------- d-----w- c:\program files\7-Zip
2012-03-23 00:21 . 2008-03-05 20:04 489480 ----a-w- c:\windows\system32\XAudio2_0.dll
2012-03-23 00:10 . 2012-03-23 00:19 -------- d-----w- c:\program files (x86)\Ubisoft
2012-03-23 00:04 . 2012-03-23 00:04 -------- d-----w- c:\program files (x86)\UltraISO
2012-03-23 00:04 . 2012-03-23 00:04 -------- d-----w- c:\program files (x86)\Common Files\EZB Systems
2012-03-22 22:54 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2012-03-22 22:54 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2012-03-22 22:54 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
2012-03-22 22:54 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
2012-03-22 22:54 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-03-22 22:54 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
2012-03-22 22:54 . 2012-03-22 22:54 -------- d-----w- c:\program files (x86)\Xvid
2012-03-22 22:43 . 2012-03-22 22:43 -------- d-----w- C:\AVI Info
2012-03-22 22:43 . 2012-03-22 22:43 249856 ------w- c:\windows\Setup1.exe
2012-03-22 22:43 . 2012-03-22 22:43 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-03-22 22:42 . 2012-03-22 22:42 -------- d-----w- c:\users\Danny\AppData\Roaming\Syntrillium
2012-03-14 21:56 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 21:56 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 21:56 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 17:18 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 17:18 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 17:18 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 12:56 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 12:56 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 12:56 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 12:56 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 12:56 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 12:56 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 12:56 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-01 14:53 . 2012-03-01 14:53 -------- d-----w- c:\programdata\Freemake
2012-03-01 14:52 . 2012-03-01 14:53 -------- d-----w- c:\program files (x86)\Freemake
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 06:13 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-02-26 06:13 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-02-26 05:58 . 2012-01-12 03:12 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-14 19:51 . 2012-02-14 19:51 57344 ----a-w- c:\windows\SSEUninstaller.exe
2012-02-14 19:51 . 2012-02-14 19:51 32768 ----a-w- c:\windows\SysWow64\ShellLnkSSE.dll
2012-02-14 19:51 . 2012-02-14 19:51 44544 ----a-w- c:\windows\SysWow64\Gif89.dll
2012-01-12 03:12 . 2012-01-12 03:13 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-04 10:44 . 2012-02-16 13:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 13:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-30_14.55.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-12 03:17 . 2012-03-31 14:05 37888 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-31 14:05 30220 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-12 02:58 . 2012-03-31 14:05 10808 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3150816244-4210488078-4119504859-1000_UserData.bin
- 2012-01-12 05:48 . 2012-03-26 18:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-12 05:48 . 2012-03-31 01:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-01-12 05:48 . 2012-03-26 18:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-12 05:48 . 2012-03-31 01:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-31 01:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-26 18:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-31 14:13 . 2012-03-31 14:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-30 14:54 . 2012-03-30 14:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-03-31 14:10 615810 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-30 14:28 615810 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-31 14:10 106190 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-30 14:28 106190 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-03-30 14:53 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-31 14:12 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-01-12 03:14 . 2012-03-30 14:53 1392880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-01-12 03:14 . 2012-03-31 14:12 1392880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-01-12 03:14 . 2012-03-30 14:53 42798252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3150816244-4210488078-4119504859-1000-8192.dat
+ 2012-01-12 03:14 . 2012-03-31 14:12 42798252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3150816244-4210488078-4119504859-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Danny\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\Airytec\Switch Off\swoff.exe [2011-05-28 173056]
R2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\Airytec\Switch Off\swoff.exe [2011-05-28 173056]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\un1tukvc.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-03-31 10:16:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-31 14:16
ComboFix2.txt 2012-03-30 14:58
.
Pre-Run: 149,284,454,400 bytes free
Post-Run: 149,197,492,224 bytes free
.
- - End Of File - - 0B9A1D35F8984AE53F7230BBE848B90F

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:22 AM

Posted 31 March 2012 - 10:03 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 kadjk

kadjk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 31 March 2012 - 10:19 AM

Hello,

Thank you for a prompt response. I will split this into two to make it easier to read. First is TDSSkiller.

TDSSkiller says it found no threats.

Thanks

11:07:26.0570 2984 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
11:07:26.0920 2984 ============================================================
11:07:26.0920 2984 Current date / time: 2012/03/31 11:07:26.0920
11:07:26.0920 2984 SystemInfo:
11:07:26.0921 2984
11:07:26.0921 2984 OS Version: 6.1.7601 ServicePack: 1.0
11:07:26.0921 2984 Product type: Workstation
11:07:26.0921 2984 ComputerName: DJ-PC
11:07:26.0921 2984 UserName: Danny
11:07:26.0921 2984 Windows directory: C:\Windows
11:07:26.0921 2984 System windows directory: C:\Windows
11:07:26.0921 2984 Running under WOW64
11:07:26.0921 2984 Processor architecture: Intel x64
11:07:26.0921 2984 Number of processors: 8
11:07:26.0921 2984 Page size: 0x1000
11:07:26.0921 2984 Boot type: Normal boot
11:07:26.0921 2984 ============================================================
11:07:36.0378 2984 Drive \Device\Harddisk1\DR1 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:07:36.0387 2984 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:07:36.0393 2984 \Device\Harddisk1\DR1:
11:07:36.0393 2984 MBR used
11:07:36.0393 2984 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EE6E41
11:07:36.0393 2984 \Device\Harddisk0\DR0:
11:07:36.0393 2984 MBR used
11:07:36.0393 2984 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:07:36.0393 2984 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
11:07:36.0436 2984 Initialize success
11:07:36.0436 2984 ============================================================
11:07:42.0472 3992 ============================================================
11:07:42.0472 3992 Scan started
11:07:42.0472 3992 Mode: Manual;
11:07:42.0472 3992 ============================================================
11:07:43.0079 3992 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
11:07:43.0081 3992 !SASCORE - ok
11:07:43.0194 3992 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:07:43.0197 3992 1394ohci - ok
11:07:43.0241 3992 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:07:43.0246 3992 ACPI - ok
11:07:43.0276 3992 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:07:43.0277 3992 AcpiPmi - ok
11:07:43.0336 3992 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:07:43.0337 3992 AdobeARMservice - ok
11:07:43.0394 3992 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:07:43.0399 3992 adp94xx - ok
11:07:43.0418 3992 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:07:43.0421 3992 adpahci - ok
11:07:43.0441 3992 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:07:43.0443 3992 adpu320 - ok
11:07:43.0474 3992 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:07:43.0475 3992 AeLookupSvc - ok
11:07:43.0540 3992 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:07:43.0548 3992 AFD - ok
11:07:43.0577 3992 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:07:43.0579 3992 agp440 - ok
11:07:43.0595 3992 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:07:43.0597 3992 ALG - ok
11:07:43.0618 3992 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:07:43.0619 3992 aliide - ok
11:07:43.0658 3992 AMD External Events Utility (b5e2434fc851698c1f119cf1c3935a50) C:\Windows\system32\atiesrxx.exe
11:07:43.0662 3992 AMD External Events Utility - ok
11:07:43.0669 3992 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:07:43.0670 3992 amdide - ok
11:07:43.0691 3992 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:07:43.0692 3992 AmdK8 - ok
11:07:43.0869 3992 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
11:07:43.0974 3992 amdkmdag - ok
11:07:43.0992 3992 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
11:07:43.0994 3992 amdkmdap - ok
11:07:43.0999 3992 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:07:44.0000 3992 AmdPPM - ok
11:07:44.0032 3992 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:07:44.0034 3992 amdsata - ok
11:07:44.0082 3992 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:07:44.0084 3992 amdsbs - ok
11:07:44.0101 3992 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:07:44.0102 3992 amdxata - ok
11:07:44.0151 3992 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:07:44.0152 3992 AppID - ok
11:07:44.0170 3992 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:07:44.0172 3992 AppIDSvc - ok
11:07:44.0211 3992 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:07:44.0212 3992 Appinfo - ok
11:07:44.0310 3992 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:07:44.0312 3992 Apple Mobile Device - ok
11:07:44.0360 3992 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
11:07:44.0364 3992 AppMgmt - ok
11:07:44.0392 3992 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:07:44.0394 3992 arc - ok
11:07:44.0424 3992 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:07:44.0426 3992 arcsas - ok
11:07:44.0461 3992 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:07:44.0462 3992 AsyncMac - ok
11:07:44.0478 3992 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:07:44.0479 3992 atapi - ok
11:07:44.0534 3992 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
11:07:44.0536 3992 AtiHDAudioService - ok
11:07:44.0585 3992 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:07:44.0594 3992 AudioEndpointBuilder - ok
11:07:44.0608 3992 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:07:44.0613 3992 AudioSrv - ok
11:07:44.0733 3992 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
11:07:44.0750 3992 AVGIDSAgent - ok
11:07:44.0757 3992 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
11:07:44.0758 3992 AVGIDSDriver - ok
11:07:44.0772 3992 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
11:07:44.0772 3992 AVGIDSEH - ok
11:07:44.0785 3992 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
11:07:44.0785 3992 AVGIDSFilter - ok
11:07:44.0805 3992 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
11:07:44.0806 3992 Avgldx64 - ok
11:07:44.0818 3992 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
11:07:44.0819 3992 Avgmfx64 - ok
11:07:44.0827 3992 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
11:07:44.0828 3992 Avgrkx64 - ok
11:07:44.0873 3992 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
11:07:44.0876 3992 Avgtdia - ok
11:07:44.0894 3992 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
11:07:44.0896 3992 avgwd - ok
11:07:44.0909 3992 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:07:44.0912 3992 AxInstSV - ok
11:07:44.0932 3992 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:07:44.0935 3992 b06bdrv - ok
11:07:44.0983 3992 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:07:44.0988 3992 b57nd60a - ok
11:07:45.0025 3992 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:07:45.0027 3992 BDESVC - ok
11:07:45.0046 3992 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:07:45.0046 3992 Beep - ok
11:07:45.0131 3992 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:07:45.0141 3992 BFE - ok
11:07:45.0174 3992 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
11:07:45.0187 3992 BITS - ok
11:07:45.0214 3992 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:07:45.0216 3992 blbdrive - ok
11:07:45.0277 3992 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:07:45.0282 3992 Bonjour Service - ok
11:07:45.0315 3992 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:07:45.0317 3992 bowser - ok
11:07:45.0330 3992 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:07:45.0330 3992 BrFiltLo - ok
11:07:45.0340 3992 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:07:45.0340 3992 BrFiltUp - ok
11:07:45.0375 3992 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:07:45.0377 3992 BridgeMP - ok
11:07:45.0417 3992 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:07:45.0419 3992 Browser - ok
11:07:45.0436 3992 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:07:45.0439 3992 Brserid - ok
11:07:45.0446 3992 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:07:45.0447 3992 BrSerWdm - ok
11:07:45.0455 3992 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:07:45.0456 3992 BrUsbMdm - ok
11:07:45.0465 3992 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:07:45.0466 3992 BrUsbSer - ok
11:07:45.0477 3992 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:07:45.0478 3992 BTHMODEM - ok
11:07:45.0489 3992 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:07:45.0490 3992 bthserv - ok
11:07:45.0496 3992 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:07:45.0498 3992 cdfs - ok
11:07:45.0540 3992 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:07:45.0542 3992 cdrom - ok
11:07:45.0607 3992 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:07:45.0609 3992 CertPropSvc - ok
11:07:45.0617 3992 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:07:45.0617 3992 circlass - ok
11:07:45.0643 3992 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:07:45.0647 3992 CLFS - ok
11:07:45.0685 3992 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:07:45.0686 3992 clr_optimization_v2.0.50727_32 - ok
11:07:45.0752 3992 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:07:45.0753 3992 clr_optimization_v2.0.50727_64 - ok
11:07:45.0873 3992 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:07:45.0875 3992 clr_optimization_v4.0.30319_32 - ok
11:07:45.0889 3992 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:07:45.0891 3992 clr_optimization_v4.0.30319_64 - ok
11:07:45.0904 3992 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:07:45.0905 3992 CmBatt - ok
11:07:45.0920 3992 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:07:45.0922 3992 cmdide - ok
11:07:45.0975 3992 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:07:45.0980 3992 CNG - ok
11:07:45.0995 3992 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:07:45.0995 3992 Compbatt - ok
11:07:46.0026 3992 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:07:46.0028 3992 CompositeBus - ok
11:07:46.0034 3992 COMSysApp - ok
11:07:46.0051 3992 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:07:46.0052 3992 crcdisk - ok
11:07:46.0105 3992 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:07:46.0108 3992 CryptSvc - ok
11:07:46.0144 3992 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
11:07:46.0152 3992 CSC - ok
11:07:46.0180 3992 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
11:07:46.0190 3992 CscService - ok
11:07:46.0243 3992 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:07:46.0248 3992 DcomLaunch - ok
11:07:46.0288 3992 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:07:46.0292 3992 defragsvc - ok
11:07:46.0344 3992 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:07:46.0346 3992 DfsC - ok
11:07:46.0362 3992 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:07:46.0368 3992 Dhcp - ok
11:07:46.0387 3992 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:07:46.0388 3992 discache - ok
11:07:46.0412 3992 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:07:46.0413 3992 Disk - ok
11:07:46.0439 3992 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:07:46.0443 3992 Dnscache - ok
11:07:46.0483 3992 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:07:46.0487 3992 dot3svc - ok
11:07:46.0538 3992 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:07:46.0542 3992 DPS - ok
11:07:46.0571 3992 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:07:46.0572 3992 drmkaud - ok
11:07:46.0645 3992 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:07:46.0654 3992 DXGKrnl - ok
11:07:46.0681 3992 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:07:46.0684 3992 EapHost - ok
11:07:46.0775 3992 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:07:46.0788 3992 ebdrv - ok
11:07:46.0802 3992 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:07:46.0803 3992 EFS - ok
11:07:46.0868 3992 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:07:46.0875 3992 ehRecvr - ok
11:07:46.0899 3992 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:07:46.0901 3992 ehSched - ok
11:07:46.0977 3992 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:07:46.0982 3992 elxstor - ok
11:07:47.0167 3992 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
11:07:47.0169 3992 EpsonBidirectionalService - ok
11:07:47.0243 3992 EpsonCustomerParticipation (757305c7ad34222f4a46d86fe0bee241) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
11:07:47.0248 3992 EpsonCustomerParticipation - ok
11:07:47.0283 3992 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:07:47.0284 3992 ErrDev - ok
11:07:47.0319 3992 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:07:47.0323 3992 EventSystem - ok
11:07:47.0332 3992 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:07:47.0336 3992 exfat - ok
11:07:47.0360 3992 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:07:47.0363 3992 fastfat - ok
11:07:47.0426 3992 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:07:47.0433 3992 Fax - ok
11:07:47.0440 3992 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:07:47.0441 3992 fdc - ok
11:07:47.0456 3992 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:07:47.0457 3992 fdPHost - ok
11:07:47.0466 3992 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:07:47.0468 3992 FDResPub - ok
11:07:47.0483 3992 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:07:47.0484 3992 FileInfo - ok
11:07:47.0498 3992 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:07:47.0499 3992 Filetrace - ok
11:07:47.0505 3992 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:07:47.0506 3992 flpydisk - ok
11:07:47.0531 3992 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:07:47.0533 3992 FltMgr - ok
11:07:47.0584 3992 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:07:47.0598 3992 FontCache - ok
11:07:47.0680 3992 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:07:47.0681 3992 FontCache3.0.0.0 - ok
11:07:47.0699 3992 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:07:47.0700 3992 FsDepends - ok
11:07:47.0718 3992 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:07:47.0718 3992 Fs_Rec - ok
11:07:47.0753 3992 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:07:47.0756 3992 fvevol - ok
11:07:47.0804 3992 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:07:47.0805 3992 gagp30kx - ok
11:07:47.0853 3992 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:07:47.0854 3992 GEARAspiWDM - ok
11:07:47.0903 3992 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:07:47.0914 3992 gpsvc - ok
11:07:47.0928 3992 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:07:47.0929 3992 hcw85cir - ok
11:07:47.0970 3992 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:07:47.0975 3992 HdAudAddService - ok
11:07:48.0009 3992 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:07:48.0011 3992 HDAudBus - ok
11:07:48.0025 3992 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:07:48.0025 3992 HidBatt - ok
11:07:48.0045 3992 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:07:48.0046 3992 HidBth - ok
11:07:48.0060 3992 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:07:48.0061 3992 HidIr - ok
11:07:48.0084 3992 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:07:48.0086 3992 hidserv - ok
11:07:48.0102 3992 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
11:07:48.0103 3992 HidUsb - ok
11:07:48.0162 3992 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:07:48.0165 3992 hkmsvc - ok
11:07:48.0198 3992 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:07:48.0203 3992 HomeGroupListener - ok
11:07:48.0222 3992 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:07:48.0226 3992 HomeGroupProvider - ok
11:07:48.0279 3992 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:07:48.0281 3992 HpSAMD - ok
11:07:48.0321 3992 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:07:48.0331 3992 HTTP - ok
11:07:48.0342 3992 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:07:48.0343 3992 hwpolicy - ok
11:07:48.0364 3992 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:07:48.0366 3992 i8042prt - ok
11:07:48.0396 3992 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:07:48.0402 3992 iaStorV - ok
11:07:48.0443 3992 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:07:48.0451 3992 idsvc - ok
11:07:48.0464 3992 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:07:48.0465 3992 iirsp - ok
11:07:48.0496 3992 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:07:48.0508 3992 IKEEXT - ok
11:07:48.0546 3992 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:07:48.0547 3992 intelide - ok
11:07:48.0565 3992 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:07:48.0567 3992 intelppm - ok
11:07:48.0582 3992 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:07:48.0585 3992 IPBusEnum - ok
11:07:48.0607 3992 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:07:48.0609 3992 IpFilterDriver - ok
11:07:48.0679 3992 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:07:48.0687 3992 iphlpsvc - ok
11:07:48.0715 3992 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:07:48.0717 3992 IPMIDRV - ok
11:07:48.0733 3992 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:07:48.0736 3992 IPNAT - ok
11:07:48.0783 3992 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
11:07:48.0796 3992 iPod Service - ok
11:07:48.0823 3992 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:07:48.0824 3992 IRENUM - ok
11:07:48.0869 3992 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:07:48.0870 3992 isapnp - ok
11:07:48.0897 3992 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:07:48.0901 3992 iScsiPrt - ok
11:07:49.0000 3992 ISODrive (9c6f3f69163133fb8e56ac4a6e163452) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
11:07:49.0001 3992 ISODrive - ok
11:07:49.0021 3992 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:07:49.0022 3992 kbdclass - ok
11:07:49.0053 3992 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:07:49.0054 3992 kbdhid - ok
11:07:49.0088 3992 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:07:49.0089 3992 KeyIso - ok
11:07:49.0120 3992 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:07:49.0122 3992 KSecDD - ok
11:07:49.0143 3992 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:07:49.0145 3992 KSecPkg - ok
11:07:49.0157 3992 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:07:49.0158 3992 ksthunk - ok
11:07:49.0183 3992 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:07:49.0190 3992 KtmRm - ok
11:07:49.0219 3992 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:07:49.0224 3992 LanmanServer - ok
11:07:49.0275 3992 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:07:49.0279 3992 LanmanWorkstation - ok
11:07:49.0307 3992 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:07:49.0308 3992 lltdio - ok
11:07:49.0331 3992 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:07:49.0337 3992 lltdsvc - ok
11:07:49.0355 3992 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:07:49.0357 3992 lmhosts - ok
11:07:49.0387 3992 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:07:49.0388 3992 LSI_FC - ok
11:07:49.0407 3992 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:07:49.0408 3992 LSI_SAS - ok
11:07:49.0426 3992 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:07:49.0427 3992 LSI_SAS2 - ok
11:07:49.0456 3992 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:07:49.0458 3992 LSI_SCSI - ok
11:07:49.0485 3992 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:07:49.0487 3992 luafv - ok
11:07:49.0510 3992 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:07:49.0513 3992 Mcx2Svc - ok
11:07:49.0532 3992 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:07:49.0533 3992 megasas - ok
11:07:49.0548 3992 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:07:49.0551 3992 MegaSR - ok
11:07:49.0597 3992 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
11:07:49.0598 3992 Microsoft Office Groove Audit Service - ok
11:07:49.0620 3992 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:07:49.0623 3992 MMCSS - ok
11:07:49.0639 3992 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:07:49.0641 3992 Modem - ok
11:07:49.0662 3992 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:07:49.0663 3992 monitor - ok
11:07:49.0683 3992 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
11:07:49.0684 3992 mouclass - ok
11:07:49.0722 3992 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:07:49.0723 3992 mouhid - ok
11:07:49.0759 3992 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:07:49.0761 3992 mountmgr - ok
11:07:49.0809 3992 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:07:49.0812 3992 mpio - ok
11:07:49.0828 3992 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:07:49.0829 3992 mpsdrv - ok
11:07:49.0873 3992 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:07:49.0885 3992 MpsSvc - ok
11:07:49.0921 3992 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:07:49.0923 3992 MRxDAV - ok
11:07:49.0952 3992 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:07:49.0955 3992 mrxsmb - ok
11:07:49.0984 3992 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:07:49.0989 3992 mrxsmb10 - ok
11:07:50.0006 3992 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:07:50.0009 3992 mrxsmb20 - ok
11:07:50.0035 3992 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:07:50.0036 3992 msahci - ok
11:07:50.0053 3992 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:07:50.0056 3992 msdsm - ok
11:07:50.0071 3992 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:07:50.0074 3992 MSDTC - ok
11:07:50.0103 3992 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:07:50.0105 3992 Msfs - ok
11:07:50.0119 3992 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:07:50.0120 3992 mshidkmdf - ok
11:07:50.0137 3992 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:07:50.0138 3992 msisadrv - ok
11:07:50.0173 3992 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:07:50.0177 3992 MSiSCSI - ok
11:07:50.0183 3992 msiserver - ok
11:07:50.0207 3992 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:07:50.0209 3992 MSKSSRV - ok
11:07:50.0232 3992 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:07:50.0233 3992 MSPCLOCK - ok
11:07:50.0244 3992 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:07:50.0245 3992 MSPQM - ok
11:07:50.0287 3992 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:07:50.0292 3992 MsRPC - ok
11:07:50.0308 3992 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:07:50.0309 3992 mssmbios - ok
11:07:50.0329 3992 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:07:50.0330 3992 MSTEE - ok
11:07:50.0353 3992 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:07:50.0354 3992 MTConfig - ok
11:07:50.0380 3992 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
11:07:50.0381 3992 MTsensor - ok
11:07:50.0428 3992 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:07:50.0429 3992 Mup - ok
11:07:50.0478 3992 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:07:50.0486 3992 napagent - ok
11:07:50.0525 3992 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:07:50.0530 3992 NativeWifiP - ok
11:07:50.0578 3992 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:07:50.0587 3992 NDIS - ok
11:07:50.0604 3992 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:07:50.0605 3992 NdisCap - ok
11:07:50.0624 3992 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:07:50.0625 3992 NdisTapi - ok
11:07:50.0681 3992 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:07:50.0687 3992 Ndisuio - ok
11:07:50.0732 3992 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:07:50.0735 3992 NdisWan - ok
11:07:50.0759 3992 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:07:50.0760 3992 NDProxy - ok
11:07:50.0799 3992 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:07:50.0800 3992 NetBIOS - ok
11:07:50.0847 3992 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:07:50.0851 3992 NetBT - ok
11:07:50.0909 3992 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:07:50.0911 3992 Netlogon - ok
11:07:50.0954 3992 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:07:50.0958 3992 Netman - ok
11:07:50.0981 3992 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:07:50.0988 3992 netprofm - ok
11:07:51.0080 3992 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:07:51.0082 3992 NetTcpPortSharing - ok
11:07:51.0112 3992 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:07:51.0113 3992 nfrd960 - ok
11:07:51.0161 3992 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:07:51.0166 3992 NlaSvc - ok
11:07:51.0174 3992 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:07:51.0175 3992 Npfs - ok
11:07:51.0191 3992 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:07:51.0193 3992 nsi - ok
11:07:51.0203 3992 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:07:51.0204 3992 nsiproxy - ok
11:07:51.0276 3992 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:07:51.0298 3992 Ntfs - ok
11:07:51.0310 3992 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:07:51.0311 3992 Null - ok
11:07:51.0351 3992 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:07:51.0354 3992 nvraid - ok
11:07:51.0366 3992 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:07:51.0369 3992 nvstor - ok
11:07:51.0391 3992 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:07:51.0393 3992 nv_agp - ok
11:07:51.0460 3992 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:07:51.0465 3992 odserv - ok
11:07:51.0491 3992 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:07:51.0493 3992 ohci1394 - ok
11:07:51.0520 3992 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:07:51.0522 3992 ose - ok
11:07:51.0556 3992 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:07:51.0562 3992 p2pimsvc - ok
11:07:51.0579 3992 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:07:51.0587 3992 p2psvc - ok
11:07:51.0621 3992 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:07:51.0622 3992 Parport - ok
11:07:51.0637 3992 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:07:51.0638 3992 partmgr - ok
11:07:51.0668 3992 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:07:51.0674 3992 PcaSvc - ok
11:07:51.0720 3992 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:07:51.0723 3992 pci - ok
11:07:51.0758 3992 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:07:51.0759 3992 pciide - ok
11:07:51.0785 3992 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:07:51.0787 3992 pcmcia - ok
11:07:51.0802 3992 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:07:51.0804 3992 pcw - ok
11:07:51.0838 3992 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:07:51.0847 3992 PEAUTH - ok
11:07:51.0895 3992 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
11:07:51.0914 3992 PeerDistSvc - ok
11:07:51.0954 3992 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:07:51.0956 3992 PerfHost - ok
11:07:52.0032 3992 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:07:52.0052 3992 pla - ok
11:07:52.0102 3992 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:07:52.0110 3992 PlugPlay - ok
11:07:52.0126 3992 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:07:52.0128 3992 PNRPAutoReg - ok
11:07:52.0140 3992 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:07:52.0144 3992 PNRPsvc - ok
11:07:52.0178 3992 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:07:52.0186 3992 PolicyAgent - ok
11:07:52.0219 3992 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:07:52.0223 3992 Power - ok
11:07:52.0257 3992 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:07:52.0259 3992 PptpMiniport - ok
11:07:52.0279 3992 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:07:52.0280 3992 Processor - ok
11:07:52.0312 3992 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:07:52.0317 3992 ProfSvc - ok
11:07:52.0358 3992 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:07:52.0359 3992 ProtectedStorage - ok
11:07:52.0413 3992 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:07:52.0415 3992 Psched - ok
11:07:52.0463 3992 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:07:52.0475 3992 ql2300 - ok
11:07:52.0489 3992 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:07:52.0490 3992 ql40xx - ok
11:07:52.0514 3992 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:07:52.0518 3992 QWAVE - ok
11:07:52.0530 3992 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:07:52.0531 3992 QWAVEdrv - ok
11:07:52.0548 3992 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:07:52.0549 3992 RasAcd - ok
11:07:52.0568 3992 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:07:52.0569 3992 RasAgileVpn - ok
11:07:52.0586 3992 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:07:52.0590 3992 RasAuto - ok
11:07:52.0622 3992 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:07:52.0625 3992 Rasl2tp - ok
11:07:52.0665 3992 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:07:52.0673 3992 RasMan - ok
11:07:52.0687 3992 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:07:52.0689 3992 RasPppoe - ok
11:07:52.0707 3992 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:07:52.0709 3992 RasSstp - ok
11:07:52.0743 3992 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:07:52.0748 3992 rdbss - ok
11:07:52.0772 3992 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:07:52.0773 3992 rdpbus - ok
11:07:52.0788 3992 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:07:52.0789 3992 RDPCDD - ok
11:07:52.0827 3992 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
11:07:52.0830 3992 RDPDR - ok
11:07:52.0849 3992 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:07:52.0850 3992 RDPENCDD - ok
11:07:52.0863 3992 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:07:52.0864 3992 RDPREFMP - ok
11:07:52.0918 3992 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:07:52.0922 3992 RDPWD - ok
11:07:52.0968 3992 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:07:52.0971 3992 rdyboost - ok
11:07:53.0016 3992 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:07:53.0019 3992 RemoteAccess - ok
11:07:53.0034 3992 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:07:53.0038 3992 RemoteRegistry - ok
11:07:53.0055 3992 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:07:53.0058 3992 RpcEptMapper - ok
11:07:53.0069 3992 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:07:53.0070 3992 RpcLocator - ok
11:07:53.0116 3992 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:07:53.0123 3992 RpcSs - ok
11:07:53.0153 3992 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:07:53.0155 3992 rspndr - ok
11:07:53.0191 3992 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:07:53.0194 3992 RTL8167 - ok
11:07:53.0230 3992 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
11:07:53.0231 3992 s3cap - ok
11:07:53.0241 3992 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:07:53.0243 3992 SamSs - ok
11:07:53.0317 3992 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
11:07:53.0318 3992 SASDIFSV - ok
11:07:53.0329 3992 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
11:07:53.0330 3992 SASKUTIL - ok
11:07:53.0360 3992 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:07:53.0363 3992 sbp2port - ok
11:07:53.0382 3992 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:07:53.0387 3992 SCardSvr - ok
11:07:53.0428 3992 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:07:53.0429 3992 scfilter - ok
11:07:53.0506 3992 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:07:53.0522 3992 Schedule - ok
11:07:53.0589 3992 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:07:53.0590 3992 SCPolicySvc - ok
11:07:53.0612 3992 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:07:53.0616 3992 SDRSVC - ok
11:07:53.0637 3992 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:07:53.0638 3992 secdrv - ok
11:07:53.0676 3992 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:07:53.0682 3992 seclogon - ok
11:07:53.0722 3992 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:07:53.0725 3992 SENS - ok
11:07:53.0749 3992 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:07:53.0752 3992 SensrSvc - ok
11:07:53.0778 3992 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:07:53.0779 3992 Serenum - ok
11:07:53.0795 3992 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:07:53.0797 3992 Serial - ok
11:07:53.0812 3992 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:07:53.0813 3992 sermouse - ok
11:07:53.0866 3992 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:07:53.0868 3992 SessionEnv - ok
11:07:53.0891 3992 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:07:53.0891 3992 sffdisk - ok
11:07:53.0907 3992 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:07:53.0908 3992 sffp_mmc - ok
11:07:53.0942 3992 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:07:53.0944 3992 sffp_sd - ok
11:07:53.0961 3992 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:07:53.0962 3992 sfloppy - ok
11:07:54.0005 3992 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:07:54.0011 3992 SharedAccess - ok
11:07:54.0065 3992 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:07:54.0072 3992 ShellHWDetection - ok
11:07:54.0107 3992 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:07:54.0108 3992 SiSRaid2 - ok
11:07:54.0128 3992 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:07:54.0129 3992 SiSRaid4 - ok
11:07:54.0149 3992 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:07:54.0151 3992 Smb - ok
11:07:54.0177 3992 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:07:54.0179 3992 SNMPTRAP - ok
11:07:54.0188 3992 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:07:54.0188 3992 spldr - ok
11:07:54.0214 3992 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:07:54.0223 3992 Spooler - ok
11:07:54.0316 3992 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:07:54.0363 3992 sppsvc - ok
11:07:54.0379 3992 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:07:54.0381 3992 sppuinotify - ok
11:07:54.0411 3992 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:07:54.0416 3992 srv - ok
11:07:54.0444 3992 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:07:54.0448 3992 srv2 - ok
11:07:54.0462 3992 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:07:54.0464 3992 srvnet - ok
11:07:54.0490 3992 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:07:54.0493 3992 SSDPSRV - ok
11:07:54.0507 3992 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:07:54.0509 3992 SstpSvc - ok
11:07:54.0571 3992 Steam Client Service - ok
11:07:54.0589 3992 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:07:54.0589 3992 stexstor - ok
11:07:54.0633 3992 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:07:54.0641 3992 stisvc - ok
11:07:54.0698 3992 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
11:07:54.0699 3992 storflt - ok
11:07:54.0721 3992 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
11:07:54.0724 3992 StorSvc - ok
11:07:54.0746 3992 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
11:07:54.0747 3992 storvsc - ok
11:07:54.0781 3992 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:07:54.0782 3992 swenum - ok
11:07:54.0820 3992 SwOffScheduler - ok
11:07:54.0826 3992 SwOffWeb - ok
11:07:54.0857 3992 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:07:54.0866 3992 swprv - ok
11:07:54.0941 3992 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:07:54.0964 3992 SysMain - ok
11:07:55.0006 3992 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:07:55.0009 3992 TabletInputService - ok
11:07:55.0049 3992 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:07:55.0055 3992 TapiSrv - ok
11:07:55.0071 3992 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:07:55.0074 3992 TBS - ok
11:07:55.0132 3992 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:07:55.0146 3992 Tcpip - ok
11:07:55.0174 3992 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:07:55.0182 3992 TCPIP6 - ok
11:07:55.0214 3992 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:07:55.0215 3992 tcpipreg - ok
11:07:55.0231 3992 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:07:55.0232 3992 TDPIPE - ok
11:07:55.0256 3992 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:07:55.0257 3992 TDTCP - ok
11:07:55.0289 3992 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:07:55.0290 3992 tdx - ok
11:07:55.0320 3992 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:07:55.0322 3992 TermDD - ok
11:07:55.0345 3992 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:07:55.0356 3992 TermService - ok
11:07:55.0373 3992 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:07:55.0376 3992 Themes - ok
11:07:55.0399 3992 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:07:55.0401 3992 THREADORDER - ok
11:07:55.0422 3992 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:07:55.0426 3992 TrkWks - ok
11:07:55.0467 3992 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:07:55.0470 3992 TrustedInstaller - ok
11:07:55.0490 3992 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:07:55.0492 3992 tssecsrv - ok
11:07:55.0509 3992 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:07:55.0511 3992 TsUsbFlt - ok
11:07:55.0578 3992 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:07:55.0580 3992 tunnel - ok
11:07:55.0600 3992 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:07:55.0601 3992 uagp35 - ok
11:07:55.0639 3992 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:07:55.0644 3992 udfs - ok
11:07:55.0672 3992 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:07:55.0675 3992 UI0Detect - ok
11:07:55.0849 3992 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:07:55.0874 3992 uliagpkx - ok
11:07:55.0925 3992 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:07:55.0926 3992 umbus - ok
11:07:55.0946 3992 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:07:55.0946 3992 UmPass - ok
11:07:55.0965 3992 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
11:07:55.0970 3992 UmRdpService - ok
11:07:55.0991 3992 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:07:55.0999 3992 upnphost - ok
11:07:56.0036 3992 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
11:07:56.0038 3992 USBAAPL64 - ok
11:07:56.0055 3992 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:07:56.0057 3992 usbccgp - ok
11:07:56.0090 3992 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:07:56.0092 3992 usbcir - ok
11:07:56.0113 3992 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:07:56.0114 3992 usbehci - ok
11:07:56.0147 3992 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:07:56.0150 3992 usbhub - ok
11:07:56.0163 3992 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:07:56.0165 3992 usbohci - ok
11:07:56.0182 3992 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:07:56.0183 3992 usbprint - ok
11:07:56.0204 3992 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
11:07:56.0206 3992 USBSTOR - ok
11:07:56.0220 3992 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:07:56.0221 3992 usbuhci - ok
11:07:56.0266 3992 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:07:56.0269 3992 UxSms - ok
11:07:56.0307 3992 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:07:56.0308 3992 VaultSvc - ok
11:07:56.0342 3992 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:07:56.0343 3992 vdrvroot - ok
11:07:56.0369 3992 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:07:56.0376 3992 vds - ok
11:07:56.0402 3992 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:07:56.0403 3992 vga - ok
11:07:56.0423 3992 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:07:56.0424 3992 VgaSave - ok
11:07:56.0452 3992 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:07:56.0456 3992 vhdmp - ok
11:07:56.0486 3992 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:07:56.0487 3992 viaide - ok
11:07:56.0504 3992 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
11:07:56.0507 3992 vmbus - ok
11:07:56.0523 3992 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
11:07:56.0525 3992 VMBusHID - ok
11:07:56.0561 3992 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:07:56.0563 3992 volmgr - ok
11:07:56.0582 3992 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:07:56.0585 3992 volmgrx - ok
11:07:56.0633 3992 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:07:56.0637 3992 volsnap - ok
11:07:56.0663 3992 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:07:56.0665 3992 vsmraid - ok
11:07:56.0721 3992 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:07:56.0745 3992 VSS - ok
11:07:56.0768 3992 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:07:56.0769 3992 vwifibus - ok
11:07:56.0789 3992 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:07:56.0797 3992 W32Time - ok
11:07:56.0815 3992 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:07:56.0816 3992 WacomPen - ok
11:07:56.0849 3992 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:07:56.0851 3992 WANARP - ok
11:07:56.0856 3992 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:07:56.0858 3992 Wanarpv6 - ok
11:07:56.0914 3992 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:07:56.0926 3992 WatAdminSvc - ok
11:07:56.0985 3992 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:07:57.0001 3992 wbengine - ok
11:07:57.0017 3992 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:07:57.0020 3992 WbioSrvc - ok
11:07:57.0064 3992 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:07:57.0071 3992 wcncsvc - ok
11:07:57.0088 3992 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:07:57.0091 3992 WcsPlugInService - ok
11:07:57.0114 3992 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:07:57.0115 3992 Wd - ok
11:07:57.0142 3992 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:07:57.0148 3992 Wdf01000 - ok
11:07:57.0166 3992 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:07:57.0168 3992 WdiServiceHost - ok
11:07:57.0172 3992 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:07:57.0174 3992 WdiSystemHost - ok
11:07:57.0217 3992 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:07:57.0223 3992 WebClient - ok
11:07:57.0255 3992 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:07:57.0261 3992 Wecsvc - ok
11:07:57.0279 3992 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:07:57.0282 3992 wercplsupport - ok
11:07:57.0315 3992 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:07:57.0319 3992 WerSvc - ok
11:07:57.0339 3992 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:07:57.0340 3992 WfpLwf - ok
11:07:57.0361 3992 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:07:57.0362 3992 WIMMount - ok
11:07:57.0426 3992 WinDefend - ok
11:07:57.0435 3992 WinHttpAutoProxySvc - ok
11:07:57.0490 3992 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:07:57.0494 3992 Winmgmt - ok
11:07:57.0545 3992 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:07:57.0573 3992 WinRM - ok
11:07:57.0627 3992 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:07:57.0628 3992 WinUsb - ok
11:07:57.0667 3992 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:07:57.0681 3992 Wlansvc - ok
11:07:57.0707 3992 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:07:57.0708 3992 WmiAcpi - ok
11:07:57.0733 3992 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:07:57.0736 3992 wmiApSrv - ok
11:07:57.0740 3992 WMPNetworkSvc - ok
11:07:57.0759 3992 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:07:57.0762 3992 WPCSvc - ok
11:07:57.0777 3992 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:07:57.0781 3992 WPDBusEnum - ok
11:07:57.0809 3992 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:07:57.0810 3992 ws2ifsl - ok
11:07:57.0827 3992 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:07:57.0830 3992 wscsvc - ok
11:07:57.0837 3992 WSearch - ok
11:07:57.0894 3992 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:07:57.0920 3992 wuauserv - ok
11:07:57.0990 3992 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:07:57.0992 3992 WudfPf - ok
11:07:58.0009 3992 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:07:58.0012 3992 WUDFRd - ok
11:07:58.0053 3992 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:07:58.0057 3992 wudfsvc - ok
11:07:58.0076 3992 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:07:58.0082 3992 WwanSvc - ok
11:07:58.0103 3992 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
11:07:58.0252 3992 \Device\Harddisk1\DR1 - ok
11:07:58.0261 3992 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:07:58.0316 3992 \Device\Harddisk0\DR0 - ok
11:07:58.0331 3992 Boot (0x1200) (9f043a9d02b2010cac857cd158111af8) \Device\Harddisk1\DR1\Partition0
11:07:58.0333 3992 \Device\Harddisk1\DR1\Partition0 - ok
11:07:58.0338 3992 Boot (0x1200) (22778784c7917feec1ea85e335cf5f63) \Device\Harddisk0\DR0\Partition0
11:07:58.0339 3992 \Device\Harddisk0\DR0\Partition0 - ok
11:07:58.0356 3992 Boot (0x1200) (d311d841153c91982ae231cb96c91ed9) \Device\Harddisk0\DR0\Partition1
11:07:58.0357 3992 \Device\Harddisk0\DR0\Partition1 - ok
11:07:58.0358 3992 ============================================================
11:07:58.0358 3992 Scan finished
11:07:58.0358 3992 ============================================================
11:07:58.0372 5096 Detected object count: 0
11:07:58.0372 5096 Actual detected object count: 0

Here is aswMBR.

Thank you

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-31 11:09:32
-----------------------------
11:09:32.913 OS Version: Windows x64 6.1.7601 Service Pack 1
11:09:32.913 Number of processors: 8 586 0x1E05
11:09:32.914 ComputerName: DJ-PC UserName: Danny
11:09:33.763 Initialize success
11:10:16.307 AVAST engine defs: 12033100
11:10:29.266 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-6
11:10:29.269 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ100E4 Size: 953869MB BusType: 3
11:10:29.273 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-9
11:10:29.276 Disk 1 Vendor: Maxtor_6L300R0 BAH41G10 Size: 286168MB BusType: 3
11:10:29.286 Disk 0 MBR read successfully
11:10:29.290 Disk 0 MBR scan
11:10:29.296 Disk 0 Windows 7 default MBR code
11:10:29.308 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:10:29.323 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
11:10:29.333 Disk 0 scanning C:\Windows\system32\drivers
11:10:37.135 Service scanning
11:10:52.012 Modules scanning
11:10:52.023 Disk 0 trace - called modules:
11:10:52.037 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
11:10:52.044 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004db0790]
11:10:52.051 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8004b64670]
11:10:52.058 5 ACPI.sys[fffff88000f117a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-6[0xfffffa8004bc4680]
11:10:53.044 AVAST engine scan C:\Windows
11:10:55.683 AVAST engine scan C:\Windows\system32
11:13:05.974 AVAST engine scan C:\Windows\system32\drivers
11:13:14.613 AVAST engine scan C:\Users\Danny
11:15:15.182 AVAST engine scan C:\ProgramData
11:16:23.587 Scan finished successfully
11:16:46.371 Disk 0 MBR has been saved successfully to "C:\Users\Danny\Desktop\MBR.dat"
11:16:46.378 The log file has been saved successfully to "C:\Users\Danny\Desktop\aswMBR.txt"

Edited by kadjk, 31 March 2012 - 10:20 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:22 AM

Posted 31 March 2012 - 10:44 AM

Greetings

In which browsers does the redirect happen or does it happen in all browsers?


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 kadjk

kadjk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 31 March 2012 - 11:02 AM

Helloo

Whatever it was, it seems to have cleared up now, I think. I only used firefox so I'm not sure on other browsers.

I really do appreciate your help!

Thank you!


ComboFix 12-03-30.06 - Danny 1/2012 Sat 11:49:56.4.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.949.82.1033.18.4087.2300 [GMT -4:00]
Running from: c:\users\Danny\Desktop\ComboFix.exe
Command switches used :: c:\users\Danny\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
Error: Cfiles.dat
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-31 )))))))))))))))))))))))))))))))
.
.
2012-03-31 15:53 . 2012-03-31 15:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-29 12:18 . 2012-03-29 12:18 -------- d-----w- C:\$AVG
2012-03-23 10:02 . 2012-03-23 10:02 -------- d-----w- c:\program files (x86)\MegaDev
2012-03-23 09:48 . 2012-03-30 12:16 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-23 01:18 . 2012-03-25 21:06 -------- d-----w- c:\users\Danny\AppData\Roaming\Might & Magic Heroes VI
2012-03-23 00:37 . 2012-03-23 00:37 -------- d-----w- c:\program files\7-Zip
2012-03-23 00:21 . 2008-03-05 20:04 489480 ----a-w- c:\windows\system32\XAudio2_0.dll
2012-03-23 00:10 . 2012-03-23 00:19 -------- d-----w- c:\program files (x86)\Ubisoft
2012-03-23 00:04 . 2012-03-23 00:04 -------- d-----w- c:\program files (x86)\UltraISO
2012-03-23 00:04 . 2012-03-23 00:04 -------- d-----w- c:\program files (x86)\Common Files\EZB Systems
2012-03-22 22:54 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2012-03-22 22:54 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2012-03-22 22:54 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
2012-03-22 22:54 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
2012-03-22 22:54 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-03-22 22:54 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
2012-03-22 22:54 . 2012-03-22 22:54 -------- d-----w- c:\program files (x86)\Xvid
2012-03-22 22:43 . 2012-03-22 22:43 -------- d-----w- C:\AVI Info
2012-03-22 22:43 . 2012-03-22 22:43 249856 ------w- c:\windows\Setup1.exe
2012-03-22 22:43 . 2012-03-22 22:43 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-03-22 22:42 . 2012-03-22 22:42 -------- d-----w- c:\users\Danny\AppData\Roaming\Syntrillium
2012-03-14 21:56 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 21:56 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 21:56 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 17:18 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 17:18 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 17:18 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 12:56 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 12:56 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 12:56 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 12:56 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 12:56 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 12:56 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 12:56 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 14:14 . 2012-03-01 14:14 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-01 14:14 . 2012-03-01 14:14 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-01 14:14 . 2012-03-01 14:14 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-01 14:14 . 2012-03-01 14:14 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-01 14:14 . 2012-03-01 14:14 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-01 14:14 . 2012-03-01 14:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-01 14:14 . 2012-03-01 14:14 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-01 14:14 . 2012-03-01 14:14 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-03-01 14:14 . 2012-03-01 14:14 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-01 14:14 . 2012-03-01 14:14 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-03-01 14:14 . 2012-03-01 14:14 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-01 14:14 . 2012-03-01 14:14 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-03-01 14:14 . 2012-03-01 14:14 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-01 14:14 . 2012-03-01 14:14 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-01 14:14 . 2012-03-01 14:14 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-01 14:14 . 2012-03-01 14:14 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-01 14:14 . 2012-03-01 14:14 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-03-01 14:14 . 2012-03-01 14:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-01 14:14 . 2012-03-01 14:14 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-01 14:14 . 2012-03-01 14:14 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-03-01 14:14 . 2012-03-01 14:14 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-01 14:14 . 2012-03-01 14:14 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-01 14:14 . 2012-03-01 14:14 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-01 14:14 . 2012-03-01 14:14 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-01 14:14 . 2012-03-01 14:14 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-01 14:14 . 2012-03-01 14:14 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 14:14 . 2012-03-01 14:14 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-01 14:14 . 2012-03-01 14:14 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-01 14:14 . 2012-03-01 14:14 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-01 14:14 . 2012-03-01 14:14 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-01 14:14 . 2012-03-01 14:14 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-01 14:14 . 2012-03-01 14:14 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-01 14:14 . 2012-03-01 14:14 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-01 14:14 . 2012-03-01 14:14 448512 ----a-w- c:\windows\system32\html.iec
2012-03-01 14:14 . 2012-03-01 14:14 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-01 14:14 . 2012-03-01 14:14 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-01 14:14 . 2012-03-01 14:14 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-01 14:14 . 2012-03-01 14:14 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 14:14 . 2012-03-01 14:14 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-01 14:14 . 2012-03-01 14:14 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-01 14:14 . 2012-03-01 14:14 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-01 14:14 . 2012-03-01 14:14 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-26 06:13 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-02-26 06:13 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-02-26 05:58 . 2012-01-12 03:12 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-14 19:51 . 2012-02-14 19:51 57344 ----a-w- c:\windows\SSEUninstaller.exe
2012-02-14 19:51 . 2012-02-14 19:51 32768 ----a-w- c:\windows\SysWow64\ShellLnkSSE.dll
2012-02-14 19:51 . 2012-02-14 19:51 44544 ----a-w- c:\windows\SysWow64\Gif89.dll
2012-01-12 03:12 . 2012-01-12 03:13 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-04 10:44 . 2012-02-16 13:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 13:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-30_14.55.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-12 03:17 . 2012-03-31 14:19 38166 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-31 14:19 30244 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-12 02:58 . 2012-03-31 14:19 10968 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3150816244-4210488078-4119504859-1000_UserData.bin
+ 2012-01-12 05:48 . 2012-03-31 15:46 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-01-12 05:48 . 2012-03-26 18:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-12 05:48 . 2012-03-31 15:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-01-12 05:48 . 2012-03-26 18:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-31 15:46 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-26 18:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-30 14:54 . 2012-03-30 14:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-31 15:55 . 2012-03-31 15:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-31 15:55 . 2012-03-31 15:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-30 14:54 . 2012-03-30 14:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-03-30 14:28 615810 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-31 14:22 615810 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-31 14:22 106190 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-30 14:28 106190 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-03-31 15:53 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-30 14:53 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-31 15:54 . 2012-03-31 15:54 550768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3150816244-4210488078-4119504859-1000-4096.dat
- 2012-01-12 03:14 . 2012-03-30 14:53 1392880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-01-12 03:14 . 2012-03-31 15:53 1392880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-01-12 03:14 . 2012-03-31 15:53 42798252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3150816244-4210488078-4119504859-1000-8192.dat
- 2012-01-12 03:14 . 2012-03-30 14:53 42798252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3150816244-4210488078-4119504859-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Danny\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\Airytec\Switch Off\swoff.exe [2011-05-28 173056]
R2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\Airytec\Switch Off\swoff.exe [2011-05-28 173056]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\un1tukvc.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-03-31 11:58:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-31 15:58
ComboFix2.txt 2012-03-31 14:16
ComboFix3.txt 2012-03-30 14:58
.
Pre-Run: 148,877,770,752 bytes free
Post-Run: 148,901,937,152 bytes free
.
- - End Of File - - CF376F2EB26759C64490D187350D6A21

Edited by kadjk, 31 March 2012 - 11:04 AM.


#8 kadjk

kadjk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 31 March 2012 - 11:10 AM

Hello,


Nevermind, it looked like it cleared up, but it just happened again. =(

I'm trying it on IE but I'm not sure if its happening or not. It doesn't happen to every link, just randomly happens even on firefox.

Thanks

Edited by kadjk, 31 March 2012 - 11:12 AM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:22 AM

Posted 31 March 2012 - 12:02 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

FrostWire 5.2.11
Java™ 6 Update 30
¥ìTorrent
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 kadjk

kadjk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 31 March 2012 - 06:37 PM

Hello again,

I did the malwarebyte and it found nothing.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.30.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Danny :: DJ-PC [administrator]

3/31/2012 5:34:20 PM
mbam-log-2012-03-31 (17-34-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194574
Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



This is the hijackthis one.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:36:49 PM, on 3/31/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\Danny\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [googletalk] C:\Users\Danny\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Airytec Switch Off - Task Scheduler (SwOffScheduler) - Airytec - C:\Program Files\Airytec\Switch Off\swoff.exe
O23 - Service: Airytec Switch Off - Web Interface (SwOffWeb) - Airytec - C:\Program Files\Airytec\Switch Off\swoff.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8193 bytes


Thanks!!

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:22 AM

Posted 31 March 2012 - 08:20 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [googletalk] C:\Users\Danny\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 kadjk

kadjk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 01 April 2012 - 07:41 AM

Hello

I ran hijackthis and "fixed" the problems you mentioned except I left in a few programs I'd like to start at the beginning (gchat and winamp.

I then ran the "Eset scanner" and it found something on my brothers old drive that was put into the computer without being formatted.

"D:\Documents and Settings\AJ\My Documents\AIM\subak4u\VirtumundoBeGone.exe Win32/PrcView application"

Otherwise, it found nothing else

I think it is working fine now. I will test some more and get back to you.

Thanks

Edited by kadjk, 01 April 2012 - 07:43 AM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:22 AM

Posted 01 April 2012 - 12:19 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "D:\Documents and Settings\AJ\My Documents\AIM\subak4u\VirtumundoBeGone.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.



:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 kadjk

kadjk
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 01 April 2012 - 03:31 PM

Hey Mr. Gringo,

I ran through everything you mentioned. I believe everything is looking good.

I appreciate your help and taking the time to go through everything with me.

Thank you so very much!

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:22 AM

Posted 01 April 2012 - 05:06 PM

You are more than welcome


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users